Jump to content

Hellsing

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=31cacd999ddbfb4e91dcba21b3022f13 # engine=14262 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-04 08:08:08 # local_time=2013-07-04 04:08:08 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776637 100 94 0 124468738 0 0 # scanned=577236 # found=6 # cleaned=6 # scan_time=10629 sh=B307E970BE390CF342BE5E25B7426F67ED68810E ft=1 fh=951160e68c41a243 vn="Win32/Redyms.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe.vir" sh=CCEE7FB989AB8DC8E2A9508372BBB8D557FD1E17 ft=1 fh=a8afc7b59c9bc1b1 vn="a variant of Win32/Kryptik.BESJ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Austin\AppData\Roaming\dbu32.ocx.vir" sh=803514841E2B664B7278A9D9E25C34285673D71B ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.AH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Users\oobplkmclbmcnjebjgjdjfjbaifhdkkd\background.js" sh=A7C485683E43212CEA1BF85DB6ECB13C1A586E72 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.AH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Users\oobplkmclbmcnjebjgjdjfjbaifhdkkd\cs.js" sh=4EC0AE12B48255460722ABF21691B27E95A6E3B4 ft=1 fh=9f9fd917a474bd5d vn="a variant of Win64/Olmarik.AY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Austin\AppData\LocalLow\2FE6.tmp" sh=DA1D4FB184772FDA1ED762CB241A6829A3F643A5 ft=1 fh=9f9fd91781ead878 vn="a variant of Win64/Olmarik.AY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Austin\AppData\LocalLow\2FE7.tmp"
  2. OTL logfile created on: 7/3/2013 3:41:14 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 64.82% Memory free 7.50 Gb Paging File | 6.69 Gb Available in Paging File | 89.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.97 Gb Total Space | 96.83 Gb Free Space | 21.61% Space Free | Partition Type: NTFS Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 1863.01 Gb Total Space | 911.19 Gb Free Space | 48.91% Space Free | Partition Type: NTFS Computer Name: AUSTIN-PC | User Name: Austin | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/03 15:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013/05/07 16:19:12 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/04/10 14:12:28 | 000,014,080 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService) SRV:64bit: - [2009/03/19 22:13:44 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/03/05 20:16:50 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService) SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2009/02/20 13:13:04 | 000,013,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\OSD\Service1.exe -- (CustomSvc) SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013/06/11 23:17:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/08 10:53:27 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2013/06/08 10:53:16 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2013/06/08 03:05:54 | 000,739,400 | ---- | M] (Anvisoft) [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv) SRV - [2013/06/06 18:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/05/24 10:15:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/02/07 17:42:08 | 000,401,232 | ---- | M] (Hauppauge Computer Works, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe -- (HcwDevCentralService) SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/11/29 11:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/10/22 14:25:52 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/09/23 22:51:22 | 000,045,592 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr) SRV - [2010/09/30 10:23:47 | 000,023,680 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2010/06/17 11:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/07/25 19:17:29 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/19 22:13:44 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe -- (STacSV) SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe -- (AESTFilters) SRV - [2009/01/22 14:13:10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2009/01/22 14:13:10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2009/01/22 14:13:08 | 000,388,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2009/01/22 14:13:06 | 003,081,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2009/01/22 14:13:06 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2008/12/12 20:31:44 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/07/03 12:42:58 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2013/06/08 10:53:17 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2013/02/12 14:12:14 | 000,945,136 | ---- | M] (Hauppauge Computer Work, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwE5bda.sys -- (hcwE5bda) DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2012/11/07 03:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws) DRV:64bit: - [2012/11/07 03:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs) DRV:64bit: - [2012/11/07 03:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm) DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/28 21:39:54 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/10 20:12:14 | 002,042,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/03/19 22:13:44 | 000,478,720 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009/02/06 14:33:04 | 000,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/01/22 14:13:10 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:64bit: - [2009/01/22 14:13:10 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009/01/22 14:13:10 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2008/12/27 05:01:00 | 000,310,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OA007Vid.sys -- (OA007Vid) DRV:64bit: - [2008/10/03 18:39:00 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2008/07/29 15:15:28 | 000,146,944 | ---- | M] (ATI Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64.sys -- (ahcix64) DRV:64bit: - [2008/07/25 15:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files\OSD\WinRing0x64.sys -- (WinRing0_1_2_0) DRV:64bit: - [2008/03/03 21:19:04 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2008/01/29 22:46:58 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008/01/29 21:53:52 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2008/01/29 21:53:52 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2008/01/29 21:53:52 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr) DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2007/06/15 11:52:26 | 000,163,736 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx) DRV:64bit: - [2007/04/12 00:18:26 | 000,071,680 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2006/11/02 15:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2006/02/07 19:53:22 | 000,008,704 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\JGOGO.sys -- (JGOGO) DRV - [2013/05/29 23:40:17 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2013/05/22 04:00:00 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130630.003\ex64.sys -- (NAVEX15) DRV - [2013/05/22 04:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130630.003\eng64.sys -- (NAVENG) DRV - [2013/04/15 10:52:50 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/03/05 04:47:50 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/10 17:33:03] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009/01/22 14:13:10 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2009/01/22 14:13:10 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2009/01/22 14:13:10 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http:\\www.alienware.comhttp:\\su [binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/xbox-360 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 A2 5A A1 0B AA CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/?hpt=sitenav" FF - prefs.js..extensions.enabledAddons: %7B01A8CA0A-4C96-465b-A49B-65C46FAD54F9%7D:6.0 FF - prefs.js..extensions.enabledAddons: wdfopjxrea%40wdfopjxrea.org:2.5 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {C0B62AAB-8E55-4B42-8670-E066358BE912}:1.9.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: ffox@bandoo.com:5.1 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/30 17:47:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/20 09:55:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/05/07 10:36:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/03/30 17:44:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013/01/16 21:30:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 10:15:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/03 15:23:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 10:15:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/03 15:23:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 10:15:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/03 15:23:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/30 17:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C0B62AAB-8E55-4B42-8670-E066358BE912}: C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\ [2010/08/04 13:26:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 10:15:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/03 15:23:26 | 000,000,000 | ---D | M] [2009/12/17 00:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Extensions [2013/07/03 15:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\extensions [2010/06/30 21:44:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/13 15:38:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013/04/02 12:37:10 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2013/06/23 13:28:48 | 000,581,999 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\extensions\uriloader@pdf.js.xpi [2013/06/20 00:58:18 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013/05/09 02:12:34 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/08/27 23:31:10 | 000,002,242 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\searchplugins\AOL Search.xml [2013/05/24 10:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/05/24 10:15:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013/05/24 10:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/05/24 10:15:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/05/24 10:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2013/05/24 10:15:42 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2013/05/24 10:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\aol\distribution\extensions [2013/05/24 10:15:41 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\aol\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2013/01/16 21:30:37 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} File not found (No name found) -- C:\USERS\AUSTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3IESVLYX.DEFAULT\EXTENSIONS\WDFOPJXREA@WDFOPJXREA.ORG.XPI [2011/08/27 23:31:10 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2013/07/03 14:14:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) O4:64bit: - HKLM..\Run: [jEdit Server] C:\Program Files\jEdit\jedit.exe (Contributors) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [OSD CC] C:\Program Files\OSD\Launch_CC.exe (Alienware Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ALUAlert] C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe (Symantec Corporation) O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupNowEZtray] C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation) O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [OSD] c:\Program Files\OSD\Launch.exe (HH) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [ (cleanup)] C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [916F94CC-1EBF-4A55-959E-80C80BB7400F] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.) O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk = C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.) O4 - Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk = C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://www.support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6089/mcfscan.cab (McFreeScan Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B2B0FE-4C89-4DF3-82DF-2467B51B10C7}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\AW-CO5.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/09/07 18:14:50 | 000,000,100 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/03 15:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe [2013/07/03 15:23:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/03 15:22:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/07/03 15:21:17 | 000,000,000 | ---D | C] -- C:\JRT [2013/07/03 15:21:09 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Austin\Desktop\JRT.exe [2013/07/03 14:17:46 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/07/03 13:55:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/03 13:55:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/03 13:55:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/03 13:53:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/03 13:52:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/03 13:44:54 | 005,085,735 | R--- | C] (Swearware) -- C:\Users\Austin\Desktop\ComboFix.exe [2013/07/03 12:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/07/03 12:39:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013/07/03 12:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013/07/03 12:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013/07/03 00:40:15 | 000,000,000 | ---D | C] -- C:\FRST [2013/07/02 23:54:54 | 000,000,000 | R--D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2013/06/30 19:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\hvbhp [2013/06/30 18:02:12 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Anvisoft [2013/06/30 18:02:06 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys [2013/06/30 18:02:06 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys [2013/06/30 18:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft [2013/06/30 18:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft [2013/06/30 18:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft [2013/06/30 17:24:12 | 000,991,872 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Austin\Desktop\rkill64-23471.exe [2013/06/30 17:18:48 | 000,991,872 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Austin\Desktop\rkill64.exe [2013/06/30 17:17:03 | 000,000,000 | ---D | C] -- C:\Users\Austin\Desktop\rkill [2013/06/30 17:16:26 | 001,814,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Austin\Desktop\rkill.exe [2013/06/30 12:31:13 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013/06/30 12:31:13 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013/06/30 12:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/06/23 01:35:59 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Fraps3 [2013/06/16 23:25:37 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013/06/16 23:25:37 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013/06/16 23:25:37 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2013/06/16 23:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2013/06/16 23:25:36 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2013/06/16 03:02:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/16 03:02:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/13 03:03:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/06/13 03:03:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/06/13 03:03:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/06/13 03:03:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/06/13 03:03:19 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/06/13 03:03:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/06/13 03:03:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/06/13 03:03:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/06/13 03:03:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/06/13 03:03:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/13 03:03:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/13 03:03:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/13 03:03:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/12 10:04:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/06/12 10:04:24 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/06/12 10:02:55 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013/06/12 10:02:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013/06/12 10:01:34 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/06/12 09:59:53 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/06/12 09:59:53 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/06/12 09:59:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/06/12 09:59:50 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/06/12 09:59:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013/06/12 09:59:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013/06/12 09:58:55 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/06/12 09:58:55 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/06/11 23:16:46 | 009,089,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/06/05 09:47:34 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/06/05 09:47:34 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/06/05 09:47:34 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/06/05 09:47:34 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/06/05 09:47:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/06/05 09:47:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/06/05 09:47:34 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/06/05 09:47:34 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/05 09:47:34 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/06/05 09:47:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/06/05 09:47:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/06/05 09:47:34 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/06/05 09:47:34 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/05 09:47:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/06/05 09:47:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/06/05 09:47:33 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/05 09:47:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/06/05 09:47:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/06/05 09:47:33 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/06/05 09:47:33 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/06/05 09:47:33 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/06/05 09:47:33 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/06/05 09:47:33 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/06/05 09:47:33 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/06/05 09:47:33 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/06/05 09:47:33 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/05 09:47:33 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/05 09:47:33 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/06/05 09:47:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/06/05 09:47:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/06/05 09:47:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/06/05 09:47:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/06/05 09:47:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/06/05 09:47:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/06/05 09:47:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/06/05 09:47:32 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/05 09:47:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/05 09:47:32 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/05 09:47:32 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/06/05 09:47:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/06/05 09:47:32 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/06/05 09:47:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/06/05 09:47:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/06/05 09:47:32 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/06/05 09:47:32 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/05 09:47:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/06/05 09:47:32 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/06/05 09:47:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/06/05 09:47:32 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/06/05 09:47:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/06/05 09:47:32 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/06/05 09:47:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/06/05 09:47:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Austin\Desktop\*.tmp files -> C:\Users\Austin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/03 15:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe [2013/07/03 15:16:56 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Austin\Desktop\JRT.exe [2013/07/03 14:14:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/07/03 13:40:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/03 13:40:36 | 3018,657,792 | -HS- | M] () -- C:\hiberfil.sys [2013/07/03 12:42:58 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013/07/03 12:36:14 | 000,890,988 | ---- | M] () -- C:\Users\Austin\Desktop\SecurityCheck.exe [2013/07/03 12:36:06 | 005,085,735 | R--- | M] (Swearware) -- C:\Users\Austin\Desktop\ComboFix.exe [2013/07/03 12:21:32 | 608,893,815 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/07/03 01:26:17 | 000,797,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/03 01:26:17 | 000,672,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/03 01:26:17 | 000,126,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/02 23:54:31 | 000,001,202 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2013/07/02 11:35:17 | 000,007,594 | ---- | M] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg [2013/07/01 07:43:33 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/01 07:43:33 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/30 18:02:06 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk [2013/06/30 17:24:12 | 000,991,872 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Austin\Desktop\rkill64-23471.exe [2013/06/30 17:23:46 | 000,000,793 | ---- | M] () -- C:\Users\Austin\Desktop\Internet Security Pro.lnk [2013/06/30 17:18:48 | 000,991,872 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Austin\Desktop\rkill64.exe [2013/06/30 17:18:04 | 000,648,201 | ---- | M] () -- C:\Users\Austin\Desktop\AdwCleaner.exe [2013/06/30 17:16:35 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Austin\Desktop\rkill.exe [2013/06/30 12:31:14 | 000,002,258 | ---- | M] () -- C:\Users\Austin\Desktop\SpyHunter.lnk [2013/06/30 12:17:35 | 000,000,040 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\mbam.context.scan [2013/06/29 11:30:59 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Austin.job [2013/06/23 13:33:40 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/16 23:25:37 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013/06/16 23:25:37 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013/06/16 23:25:37 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2013/06/16 23:25:36 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2013/06/16 23:10:19 | 000,000,195 | ---- | M] () -- C:\Users\Austin\Desktop\Hotline Miami.url [2013/06/11 23:17:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/11 23:17:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/06/11 23:16:46 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/06/10 12:30:38 | 000,000,221 | ---- | M] () -- C:\Users\Austin\Desktop\Saints Row The Third.url [2013/06/08 10:53:17 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll [2013/06/08 10:53:16 | 000,100,680 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll [2013/06/08 10:53:16 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll [2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/06 01:53:42 | 000,000,220 | ---- | M] () -- C:\Users\Austin\Desktop\Garry's Mod.url [2013/06/05 09:47:34 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/06/05 09:47:34 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/06/05 09:47:34 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/06/05 09:47:34 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/06/05 09:47:34 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/06/05 09:47:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/06/05 09:47:34 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/06/05 09:47:34 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/05 09:47:34 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/06/05 09:47:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/06/05 09:47:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/06/05 09:47:34 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/06/05 09:47:34 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/05 09:47:34 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/06/05 09:47:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/06/05 09:47:33 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/05 09:47:33 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/05 09:47:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/06/05 09:47:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/06/05 09:47:33 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/06/05 09:47:33 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/06/05 09:47:33 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/06/05 09:47:33 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/06/05 09:47:33 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/06/05 09:47:33 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/06/05 09:47:33 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/06/05 09:47:33 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/05 09:47:33 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/05 09:47:33 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/06/05 09:47:33 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/06/05 09:47:33 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/06/05 09:47:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/06/05 09:47:33 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/06/05 09:47:33 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/06/05 09:47:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/06/05 09:47:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/06/05 09:47:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/06/05 09:47:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/06/05 09:47:32 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/05 09:47:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/05 09:47:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/06/05 09:47:32 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/06/05 09:47:32 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/06/05 09:47:32 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/06/05 09:47:32 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/06/05 09:47:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/06/05 09:47:32 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/05 09:47:32 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/06/05 09:47:32 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/06/05 09:47:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/06/05 09:47:32 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/06/05 09:47:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/06/05 09:47:32 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/06/05 09:47:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/06/05 09:47:32 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Austin\Desktop\*.tmp files -> C:\Users\Austin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/03 14:20:14 | 000,890,988 | ---- | C] () -- C:\Users\Austin\Desktop\SecurityCheck.exe [2013/07/03 13:55:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/03 13:55:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/03 13:55:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/03 13:55:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/03 13:55:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/03 12:42:58 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013/06/30 18:02:06 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys [2013/06/30 18:02:06 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk [2013/06/30 17:18:02 | 000,648,201 | ---- | C] () -- C:\Users\Austin\Desktop\AdwCleaner.exe [2013/06/30 12:31:15 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013/06/30 12:31:14 | 000,002,258 | ---- | C] () -- C:\Users\Austin\Desktop\SpyHunter.lnk [2013/06/30 12:17:35 | 000,000,040 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\mbam.context.scan [2013/06/30 11:51:14 | 000,000,793 | ---- | C] () -- C:\Users\Austin\Desktop\Internet Security Pro.lnk [2013/06/23 13:33:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/06/23 13:33:40 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/16 23:10:18 | 000,000,195 | ---- | C] () -- C:\Users\Austin\Desktop\Hotline Miami.url [2013/06/10 12:30:35 | 000,000,221 | ---- | C] () -- C:\Users\Austin\Desktop\Saints Row The Third.url [2013/06/06 01:53:42 | 000,000,220 | ---- | C] () -- C:\Users\Austin\Desktop\Garry's Mod.url [2013/06/05 09:47:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/06/05 09:47:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/02/06 15:30:51 | 000,004,668 | ---- | C] () -- C:\Windows\HCWPNP.INI [2012/11/08 14:26:27 | 000,000,132 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Adobe Targa Format CS5 Prefs [2012/07/18 16:37:02 | 000,000,094 | ---- | C] () -- C:\Users\Austin\AppData\Local\fusioncache.dat [2012/07/10 12:03:38 | 000,007,594 | ---- | C] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/04/05 12:39:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/12/22 00:37:41 | 000,015,896 | -HS- | C] () -- C:\Users\Austin\AppData\Local\7a24sn6j37j311 [2011/12/22 00:37:41 | 000,015,896 | -HS- | C] () -- C:\ProgramData\7a24sn6j37j311 [2011/12/18 14:14:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/10/22 14:25:54 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/10/22 14:25:52 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/08/11 01:14:46 | 000,000,685 | ---- | C] () -- C:\Users\Austin\Austin - Shortcut.lnk [2011/06/20 07:46:06 | 000,001,456 | ---- | C] () -- C:\Users\Austin\AppData\Local\Adobe Save for Web 12.0 Prefs [2010/11/23 01:56:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/08/03 12:16:29 | 000,000,120 | ---- | C] () -- C:\Users\Austin\AppData\Local\Jtuke.dat [2010/08/03 12:16:29 | 000,000,000 | ---- | C] () -- C:\Users\Austin\AppData\Local\Jdifogi.bin [2009/10/13 19:52:33 | 000,000,267 | ---- | C] () -- C:\Users\Austin\.drjava ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2011/11/13 12:16:17 | 000,000,650 | ---- | M] ()(C:\Users\Austin\AppData\Local\PMB Fik?s) -- C:\Users\Austin\AppData\Local\PMB Fik聥s [2011/11/13 12:16:17 | 000,000,650 | ---- | C] ()(C:\Users\Austin\AppData\Local\PMB Fik?s) -- C:\Users\Austin\AppData\Local\PMB Fik聥s < End of report >
  3. I've got to leave for work so i will post what i have done and will do the rest tonight. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Austin on Wed 07/03/2013 at 15:22:53.81 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\extensions\wdfopjxrea@wdfopjxrea.org.xpi [Tracur] Successfully deleted: [Folder] C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1} Successfully deleted the following from C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\prefs.js user_pref("aim_toolbar.search.searchtype", "web"); user_pref("extensions.crossrider.bic", "13c367a68d7b1403b41dee10dddf90ec"); user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/ Emptied folder: C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\minidumps [127 files] ~~~ Chrome Dumping contents of C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf\background.js C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf\manifest.json Successfully deleted: [Folder] