Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Dropper.Generic2.CFAL


  • This topic is locked This topic is locked

#1
BlueAtmosphere

BlueAtmosphere

    New Member

  • Member
  • Pip
  • 3 posts
Hey Geeks to go,

A couple of days ago AVG detected a trojan on my system named Dropper.Generic2.CFAL. The file is white listed so AVG could not do anything about it (c:\Windows\System32\autochk.exe). I found a few topics about Dropper.Generic2, but the solution seemed to be different every time.

The process using the file is mostly firefox, but OTL used it as well.

As can see from my log I do have P2P software, but I do not use it much and have not used it for a while. It is unlikely that I got the infection in that way.

Thank you for looking into my problem.

OTL log:

OTL logfile created on: 13-12-2010 13:34:03 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Robert\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 93,46 Gb Free Space | 41,93% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,73 Gb Free Space | 19,22% Space Free | Partition Type: NTFS
Drive F: | 1015,00 Mb Total Space | 990,37 Mb Free Space | 97,57% Space Free | Partition Type: FAT32

Computer Name: ROBERT-LAPTOPTU | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Users\Robert\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Robert\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Windows\snuvcdsm.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - c:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)


========== Modules (SafeList) ==========

MOD - c:\Users\Robert\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
MOD - c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ASBroker) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (ATService) -- c:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\windows\System32\DRIVERS\ipinip.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AvgTdiX) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (iaStor) -- C:\windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-12-03 17:03:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-10 15:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-10 15:48:23 | 000,000,000 | ---D | M]

[2009-09-10 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2010-12-12 11:24:30 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions
[2010-10-04 19:41:56 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010-11-13 18:29:33 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010-11-26 16:36:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009-11-30 17:20:42 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-11-15 19:05:41 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010-08-31 01:18:34 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010-12-10 10:11:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-10-20 09:03:58 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-12-28 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-12-10 10:11:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-10-04 19:41:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-12-01 11:07:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-02-10 18:12:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-06-20 10:38:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-06-20 10:38:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-04-28 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-09-28 09:41:15 | 000,001,994 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\searchplugins\wikitudelftnl.xml
[2010-12-12 11:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-30 15:19:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-06-30 13:21:02 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-06-30 13:21:02 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-06-30 13:21:02 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-06-30 13:21:02 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-06-30 13:21:02 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Robert\Local Settings\Apps\F.lux\flux.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Robert\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Robert\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{370a87d4-b264-11de-8c43-00247ea3f878}\Shell\AutoRun\command - "" = I:\Run.exe -- File not found
O33 - MountPoints2\{370a87d4-b264-11de-8c43-00247ea3f878}\Shell\explore\Command - "" = I:\Run.exe -- File not found
O33 - MountPoints2\{370a87d4-b264-11de-8c43-00247ea3f878}\Shell\open\Command - "" = I:\Run.exe -- File not found
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell - "" = AutoRun
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell\directx\command - "" = G:\DirectX\dxsetup.exe -- File not found
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell\setup\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{96a8a6fd-72eb-11df-99c8-00247ea3f878}\Shell\AutoRun\command - "" = H:\Run.exe -- File not found
O33 - MountPoints2\{96a8a6fd-72eb-11df-99c8-00247ea3f878}\Shell\explore\Command - "" = H:\Run.exe -- File not found
O33 - MountPoints2\{96a8a6fd-72eb-11df-99c8-00247ea3f878}\Shell\open\Command - "" = H:\Run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-12-12 22:09:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Trojan
[2010-12-03 17:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-12-03 16:28:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Hewlett-Packard
[2010-12-02 20:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Battle Dex
[2010-11-30 11:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-11-30 11:47:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Tableau Repository
[2010-11-30 11:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-11-30 11:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tableau
[2009-09-10 13:47:28 | 000,186,928 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009-09-10 13:47:27 | 000,195,120 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-12-13 13:34:59 | 000,000,420 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{8D066E6D-494C-467A-A17F-FD556C386F86}.job
[2010-12-13 13:30:16 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-12-13 13:30:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010-12-13 13:30:08 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-12-13 13:30:08 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-12-13 13:30:07 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010-12-12 23:35:45 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-12-12 08:47:46 | 068,834,394 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010-12-12 03:46:00 | 000,000,452 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (SD).job
[2010-12-10 23:12:56 | 000,625,582 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010-12-10 23:12:56 | 000,117,144 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010-12-10 23:05:22 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010-12-10 23:05:22 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
[2010-12-10 23:04:50 | 3181,694,976 | -HS- | M] () -- C:\hiberfil.sys
[2010-12-10 09:02:08 | 000,000,680 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2010-12-10 00:44:37 | 088,638,302 | ---- | M] () -- C:\Users\Robert\Documents\SotG - 12.05.10.mp3
[2010-12-04 12:11:02 | 000,307,152 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010-12-04 12:07:56 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010-12-03 17:19:31 | 000,688,734 | ---- | M] () -- C:\Users\Robert\Documents\Material Choice.docx
[2010-11-26 14:49:25 | 000,490,095 | ---- | M] () -- C:\Users\Robert\Documents\Material Choice.pdf
[2010-11-25 09:30:59 | 092,229,353 | ---- | M] () -- C:\Users\Robert\Documents\SotG - 11.23.10.mp3
[2010-11-16 12:04:48 | 000,021,143 | ---- | M] () -- C:\Users\Robert\Documents\Delta design game groups.pdf
[2010-11-14 12:09:27 | 000,015,872 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-12-10 00:39:47 | 088,638,302 | ---- | C] () -- C:\Users\Robert\Documents\SotG - 12.05.10.mp3
[2010-12-03 16:35:01 | 000,001,904 | ---- | C] () -- C:\windows\System32\SetupBD.din
[2010-12-03 16:32:57 | 000,002,823 | ---- | C] () -- C:\windows\System32\e1y6032.din
[2010-11-26 14:49:23 | 000,490,095 | ---- | C] () -- C:\Users\Robert\Documents\Material Choice.pdf
[2010-11-26 00:03:44 | 000,688,734 | ---- | C] () -- C:\Users\Robert\Documents\Material Choice.docx
[2010-11-25 09:25:50 | 092,229,353 | ---- | C] () -- C:\Users\Robert\Documents\SotG - 11.23.10.mp3
[2010-11-16 12:04:48 | 000,021,143 | ---- | C] () -- C:\Users\Robert\Documents\Delta design game groups.pdf
[2010-08-01 12:28:10 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2010-03-09 12:54:34 | 000,212,992 | ---- | C] () -- C:\windows\System32\WMIMPLEX.dll
[2010-03-09 12:54:34 | 000,031,232 | ---- | C] () -- C:\windows\System32\maplec.dll
[2010-03-09 12:54:34 | 000,020,480 | ---- | C] () -- C:\windows\System32\maplecompat.dll
[2010-02-22 17:57:38 | 000,014,308 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\ReplayMusicLog.log
[2010-01-18 01:41:51 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\FnF4.txt
[2009-12-18 21:33:44 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2009-11-17 11:25:21 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2009-11-17 11:22:47 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009-09-15 19:56:33 | 000,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-09-15 15:44:44 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009-09-15 15:29:47 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-09-11 10:05:13 | 000,000,072 | ---- | C] () -- C:\windows\ricdb.ini
[2009-09-10 14:57:57 | 000,015,872 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-10 13:55:35 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\QSwitch.txt
[2009-09-10 13:55:35 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\DSwitch.txt
[2009-09-10 13:55:35 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\AtStart.txt
[2009-09-10 13:47:27 | 001,805,872 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009-09-10 13:47:27 | 000,034,096 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008-07-11 22:50:18 | 000,109,184 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006-05-20 03:39:58 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2006-03-09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005-04-03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998-05-07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2010-09-25 13:47:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.minecraft
[2010-02-17 21:42:46 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Broken Rules
[2009-09-15 15:05:00 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Design Science
[2010-10-25 15:28:42 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Dropbox
[2010-04-14 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ImgBurn
[2010-06-02 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LolClient
[2010-03-09 12:58:54 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Maple
[2010-08-19 17:55:36 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Octoshape
[2010-10-05 09:31:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SmartDraw
[2010-02-10 01:46:05 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SmartDraw Image Plugin
[2010-05-22 14:00:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SystemRequirementsLab
[2010-05-02 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TS3Client
[2010-10-27 22:58:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\uTorrent
[2010-12-04 12:07:59 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010-12-12 03:46:00 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job
[2010-12-13 13:34:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8D066E6D-494C-467A-A17F-FD556C386F86}.job

========== Purity Check ==========



< End of report >

Edited by BlueAtmosphere, 13 December 2010 - 06:52 AM.

  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, BlueAtmosphere! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :D

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

  • I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay. I'm currently reviewing your logs.
  • 0

#3
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please, follow the steps below:

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    PRC - C:\Users\Robert\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [F.lux] C:\Users\Robert\Local Settings\Apps\F.lux\flux.exe ()

    :Files
    C:\Users\Robert\Local Settings\Apps\F.lux

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Posted Image OTL Default Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Click on the Browse button near "Suspicious files to scan" box on the top of the page and navigate to the file below:
    • c:\Windows\System32\autochk.exe
  • Click on Open and then on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

When completed the above, please post back the following in the order asked for:
  • How is you computer running now?
  • Any further problems encountered?
  • OTL fix log
  • OTL.txt and Extras.txt logs
  • VirSCAN results

  • 0

#4
BlueAtmosphere

BlueAtmosphere

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hey Render,

Thank you for the quick replies. AVG hasn't reported a trojan in last couple of minutes, if it does again I'll let you know. I have not encountered any other warnings so far. Unfortunately the 'copy to clipboard' button from virscan.org doesn't work.

Here are my logs:

OTL fix log:

All processes killed
========== OTL ==========
No active process named flux.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F.lux deleted successfully.
C:\Users\Robert\Local Settings\Apps\F.lux\flux.exe moved successfully.
========== FILES ==========
C:\Users\Robert\Local Settings\Apps\F.lux\update folder moved successfully.
C:\Users\Robert\Local Settings\Apps\F.lux\runtime folder moved successfully.
C:\Users\Robert\Local Settings\Apps\F.lux folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Temp folder emptied: 5594551 bytes
->Temporary Internet Files folder emptied: 35641404 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93255751 bytes
->Flash cache emptied: 1128979 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8191524 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6949917 bytes

Total Files Cleaned = 144,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.17.3 log created on 12142010_090314

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Scan log:

OTL logfile created on: 14-12-2010 9:23:08 - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Robert\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 93,41 Gb Free Space | 41,91% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,73 Gb Free Space | 19,22% Space Free | Partition Type: NTFS
Drive F: | 1015,00 Mb Total Space | 990,37 Mb Free Space | 97,57% Space Free | Partition Type: FAT32

Computer Name: ROBERT-LAPTOPTU | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-12-09 19:42:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Robert\Downloads\OTL.exe
PRC - [2010-11-25 09:25:58 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010-11-25 09:25:08 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010-09-23 09:00:52 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010-08-01 12:30:43 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010-07-18 18:16:58 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010-07-18 18:16:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010-07-18 18:16:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010-04-30 05:52:54 | 003,795,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009-07-01 09:45:44 | 000,027,184 | ---- | M] () -- C:\Windows\snuvcdsm.exe
PRC - [2009-05-19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-07-11 22:49:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008-07-09 02:29:16 | 000,238,896 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008-07-09 02:18:32 | 000,019,968 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008-06-20 16:37:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-06-20 16:37:24 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008-06-19 12:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008-06-19 12:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008-06-18 13:10:02 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008-06-12 20:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- c:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008-05-29 16:45:50 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008-05-20 08:05:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008-04-17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008-04-17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008-04-04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008-01-21 03:24:16 | 000,117,248 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE
PRC - [2007-12-11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007-05-16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007-05-16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007-05-16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe


========== Modules (SafeList) ==========

MOD - [2010-12-09 19:42:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Robert\Downloads\OTL.exe
MOD - [2010-09-20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010-08-31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010-07-18 18:16:58 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009-12-09 02:19:44 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
MOD - [2009-04-29 02:13:20 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\msvcp71.dll
MOD - [2008-08-28 04:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008-06-19 12:17:16 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll
MOD - [2008-06-19 12:10:46 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008-06-18 13:05:38 | 000,080,656 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll
MOD - [2008-06-18 13:05:18 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008-03-04 01:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\msvcr71.dll
MOD - [2008-01-21 03:25:27 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008-01-21 03:25:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008-01-21 03:25:21 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008-01-21 03:25:06 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008-01-21 03:25:02 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008-01-21 03:24:32 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2008-01-21 03:24:18 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008-01-21 03:24:14 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-11-30 11:47:22 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-08-01 12:30:43 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010-07-18 18:16:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-04-30 05:52:54 | 003,795,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009-05-19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008-07-11 22:49:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008-07-09 02:18:32 | 000,019,968 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008-06-20 16:37:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008-06-18 13:05:28 | 000,126,736 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008-06-18 13:05:24 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008-06-12 20:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008-05-20 08:05:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008-04-17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-01-21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007-05-16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010-10-02 13:18:00 | 010,361,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-07-18 18:16:59 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010-07-18 18:16:52 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010-06-03 19:07:21 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009-11-17 11:22:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-08-04 15:49:56 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009-07-01 09:45:34 | 001,805,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008-07-11 22:50:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008-07-11 22:50:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008-07-11 22:50:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008-07-11 22:50:18 | 000,109,184 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008-06-24 16:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008-06-23 12:54:08 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008-06-23 12:54:08 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008-06-23 12:54:08 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008-06-12 22:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008-06-11 03:51:14 | 000,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008-05-27 14:52:30 | 000,382,976 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008-04-28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008-04-14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008-04-07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008-04-07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008-03-27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-02-29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008-01-21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-21 03:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008-01-21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008-01-21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-21 03:23:46 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-01-21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-21 03:23:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008-01-21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007-07-30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-07-30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-06-19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-12-20 02:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005-02-23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-12-03 17:03:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-10 15:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-10 15:48:23 | 000,000,000 | ---D | M]

[2009-09-10 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2010-12-13 13:40:11 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions
[2010-10-04 19:41:56 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010-11-13 18:29:33 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010-11-26 16:36:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009-11-30 17:20:42 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-11-15 19:05:41 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010-08-31 01:18:34 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010-12-10 10:11:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-10-20 09:03:58 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-12-28 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-12-10 10:11:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-10-04 19:41:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-12-01 11:07:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-02-10 18:12:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-06-20 10:38:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-06-20 10:38:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-04-28 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\extensions\[email protected]
[2010-09-28 09:41:15 | 000,001,994 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\searchplugins\wikitudelftnl.xml
[2010-12-13 13:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-30 15:19:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-06-30 13:21:02 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-06-30 13:21:02 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-06-30 13:21:02 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-06-30 13:21:02 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-06-30 13:21:02 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2010-12-14 09:03:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Robert\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Robert\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{370a87d4-b264-11de-8c43-00247ea3f878}\Shell\AutoRun\command - "" = I:\Run.exe -- File not found
O33 - MountPoints2\{370a87d4-b264-11de-8c43-00247ea3f878}\Shell\explore\Command - "" = I:\Run.exe -- File not found
O33 - MountPoints2\{370a87d4-b264-11de-8c43-00247ea3f878}\Shell\open\Command - "" = I:\Run.exe -- File not found
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell - "" = AutoRun
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell\directx\command - "" = G:\DirectX\dxsetup.exe -- File not found
O33 - MountPoints2\{5006dfa9-d363-11de-9474-00247ea3f878}\Shell\setup\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{96a8a6fd-72eb-11df-99c8-00247ea3f878}\Shell\AutoRun\command - "" = H:\Run.exe -- File not found
O33 - MountPoints2\{96a8a6fd-72eb-11df-99c8-00247ea3f878}\Shell\explore\Command - "" = H:\Run.exe -- File not found
O33 - MountPoints2\{96a8a6fd-72eb-11df-99c8-00247ea3f878}\Shell\open\Command - "" = H:\Run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

MsConfig - StartUpFolder: C:^Users^Robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe - ()
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {077DF786-65C2-D2ED-94C4-6556AC9D0683} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2B8B0692-BF3D-D5EF-F18F-2305B9E15FA0} -
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5ABB434E-FD89-66DA-D29D-E6DB281D0CA5} - Themes Setup
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} -
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010-12-14 09:03:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-12-12 22:09:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Trojan
[2010-12-04 11:48:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2010-12-03 17:30:15 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2010-12-03 17:30:15 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2010-12-03 17:30:15 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2010-12-03 17:28:05 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshhttp.dll
[2010-12-03 17:28:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll
[2010-12-03 17:26:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshsq.dll
[2010-12-03 17:21:45 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2010-12-03 17:21:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2010-12-03 17:21:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\windows\System32\GameUXLegacyGDFs.dll
[2010-12-03 17:21:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Apphlpdm.dll
[2010-12-03 17:21:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010-12-03 17:20:56 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2010-12-03 17:20:56 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2010-12-03 17:20:54 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2010-12-03 17:20:54 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2010-12-03 17:20:54 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2010-12-03 17:20:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2010-12-03 17:20:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2010-12-03 17:20:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2010-12-03 17:20:52 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2010-12-03 17:20:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2010-12-03 17:20:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2010-12-03 17:20:27 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010-12-03 17:20:27 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010-12-03 17:20:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2010-12-03 17:20:22 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2010-12-03 17:20:20 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010-12-03 17:20:19 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2010-12-03 17:20:17 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2010-12-03 17:20:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2010-12-03 17:20:14 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MP4SDECD.DLL
[2010-12-03 17:18:42 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2010-12-03 17:18:39 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010-12-03 17:18:39 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010-12-03 17:18:39 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010-12-03 17:18:39 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2010-12-03 17:18:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2010-12-03 17:18:39 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010-12-03 17:18:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2010-12-03 17:18:38 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010-12-03 17:18:38 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010-12-03 17:18:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieencode.dll
[2010-12-03 17:18:38 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010-12-03 17:18:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2010-12-03 17:18:23 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010-12-03 17:18:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2010-12-03 17:18:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010-12-03 17:18:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dciman32.dll
[2010-12-03 17:17:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\l3codeca.acm
[2010-12-03 17:16:08 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2010-12-03 17:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-12-03 16:34:58 | 000,252,544 | ---- | C] (Intel Corporation) -- C:\windows\System32\PROUnstl.exe
[2010-12-03 16:32:57 | 000,220,152 | ---- | C] (Intel Corporation) -- C:\windows\System32\drivers\e1y6032.sys
[2010-12-03 16:32:57 | 000,061,048 | ---- | C] (Intel Corporation) -- C:\windows\System32\NicInstY.dll
[2010-12-03 16:28:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Hewlett-Packard
[2010-12-02 20:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Battle Dex
[2010-11-30 11:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-11-30 11:47:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Tableau Repository
[2010-11-30 11:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-11-30 11:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tableau
[2009-09-10 13:47:28 | 000,186,928 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009-09-10 13:47:27 | 000,195,120 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010-12-14 09:25:00 | 000,000,420 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{8D066E6D-494C-467A-A17F-FD556C386F86}.job
[2010-12-14 09:23:41 | 000,625,582 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010-12-14 09:23:41 | 000,117,144 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010-12-14 09:20:11 | 000,000,452 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (SD).job
[2010-12-14 09:19:01 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-12-14 09:18:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010-12-14 09:18:54 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010-12-14 09:05:33 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-12-14 09:05:11 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010-12-14 09:05:11 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
[2010-12-14 09:05:10 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-12-14 09:05:09 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-12-14 09:04:58 | 3183,755,264 | -HS- | M] () -- C:\hiberfil.sys
[2010-12-14 09:03:45 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010-12-14 09:03:16 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2010-12-13 13:36:01 | 068,893,349 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010-12-10 09:02:08 | 000,000,680 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2010-12-10 00:44:37 | 088,638,302 | ---- | M] () -- C:\Users\Robert\Documents\SotG - 12.05.10.mp3
[2010-12-04 12:11:02 | 000,307,152 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010-12-03 17:19:31 | 000,688,734 | ---- | M] () -- C:\Users\Robert\Documents\Material Choice.docx
[2010-11-26 14:49:25 | 000,490,095 | ---- | M] () -- C:\Users\Robert\Documents\Material Choice.pdf
[2010-11-25 09:30:59 | 092,229,353 | ---- | M] () -- C:\Users\Robert\Documents\SotG - 11.23.10.mp3
[2010-11-16 12:04:48 | 000,021,143 | ---- | M] () -- C:\Users\Robert\Documents\Delta design game groups.pdf
[2010-11-14 12:09:27 | 000,015,872 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010-12-10 00:39:47 | 088,638,302 | ---- | C] () -- C:\Users\Robert\Documents\SotG - 12.05.10.mp3
[2010-12-03 16:35:01 | 000,001,904 | ---- | C] () -- C:\windows\System32\SetupBD.din
[2010-12-03 16:32:57 | 000,002,823 | ---- | C] () -- C:\windows\System32\e1y6032.din
[2010-11-26 14:49:23 | 000,490,095 | ---- | C] () -- C:\Users\Robert\Documents\Material Choice.pdf
[2010-11-26 00:03:44 | 000,688,734 | ---- | C] () -- C:\Users\Robert\Documents\Material Choice.docx
[2010-11-25 09:25:50 | 092,229,353 | ---- | C] () -- C:\Users\Robert\Documents\SotG - 11.23.10.mp3
[2010-11-16 12:04:48 | 000,021,143 | ---- | C] () -- C:\Users\Robert\Documents\Delta design game groups.pdf
[2010-08-01 12:28:10 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2010-03-09 12:54:34 | 000,212,992 | ---- | C] () -- C:\windows\System32\WMIMPLEX.dll
[2010-03-09 12:54:34 | 000,031,232 | ---- | C] () -- C:\windows\System32\maplec.dll
[2010-03-09 12:54:34 | 000,020,480 | ---- | C] () -- C:\windows\System32\maplecompat.dll
[2010-02-22 17:57:38 | 000,014,308 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\ReplayMusicLog.log
[2010-01-18 01:41:51 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\FnF4.txt
[2009-12-18 21:33:44 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2009-11-17 11:25:21 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2009-11-17 11:22:47 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009-09-15 19:56:33 | 000,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-09-15 15:44:44 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009-09-15 15:29:47 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-09-11 10:05:13 | 000,000,072 | ---- | C] () -- C:\windows\ricdb.ini
[2009-09-10 14:57:57 | 000,015,872 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-10 13:55:35 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\QSwitch.txt
[2009-09-10 13:55:35 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\DSwitch.txt
[2009-09-10 13:55:35 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\AtStart.txt
[2009-09-10 13:47:27 | 001,805,872 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009-09-10 13:47:27 | 000,034,096 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008-07-11 22:50:18 | 000,109,184 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006-05-20 03:39:58 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2006-03-09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005-04-03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998-05-07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

< End of report >

OTL Extras:

OTL Extras logfile created on: 14-12-2010 9:23:08 - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Robert\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 93,41 Gb Free Space | 41,91% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,73 Gb Free Space | 19,22% Space Free | Partition Type: NTFS
Drive F: | 1015,00 Mb Total Space | 990,37 Mb Free Space | 97,57% Space Free | Partition Type: FAT32

Computer Name: ROBERT-LAPTOPTU | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AC5816-6150-4864-9D5F-C286DE82C73F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D53560F-AFC9-44A4-A510-4FD41CF0490E}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0E4F8C8B-F494-4207-A381-37658025FAC1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0ECC2F44-B317-4891-AB0D-5BB8A5667EAF}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |
"{0F23D123-9616-4534-9CCA-6AF5C2E77999}" = lport=137 | protocol=17 | dir=in | app=system |
"{109E7A9E-DA82-4475-8CBA-EF2D0F872EC1}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher |
"{1213FCAF-24ED-4C72-ADA6-F1398A6C4730}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher |
"{123594BA-5E41-4FC3-BE0C-7F49DB48840D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{12A95EC6-CD5B-4335-8381-42719411A5D4}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{180DD0EF-F69E-419C-98FC-CB68C18CC030}" = lport=57583 | protocol=17 | dir=in | name=pando media booster |
"{1A638125-A567-41C3-96CD-6C69F7AB5A55}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher |
"{1A802DE9-1B04-4E25-9D56-86254DDBCA18}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{1AC89D92-7222-428B-BCCF-6C8FBE84A985}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1B91ED6F-D169-4C3B-B767-C3B4905ED0F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DF01647-F16F-4271-B0D0-DD2F2C9D8FF3}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{20205D31-A88D-4DC8-92C2-3CFC966A1957}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher |
"{21FA97CD-ECEC-47FA-AEC1-BED9C2AE8DA7}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{259A5EAC-8D04-4E54-8FC0-223BDDEB8EF4}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{2D749286-1C3F-42E7-8A80-A1A558EC158A}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{2E21FD9B-4EAF-4249-AB84-DBBE190ABA41}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{2E6E2827-5DB8-478C-B433-3CACCE79F7B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30022654-D6E1-4097-AEAA-0C0594FFED09}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{337487A1-4185-480C-BABE-8BA77B664B09}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{3EF74521-B94E-45AD-B169-04594DB38338}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher |
"{4261D19C-A3FD-42D2-8EB2-1F1B780DE9BF}" = lport=57583 | protocol=6 | dir=in | name=pando media booster |
"{4956708F-7D15-43A7-A8DA-935A309808AF}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |
"{4C284575-92A7-4270-A825-8EE6749A6666}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{56F6A23A-751E-4119-93EE-9CD923F1918C}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{578D8899-96C6-4B33-9A81-8943B7B99955}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{5E2DD2E4-D745-4D4C-964F-C1460BFE2C65}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{5FC1275E-568B-4225-99C2-3354B1BEFA8F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6091EEB2-E3DE-4547-B576-2D5833F4713E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{672FA61B-56B6-4B54-87CD-A524D4832BA4}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher |
"{6C0FA060-6D89-45C1-9E97-56FF51777033}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E11FAE2-F993-424E-8221-D4CF78D47A1B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7134F797-117E-4FE5-A5FA-14DD9A4ABB2E}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
"{714143CF-417A-4D70-8C0B-03637A658C86}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{71A036E7-820D-4655-9343-60E4F0B59189}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{72AF5EC7-B615-4AE7-9402-E9FD101E2219}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher |
"{742C70E2-9C1D-44BA-8101-ECDDDA7162D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7766D5BE-318F-4886-AB23-FD4C3A61EDB4}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{77681E64-D132-4DDD-ABDB-E2DB776B1174}" = lport=57583 | protocol=17 | dir=in | name=pando media booster |
"{8B4A403E-F253-4003-9242-C8218D8320B4}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{8C0D5A56-961C-41E2-8B76-CF1FD189F1A7}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{90A1B867-32FE-4B34-B046-479F42729FB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{950D90E8-371E-4B4D-93D8-DF7832AD41CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AD7CFA2-8850-4609-8509-5238280F4722}" = lport=57583 | protocol=6 | dir=in | name=pando media booster |
"{9EBA35C9-206F-4668-ADAA-B687C2DB2F10}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{A0562053-B2BA-46EF-84F7-202F123BEBC5}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1663F19-A4A7-469D-9B81-DE192DDFDBBE}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher |
"{A5671F8A-8DB1-400E-A1C5-968301B36327}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher |
"{A5C8E84A-1DFC-48AA-BDE3-E7650E6E7C83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A61E344B-A24B-4EBC-A1ED-1F81EEC4D6E2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A6CB4297-E21C-4327-AB36-B4B512284D26}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{A88A27D4-8F46-4105-9EAC-7183D40FF3DE}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{A8EAD936-4D74-4CB9-81E0-E648376B532A}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{AB91E51D-1FA1-433D-9A3E-0945F7E854CD}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{AF55D653-3403-4A51-B913-FDAD2DB07982}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF9B2AE8-C5EC-4DF5-9BAB-F3740F7288AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B16A6604-D04C-40CD-953B-32B14A689CF2}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |
"{B288E14A-6333-4FFE-8CFF-6A141896FC6E}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{B493721F-C097-453D-925A-8DAD1238BA59}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{B6B625DE-B9D4-487C-8CB0-7AE3C4DC4372}" = rport=139 | protocol=6 | dir=out | app=system |
"{B7731798-E6AE-4FD4-830D-55EDE78E3559}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher |
"{B800E86C-A500-47E6-A05A-7AEAB5293273}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher |
"{B822998A-5EFD-4846-9BFC-377D6F0CF9EE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8CB86AE-2352-4E80-A332-14A4CD94B185}" = rport=137 | protocol=17 | dir=out | app=system |
"{C06273D9-398E-417F-B316-45B11769D890}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher |
"{C2689CA5-90E4-4C5F-B4DD-57DDC3492A7B}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{C2D282FE-C30F-42A5-993D-2A31F96A618B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB712D6F-FE25-4633-841C-B3E7C0BA078E}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{CC815F7F-F315-4501-941D-D0DEA97BAD23}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{CF32DAAE-52D0-4213-8113-94CA8A1D7EBE}" = lport=6964 | protocol=6 | dir=in | name=league of legends launcher |
"{CFD21CF8-338D-4DC5-94BC-2CD1E657A9FD}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{D5D6BF7A-2C58-4927-8D4F-875C52F23A19}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher |
"{D714EC89-B645-4D46-AE5C-E5F2617DF3FA}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{DA346983-7FBA-4D93-A76D-FD8797A4083B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DAC14CD3-B7BA-4486-BD8D-78DD127DA22E}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
"{E2093DAE-7B9B-42E6-B27B-3B90792E6362}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{E3169301-5B13-4340-B41E-82F78899A6C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E31D8A16-A6C3-47F8-A7BD-8855BCC25026}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher |
"{E753B3C4-0598-4284-AB51-46EB4F7783F3}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{E7EC8264-7247-4839-8997-451AEED6F350}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC017FBA-F8B4-440B-A208-C0C3602D566E}" = rport=445 | protocol=6 | dir=out | app=system |
"{EDE5211C-CCFD-44CE-BCEA-5ECB388D69D6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F8804330-3E73-44C3-99FD-E7C1CC2AAF34}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{F8E4506D-8AE1-4C49-BB6D-65AB32180E2B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{FB9BC294-6CB1-4E76-9626-557415A2F6D5}" = lport=6964 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BABFEE-93A1-47EF-98C4-6CA15726E2B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0170803C-D3D0-4C29-8121-0E1CD64EBEAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05ECBE31-7130-47B7-B667-0EB627E79E7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06340E62-BB2A-4B68-9CD3-5A5B3420A65A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08508376-B921-41C4-8ACB-8C04B7E5255F}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{09D490CC-E388-442A-8AF3-9A940045E692}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A14185E-6B2F-48F6-8A7A-1819D1EE6499}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B6F76F8-3C98-4DA8-9AB3-AF5FD5300F6E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B8CD4FA-DFB7-4549-84BA-ADA36EC7A8AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10726428-11DE-4826-B8F7-08FCE61D7B87}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{12DAABF4-BFC2-4F48-92D6-2076FA238C71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1427A0F2-077C-4E4A-A307-CBD8097D0CF2}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{1496D4E3-3B13-4BB3-85A0-5D6A416E0756}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{151F2468-393B-4023-AD9F-D1DEE048E8FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15359FE2-549C-4221-97EB-9284EE815882}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16B701D2-7F92-4771-A7C0-EAC5394326DA}" = protocol=6 | dir=out | app=system |
"{17DB811C-99A5-4A46-BEFB-C0E5B876B209}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{18C39CA2-3963-42BC-B492-8EBD40DF684B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A7E1EB9-AF04-4BB4-A11A-B49FFABB67B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B02AF01-F58F-43A3-858E-A47EE2E9E3EB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1B487526-5F78-42B9-B39F-40DC72495CD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1BD24F54-54F5-4C06-AB7B-74E20E64E9CB}" = protocol=58 | dir=out | [email protected],-28546 |
"{1D4F6D19-C59F-4DB8-A871-04A715349201}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{203CEB08-F212-4856-A327-1BB737DBA059}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2070B141-4A2E-4842-B507-4C9C076A951C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2301A759-A7AD-48A0-8B5A-A49AD1E9E359}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{251B6873-A190-4782-8A48-9CF9D5139ABB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26551963-351B-41CD-8A86-3B885A51290A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{26DBF6FD-86EE-4C8E-B364-3623EB1F84CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28EAC469-8AAD-4BFC-AA81-CBDB7591AB95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2921A986-4400-4E26-AD8B-67122FE3F704}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2967D874-74B7-47DF-A97A-0A5B0AD18913}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29B18EDA-47F8-4568-B9AF-72ABC4253B56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A403AD1-1BAA-43E5-A382-F4BA0B46A773}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A4A43D2-3682-4850-9CE8-5DFF44E1D376}" = protocol=6 | dir=in | app=c:\program files\games\forged alliance\gpgnet\gpg.multiplayer.client.exe |
"{2D42A183-0147-4BBE-B68A-E134E8C2257E}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{3031E916-5318-4070-A9E3-C29E07557520}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{3095EBE7-327C-4A15-B1C5-07B96F914E40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{348EEC89-1231-4D05-AE86-3E81002F1A96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34BAA586-5F23-4B38-960B-40A8F1C43962}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36CD2DA5-2073-4BBF-B386-1771F4372F25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37A7B47C-8736-4A76-8B6B-82403DA0C925}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38424583-CC71-49E3-A425-5C7937C585E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38718502-EA1A-4291-86A9-04F0C382F63F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39664ACC-A73C-40CB-BE06-DAB7CD109EC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{396E4F13-62DF-41FD-8B33-FE23DD56715F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B6D9259-2107-407E-9F50-6DBF06104829}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{3D52ACD9-915B-4A7F-B9E0-DE4624B187E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E2DB682-8DEC-4BBB-AD90-6C71469875A2}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{3F3DA53A-B516-439E-AAC4-47EB9B8D9BF8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3F71FAA3-F582-481E-9C58-870750984E56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FC75B7C-63AA-47D6-A6E3-967389C703FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40A8C63E-2007-43E9-8028-E9D24D81B293}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40C1D552-8CA1-483E-9AD5-1C670D913CAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40E2C05A-C6DA-4D2A-9DE0-3BB74887D461}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{440E9C6F-5008-4A79-9135-28B5CB0169E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44472B6A-F337-48E0-B48A-861E10CC3A17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47691F5F-9EB2-442A-8C58-FDC759E8316D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47ED706D-31A6-4C60-89DA-7F30216EC574}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{47F5BE77-2CCE-4BA9-83F2-87CA44C5808F}" = protocol=58 | dir=in | [email protected],-28545 |
"{4861D734-39CE-4927-9CF9-5DA02ECECD9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A3680CD-2070-4AE3-BCB3-49B01198EA7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A7E040D-AC0E-49F6-8503-67AE92D1CC72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B52DD91-9827-4693-90EB-1D4FFEC72085}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4B9977CA-EC76-430D-8563-133711FE49CB}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"{4BEC2B38-86C4-44ED-B295-BC9D3696396C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C6C38B6-479C-469A-81DC-24CC8662D170}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C90E176-448C-47D8-96B3-3458227CF99B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D4667EB-B735-48CC-B133-260A1AD6B540}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5882A4F5-6D1B-4009-B526-FDDBD9B94E69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B149CF9-BEBA-49CA-829C-34E87D85103F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B8CD815-607C-4787-A08C-A4868DF3FE5F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5F1A1AD2-A76D-44ED-84F1-833CDBF24352}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{5FDBCD86-EB21-4467-99BE-DCA71E99E84C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{636E04FE-D605-40EF-8D61-F5C53F331DDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6556881A-85F7-4777-A704-09663F68555E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65A88A29-9F17-475F-ADFC-700170DBEFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6694D46B-B50A-412E-A9C2-B1FFDF189E72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{678AD109-443B-47F1-BBB1-DD458D80B4E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69A9BF95-BBD1-422C-BBF7-B034A67746F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ADFFCC3-C362-4D39-A098-27126C736E10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B3A0F91-EDE8-4576-9B9A-814BE5E37D15}" = protocol=6 | dir=in | app=c:\program files\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{6B425D9F-DF8A-4DE6-A1D0-E70C385A3396}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E821BF0-6038-4FCA-97FA-3F8E826C3BD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FB17236-E9B0-4D7A-93B0-AC08F57008E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70311AE2-0D25-43D9-910D-6672C02E689A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73ED310E-38FB-4995-B15A-99157B733F3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7492288D-FF56-4713-9121-72CA376E6733}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{75704F3F-1486-4B64-8F3C-020C7EF0317C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76176DF8-D747-4C62-A199-8222EF9A9151}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{761F0DD8-A09A-4798-ADBC-5A54D33C65AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{765C53C6-9494-465F-B8E1-B3BE28583F3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7708BEDA-2D26-40A7-B866-20DAA78A9A53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{785D1CAD-A84C-49B6-89DE-F5A296DE9EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{792A8C3B-9629-4B06-B7CF-D1D77B46B81F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{7D67BD8B-62A0-46B3-8D5B-897569AAF353}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DDF4245-FF57-4B4C-8242-050C37E91FE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DEF859A-887D-4D48-B5F7-8E48C747CA35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F7FBCC8-54BE-4887-AA0F-8A1A4DFEE3D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FE6BB29-183F-41B9-B44F-940D1B92F64C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82586951-BE82-476A-9645-F0561A076588}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82650415-01E3-491F-9067-ECB8BD28E4F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83977FBC-02C1-44AD-B0E9-8DFA6AB69D27}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{83EAFF3F-1ADE-4F41-978B-BA0770096E5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{842A0C77-76DD-42B5-B6F1-BBB831394B04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{849884EE-5AC3-4D8A-8163-87B25F60369E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84D32976-9F33-4B31-A884-00DBBEA2FB21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86A126AB-B379-44FF-BEAA-BBC9B9091A74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88161467-15BD-49A2-8863-12909D679E6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{895A60EB-2757-4BFA-88A9-0B8DD3F59A49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8AA3275C-AD9A-414E-8601-4CDA56CCC726}" = protocol=1 | dir=out | [email protected],-28544 |
"{8B92140B-89C5-4388-8B8F-BF3F7482D686}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BC74AFC-DB14-4A63-996E-104844E61657}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F5C9045-0A62-4215-AC5E-53361C59229F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FB09008-41B2-4B80-A329-4481B0A484C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FD421B4-6AD4-469B-8735-8ABAA187E896}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{924BB003-F25E-4EE0-88ED-B709DC8362FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{942EA6AA-373C-4375-A956-0DB2891F96FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9804164D-EA11-4A38-BA86-D39308BC69C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98CBA564-B711-48D9-BFB8-ABA92589819C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99E56CBE-6B17-415B-9E0E-EF85B48FF34C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A6113C5-128B-4EEF-8377-AB7C3182877F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B37BF90-40DE-4EB3-8993-4BCC74E38CF3}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"{9BECAD26-196B-4FA3-BF53-975CB24C55FD}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9C66C380-4B44-4259-9D78-38B011023D88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C7E5946-7512-4ECB-B562-1DA1F0D27602}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D95230E-4514-4B05-8C87-69EAA6EE478B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E938877-E822-41D0-A31D-4E688EF5B901}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe |
"{9FA08EC1-E716-4A81-A856-9EB4FA0AA48D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A020E6EA-8FCD-47CE-9778-484D1C24170F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A36976CF-AD64-497B-A62E-A2B78B7CBE09}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A3A978A1-E34A-45F4-8200-FC96F9604737}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4701182-14D6-451D-BDB6-87C556F75A9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6F3F21B-7210-4AA0-8C73-3562D8A12C71}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{A9E88E10-3040-498C-815E-C3177B5F85E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA446A8E-01D5-45C1-ABA0-AA995B95AFFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA98D6DD-48D9-43FE-91A2-4404AE231712}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABA5A60B-FA00-423C-976F-B1439DE080B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABC2F3D1-167F-4D6B-AD84-0553DD478B86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACBC4067-571A-49BD-9662-0FC842EA86CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE695B68-2C71-4219-8168-CB9D91E145D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF61DFD5-F937-4E7C-AC5E-4C5471AD7775}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B023C81F-F92D-4218-88E8-D790AE29158A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B356967F-1B32-4399-9905-0682B6889AAA}" = protocol=1 | dir=in | [email protected],-28543 |
"{B3AB4E1C-7562-4B3F-A032-5503ACD90CA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B60FECFA-7B13-4A84-9333-9272C5ABACAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6176214-FBE9-457A-87DD-D9C02ADFB91C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B73D0FE8-F9D3-4F51-BB22-EFC5A7397D8F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B78E8127-15CB-4BAE-9C6B-574F8614AFCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9D340AA-19C4-4A0F-ADEC-B7A371749968}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA886EFD-34BB-42A3-8643-B55B237E3184}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB682176-6FC3-4A32-BBF0-055649FC30E9}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{BCBC4160-59BC-4B70-9594-4A4D32EFBBCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCBD7A0A-9121-47D1-AE84-87DA03A1DB26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BCDA30D9-FF9E-4949-A727-5001FCAC27D6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{BD3422AB-517E-4ED6-B269-0C8152B34D59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE52EA16-F910-4558-9E90-AB60B6042F15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFEB58F2-AED0-478B-BD56-F1E97AC55404}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1395FFE-3624-495D-95B2-B00E2730DADE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1BD786E-205D-40B6-A96B-ACD9C3D0FD92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C20D9E29-67F3-4360-8F9C-0BD4033FA7FD}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{C5DEC413-7F75-4132-89D9-8A26C4A0856A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C82C6410-4E51-48EB-B055-EC0D32D91439}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C91864EB-2D01-4BD5-9D91-74DEF08EA08E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9E795DC-E4EC-4194-B598-4270496B4C34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9EF2590-03C6-4AFF-B31E-ABFF479D0311}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF05514E-07AD-4AA6-A667-9896D91573C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFD98EAA-3920-4922-8CF0-2A4778ADEFD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D05F90D4-4F3D-494E-AA64-2F48A9BB5B29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0FAA335-47A5-449A-9860-996DD7D2E15A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1935CAF-5DAC-460E-A1E0-0B1BF4F1A54E}" = protocol=17 | dir=in | app=c:\program files\games\forged alliance\gpgnet\gpg.multiplayer.client.exe |
"{D27C2189-72BF-460F-B002-33DAC8CE5B37}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{D31E8142-445D-49A1-A957-3037141FDBF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8C1F38C-F340-4FDB-A50B-BEB5635A7E47}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{D96DAA65-B112-4611-A07B-993FB891B5C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC0034C3-6431-488B-9990-27914B92C1A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD40E022-3B31-4291-9B23-242B883E97AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE30F5BA-2002-4C80-A61F-CFBA248CFBCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEC35724-DDF5-4F42-8448-185A4151DF0D}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{DFCAFEFB-37DC-49CE-B05F-71F7ABABDEA4}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{DFD20DB0-398C-4C96-B846-C162D3131119}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0285F94-C5C1-4355-B80F-65515373A6FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E058B04A-5653-4D5B-9594-B8EF5AAA1A2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1101F9F-31A6-4025-9AE8-A33B9AA36D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E215E1FC-EA38-42A6-BC66-BD78B6DB230D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4B1C441-0851-4FED-ABA8-BEA45EDB27DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA5CB0F5-99DD-4523-9D53-DA00776171D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA7F6569-4141-43C5-BD16-3437C9686C55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED373E8C-788D-426F-9FE5-34096E5A7666}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3FBBBFC-322D-4CB2-9E39-5178B43F4778}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F4CBDAF4-B107-4818-BE49-6FB2CDB201C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F77257C4-4C95-409C-A217-01A7B47F3815}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{F7B38A0D-479E-4078-823E-1E60ACD291A3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F86112E9-F49D-4062-B6DE-49FE7167DE52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8CF2C27-2A6C-4E80-8B82-3F9F060CF65D}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe |
"{F9395127-DA91-482E-8C3B-AC32BE629E5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F98BFE17-5994-4392-B11D-58A042CF4CE6}" = protocol=17 | dir=in | app=c:\program files\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{FA973B2C-574E-4C8F-AF5E-18E3F5F7BB7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE835780-2A05-4C6E-9047-6629B5D16317}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF00CC86-D4C2-446A-A09C-0696F5DFDD66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF6CF4D3-9267-4E21-9F43-1B41355CC3D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{03A38C5A-24E9-4F46-BA36-A169D37E4021}C:\program files\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"TCP Query User{0C8AE05B-F730-4EF6-8DE9-E9D469CF23AA}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{13F114DD-29AE-4CD6-A393-43B35DDDD719}C:\program files\starcraft ii beta\versions\base15623\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15623\sc2.exe |
"TCP Query User{1769E54F-3852-4540-91FB-F37091437FD2}C:\program files\starcraft ii beta\versions\base15580\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15580\sc2.exe |
"TCP Query User{356EB4E5-11BE-45A8-9CF5-D3BF0FA2C182}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"TCP Query User{387428C7-0E57-4023-8991-9F6CE2D3117A}C:\users\robert\downloads\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\eclipse\eclipse.exe |
"TCP Query User{41D73A8E-8C04-4C30-9DFA-06D364FFB18B}C:\program files\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15133\sc2.exe |
"TCP Query User{43AA56F3-D958-487C-9877-CF3A2E139E3B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4B3E8839-7871-4C2C-B27D-0E8E50B0DCC9}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{4FD721F0-4657-492E-AF7D-EAEA0A78207E}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{5A8FB93E-5AAD-4907-A4EA-A0088766699D}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"TCP Query User{6054A20C-B981-4AF5-97D3-0B9DEB04C744}C:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{65A87BA2-4E07-4070-A27F-B6AAE42359FD}C:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe |
"TCP Query User{726C1710-9246-4497-9A47-C73DE86F8E27}C:\program files\starcraft ii beta\versions\base15250\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15250\sc2.exe |
"TCP Query User{740E998B-99D0-410F-83FA-B67F32E780C0}C:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe |
"TCP Query User{80B0F45F-B3FB-469C-9C4A-C11E54533D06}C:\users\robert\downloads\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\eclipse\eclipse.exe |
"TCP Query User{85D25A29-7216-48A7-9483-4EEFA7399C5B}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"TCP Query User{9276DE9B-EBCA-4587-8462-1287332F12BB}C:\program files\games\forged alliance\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=c:\program files\games\forged alliance\supreme commander - forged alliance\bin\forgedalliance.exe |
"TCP Query User{954131AB-A11F-4ACF-B03A-5B96B334D722}C:\program files\starcraft ii beta\versions\base15655\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15655\sc2.exe |
"TCP Query User{9A9577A6-49A6-4380-9902-B0D88570EBB9}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"TCP Query User{A38FA513-FA82-4F03-8E47-B30B2545A67B}C:\program files\starcraft ii beta\versions\base14803\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base14803\sc2.exe |
"TCP Query User{AB29FFD6-2BF4-4591-AF22-C1497218B988}C:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{C5D79DB1-A3C9-4316-8904-CF2CB38DE7E4}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{C9401A8E-EFAE-4249-948B-8F2FDF5503E8}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{DEF6518C-CA68-4BCC-BB3D-565253B97577}C:\program files\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{EAE74FF6-0DFD-46D2-A69E-5AD27ABE9E1D}C:\program files\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 12\jre\bin\java.exe |
"TCP Query User{FA8BBB63-68D9-4346-9BA3-7C9A6D4F2160}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0FDCC232-7748-4B85-8A2A-F1ECB0BF6694}C:\users\robert\downloads\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\eclipse\eclipse.exe |
"UDP Query User{2471324D-1CD0-4DDF-8622-0773C2010B25}C:\users\robert\downloads\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\eclipse\eclipse.exe |
"UDP Query User{28FB8FCD-8118-4671-A8DA-D55413E059AC}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"UDP Query User{294BCD3B-CAC7-4CA9-A2BC-52B442E67B6E}C:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{2B578E35-EFA8-4691-A884-E473F0C9C149}C:\program files\starcraft ii beta\versions\base15250\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15250\sc2.exe |
"UDP Query User{2C500885-6CFC-4959-9E75-FBD54E8E8DC5}C:\program files\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"UDP Query User{3F649A75-8904-4F45-B0FE-92373CB0F5DA}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"UDP Query User{43BBC15A-E9E0-4E0A-847A-E8E47D1B90C1}C:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe |
"UDP Query User{49A31893-23C7-4D10-AD0A-140F842CC843}C:\program files\games\forged alliance\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=c:\program files\games\forged alliance\supreme commander - forged alliance\bin\forgedalliance.exe |
"UDP Query User{53EC25E9-A50C-4A45-8709-4C98AB8268FF}C:\program files\starcraft ii beta\versions\base15580\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15580\sc2.exe |
"UDP Query User{5AB22359-6562-47B5-8685-BC89550F0227}C:\program files\starcraft ii beta\versions\base15655\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15655\sc2.exe |
"UDP Query User{62BBC6BB-A6B0-41A5-8FC7-FA78118CF2D5}C:\program files\starcraft ii beta\versions\base14803\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base14803\sc2.exe |
"UDP Query User{633A20DE-5CF6-410A-9999-18A20A907B8E}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{6C8903D0-6B6A-4EFF-AA4B-F5B9FFA751CA}C:\program files\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15133\sc2.exe |
"UDP Query User{9ED875B8-6CE9-4CC6-A58E-FA7494E9CA2B}C:\program files\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{A4141222-2720-4B9B-BE7E-484E6BBFDB0D}C:\program files\starcraft ii beta\versions\base15623\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15623\sc2.exe |
"UDP Query User{B7D17720-39A9-495C-A693-0F30BE0D766A}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{BC154ADF-1CD7-44E8-BE09-31169F485ADD}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{BDE7C06C-06D2-497F-A478-949404760387}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"UDP Query User{D02EDE3C-F4C9-4B65-95ED-DFB024078954}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{D1BAED7C-8FA2-41CF-A0FE-04D3E976D13F}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"UDP Query User{D1C31A98-1D53-4F60-8FB1-40D1442FA011}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D2C3E2E6-1CF0-4915-9E5F-5638EF055AE1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E5AF5C7D-F487-43EA-9432-D9393C66D349}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{EEB6D71B-1B12-42C7-9E0D-D109DB22C5DB}C:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{FBD18872-32AE-4EFC-9348-00A24124405F}C:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\program files\games\ipcurve100win32\ipcurve\ipcurve.exe |
"UDP Query User{FFEE5F1C-87B0-4FF2-997C-CDC93E466626}C:\program files\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 12\jre\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{0778D325-1A92-46D9-B2DB-634040F5675B}" = HP User Guides 0099
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1B99FFC8-B898-406D-9A67-14F8A833A200}" = Drive Encryption for HP ProtectTools
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{272253C3-D9DD-4C0C-A586-7E7ABC7E9AA2}" = Presto! BizCard 5
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6EAFBCAF-20E9-474A-A720-E7D276B35498}" = ESU for Microsoft Vista SP1
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8E5AE0A9-D916-46C4-A3A9-083BBDD69FF6}" = Presto! BizCard 5
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A10930E-3AA7-4B3E-99EB-A8403833DC83}" = Tableau Public 6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9F5BCAA5-E78B-4C01-B6D3-F3EA9B3E3DC1}" = HP JavaCard for HP ProtectTools
"{9FE06DD0-C1DB-4E0E-A8B9-D3224261A4F3}" = HP ProtectTools Security Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1043-7B44-A92000000001}" = Adobe Reader 9.2 - Nederlands
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE1AE5E9-6ECE-4ADF-A28A-56A981E138D4}" = Credential Manager for HP ProtectTools
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}" = AuthenTec Fingerprint System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DSMT5" = MathType 5
"DungeonSiege2" = Dungeon Siege 2
"Eufloria_is1" = Eufloria v2.02
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP QuickLook 2_is1" = HP QuickLook 2
"ImgBurn" = ImgBurn
"League of Legends_is1" = League of Legends
"Maple 13" = Maple 13
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.VISIOR" = Microsoft Visio Premium 2010
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"PROSet" = Intel® Network Connections Drivers
"RealAlt_is1" = Real Alternative 2.0.1
"Replay Music3.45" = Replay Music
"SmartDraw 7" = SmartDraw 7
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3-12-2010 12:05:12 | Computer Name = Robert-LaptopTU | Source = WinMgmt | ID = 10
Description =

Error - 3-12-2010 12:07:01 | Computer Name = Robert-LaptopTU | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 9.0.0.871, time stamp 0x4cd94744,
faulting module avgtray.exe, version 9.0.0.871, time stamp 0x4cd94744, exception
code 0xc0000005, fault offset 0x0005a4e9, process id 0xeb4, application start time
0x01cb9303f4dbab58.

Error - 4-12-2010 6:36:23 | Computer Name = Robert-LaptopTU | Source = WinMgmt | ID = 10
Description =

Error - 4-12-2010 7:11:37 | Computer Name = Robert-LaptopTU | Source = WinMgmt | ID = 10
Description =

Error - 8-12-2010 8:36:35 | Computer Name = Robert-LaptopTU | Source = Application Error | ID = 1000
Description = Faulting application accrdsub.exe, version 6.1.0.21, time stamp 0x4631cfad,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x00049105, process id 0x1024, application start time
0x01cb93a43aec8022.

Error - 9-12-2010 15:15:34 | Computer Name = Robert-LaptopTU | Source = Perflib | ID = 1010
Description =

Error - 10-12-2010 18:06:15 | Computer Name = Robert-LaptopTU | Source = WinMgmt | ID = 10
Description =

Error - 12-12-2010 9:54:54 | Computer Name = Robert-LaptopTU | Source = Application Hang | ID = 1002
Description = The program League of Legends.exe version 1.0.0.106 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13cc Start Time: 01cb9a041da98250 Termination Time: 32

Error - 13-12-2010 8:30:09 | Computer Name = Robert-LaptopTU | Source = Application Error | ID = 1000
Description = Faulting application accrdsub.exe, version 6.1.0.21, time stamp 0x4631cfad,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x00049105, process id 0x1158, application start time
0x01cb99158c083c40.

Error - 14-12-2010 4:05:45 | Computer Name = Robert-LaptopTU | Source = WinMgmt | ID = 10
Description =

[ Credential Manager Events ]
Error - 30-11-2010 18:42:33 | Computer Name = Robert-LaptopTU | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost

Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 30-11-2010 18:42:33 | Computer Name = Robert-LaptopTU | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 3-12-2010 12:05:17 | Computer Name = Robert-LaptopTU | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost

Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 3-12-2010 12:05:17 | Computer Name = Robert-LaptopTU | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 3-12-2010 12:05:30 | Computer Name = Robert-LaptopTU | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost

Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 3-12-2010 12:05:30 | Computer Name = Robert-LaptopTU | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 5-12-2010 12:39:12 | Computer Name = Robert-LaptopTU | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost

Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 5-12-2010 12:39:12 | Computer Name = Robert-LaptopTU | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11-12-2010 11:19:59 | Computer Name = Robert-LaptopTU | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost

Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 11-12-2010 11:19:59 | Computer Name = Robert-LaptopTU | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ OSession Events ]
Error - 23-3-2010 11:47:36 | Computer Name = Robert-LaptopTU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10970
seconds with 4800 seconds of active time. This session ended with a crash.

Error - 23-3-2010 11:48:14 | Computer Name = Robert-LaptopTU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23-3-2010 12:07:34 | Computer Name = Robert-LaptopTU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79
seconds with 60 seconds of active time. This session ended with a crash.

Error - 23-3-2010 12:09:53 | Computer Name = Robert-LaptopTU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13-12-2010 13:15:00 | Computer Name = Robert-LaptopTU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.12 for the Network Card with network
address 00216A5E66AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 13-12-2010 13:24:29 | Computer Name = Robert-LaptopTU | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 13-12-2010 14:59:44 | Computer Name = Robert-LaptopTU | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 13-12-2010 15:00:43 | Computer Name = Robert-LaptopTU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.12 for the Network Card with network
address 00216A5E66AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 14-12-2010 2:48:21 | Computer Name = Robert-LaptopTU | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 14-12-2010 2:59:54 | Computer Name = Robert-LaptopTU | Source = Service Control Manager | ID = 7011
Description =

Error - 14-12-2010 4:02:17 | Computer Name = Robert-LaptopTU | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 14-12-2010 4:05:05 | Computer Name = Robert-LaptopTU | Source = HTTP | ID = 15016
Description =

Error - 14-12-2010 4:06:28 | Computer Name = Robert-LaptopTU | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 14-12-2010 4:18:51 | Computer Name = Robert-LaptopTU | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >

virscan.org log:

A bit of a mess, but as I said the copy to clipboard button doesn't work. I put hits in italics.

a-squared 5.1.0.1 20101214030638 2010-12-14 - 5.055
AhnLab V3 2010.12.14.01 2010.12.14 2010-12-14 - 1.441
AntiVir 8.2.4.122 7.10.15.16 2010-12-14 - 0.278
Antiy 2.0.18 20101207.6186214 2010-12-07 - 0.018
Arcavir 2010 201012141244 2010-12-14 - 0.065
Authentium 5.1.1 201012132238 2010-12-13 W32/Heuristic-400!Eldorado (Heuristic) 1.485

AVAST! 4.7.4 101213-1 2010-12-13 - 0.049
AVG 8.5.850 271.1.1/3299 2010-12-06 - 0.267
BitDefender 7.90123.6412647 7.35089 2010-12-14 - 5.938
ClamAV 0.96.3 12385 2010-12-14 - 0.240
Comodo 4.0 7057 2010-12-14 - 0.977
CP Secure 1.3.0.5 2010.12.14 2010-12-14 - 0.002
Dr.Web 5.0.2.3300 2010.12.14 2010-12-14 - 10.047
F-Prot 4.4.4.56 20101213 2010-12-13 Possible W32/Heuristic-400!Eldorado (dropper, not disinfectable) 1.393

F-Secure 7.02.73807 2010.12.14.01 2010-12-14 - 0.148
Fortinet 4.2.254 12.668 2010-12-13 - 0.376
GData 21.1292/21.541 20101214 2010-12-14 - 7.975
Ikarus T3.1.32.15.0 2010.12.14.77348 2010-12-14 - 5.511
JiangMin 13.0.900 2010.11.30 2010-11-30 Trojan/Genome.fxp 1.388

Kaspersky 5.5.10 2010.12.14 2010-12-14 - 0.088
KingSoft 2009.2.5.15 2010.12.14.14 2010-12-14 - 0.712
McAfee 5400.1158 6196 2010-12-13 - 18.339
Microsoft 1.6402 2010.12.14 2010-12-14 - 3.371
Norman 6.06.11 6.06.00 2010-12-07 - 8.010
nProtect 20101214.01 9325165 2010-12-14 - 10.227
Panda 9.05.01 2010.12.13 2010-12-13 - 2.083
Quick Heal 11.00 2010.12.14 2010-12-14 - 1.155
Rising 20.0 22.78.00.03 2010-12-13 - 2.023
Sophos 3.14.1 4.60 2010-12-14 - 2.997
Sunbelt 3.9.2459.2 7644 2010-12-13 - 0.660
Symantec 1.3.0.24 20101213.003 2010-12-13 - 0.056
The Hacker 6.7.0.1 v00099 2010-12-13 Trojan/Genome.zjc 0.394

Trend Micro 9.120-1004 7.700.02 2010-12-13 - 0.034
VBA32 3.12.14.2 20101213.1157 2010-12-13 - 3.505
ViRobot 20101213 2010.12.13 2010-12-13 - 0.382
VirusBuster 4.5.11.10 10.130.45/2005982 2010-12-14 - 2.905
  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, BlueAtmosphere

I want you to perform all steps below:

Step 1

We need to temporarily remove your Anti-Virus, as it interfere with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceeding.

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the Internet or open any email attachments until your Anti-Virus is re-installed


Step 2

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

When completed the above, please post back the following in the order asked for:
  • C:\ComboFix.txt log
  • Are there any further problems encountered?

  • 0

#6
BlueAtmosphere

BlueAtmosphere

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hey Render,

I have done all and only encountered one thing, which was an error right after rebooting for appremover. It said 'Windows could not find feedback: "some filename" error' or something similar. I did click it away too fast to copy the whole thing, but perhaps it is not relevant. Anyway, combofix spend hours trying to fix the infected autochk.exe, but I can't see from the logs if it was successful, surely you can:

ComboFix 10-12-14.01 - Robert 15-12-2010 0:40.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.31.1033.18.3035.1888 [GMT 1:00]
Gestart vanuit: c:\users\Robert\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Hewlett-Packard\IAM\bin\brand.dll

c:\windows\System32\autochk.exe . . . is geïnfecteerd!!

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-11-15 to 2010-12-15 ))))))))))))))))))))))))))))))
.

2010-12-15 00:14 . 2010-12-15 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-14 08:03 . 2010-12-14 08:03 -------- d-----w- C:\_OTL
2010-12-04 10:48 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-03 16:30 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-03 16:30 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-03 16:30 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-03 16:30 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-03 16:30 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-03 16:28 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-12-03 16:28 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-12-03 16:28 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-12-03 16:26 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-12-03 16:20 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-03 16:19 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-03 16:19 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-12-03 16:19 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-12-03 16:17 . 2010-01-21 15:59 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-12-03 16:16 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-12-03 16:15 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-12-03 16:15 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-12-03 15:34 . 2009-03-31 12:58 252544 ----a-w- c:\windows\system32\PROUnstl.exe
2010-12-03 15:32 . 2009-08-04 14:49 220152 ----a-w- c:\windows\system32\drivers\e1y6032.sys
2010-12-03 15:32 . 2009-03-24 17:47 61048 ----a-w- c:\windows\system32\NicInstY.dll
2010-12-03 15:28 . 2010-12-03 15:28 -------- d-----w- c:\users\Robert\AppData\Local\Hewlett-Packard
2010-12-02 19:24 . 2010-12-05 16:46 -------- d-----w- c:\program files\Battle Dex
2010-11-30 10:47 . 2010-11-30 10:47 -------- d-----w- c:\programdata\FLEXnet
2010-11-30 10:47 . 2010-11-30 10:47 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-11-30 10:46 . 2010-11-30 10:46 -------- d-----w- c:\program files\Tableau

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-15 00:16 . 2010-08-01 11:27 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-12-15 00:16 . 2010-08-01 11:31 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-12-15 00:16 . 2010-08-01 11:28 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-10-02 12:18 . 2010-10-02 12:18 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-02 12:18 . 2010-10-02 12:18 5109864 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-02 12:18 . 2010-10-02 12:18 4554856 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-02 12:18 . 2010-10-02 12:18 2893928 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-02 12:18 . 2010-10-02 12:18 2506856 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-02 12:18 . 2010-10-02 12:18 236136 ----a-w- c:\windows\system32\nvcod1925.dll
2010-10-02 12:18 . 2010-10-02 12:18 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-10-02 12:18 . 2010-10-02 12:18 14097000 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-02 12:18 . 2010-10-02 12:18 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-02 12:18 . 2010-10-02 12:18 10361672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-02 12:18 . 2010-10-02 12:18 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-02 12:18 . 2008-08-15 20:22 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-10-02 12:18 . 2008-06-24 16:52 9830504 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-02 12:18 . 2008-06-24 16:52 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-10-02 12:18 . 2008-06-24 16:52 1628264 ----a-w- c:\windows\system32\nvapi.dll
2010-10-02 12:13 . 2010-10-02 12:13 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-02 12:13 . 2010-10-02 12:13 13948008 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-02 12:13 . 2010-10-02 12:13 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-02 12:13 . 2010-10-02 12:13 589416 ----a-w- c:\windows\system32\nv3dappshext.dll
2010-10-02 12:13 . 2010-10-02 12:13 1470056 ----a-w- c:\windows\system32\nvsvc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-07-09 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-18 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-07-01 27184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]

c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-17 691696]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-06-12 1164536]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-07-09 19968]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-07-11 256512]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 3795560]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-06-12 477696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-08-04 220152]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
.
Inhoud van de 'Gedeelde Taken' map

2010-12-15 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-02-10 10:09]

2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{8D066E6D-494C-467A-A17F-FD556C386F86}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=all&pf=cmnb
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\yi4m8j84.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: FireGestures: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Cooliris: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Hide GUI Bars: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Google Redesigned: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} - %profile%\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
FF - Ext: YouTube to MP3: [email protected] - %profile%\extensions\[email protected]
FF - Ext: British English Dictionary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: United States English Spellchecker: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
AddRemove-Flux - c:\users\Robert\Local Settings\Apps\F.lux\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 02:34
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(2984)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\vssvc.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
.
**************************************************************************
.
Voltooingstijd: 2010-12-15 02:37:35 - machine werd herstart
ComboFix-quarantined-files.txt 2010-12-15 01:37

Pre-Run: 100.581.351.424 bytes free
Post-Run: 99.994.394.624 bytes free

- - End Of File - - 151E0FB8628E0AA9067FAE5B57150FF5
  • 0

#7
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please, tell me if you have Vista setup CD.

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Restore::
c:\windows\System32\autochk.exe

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    autochk.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

When completed the above, please post back the following in the order asked for:
  • C:\ComboFix.txt log
  • SystemLook.txt log

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP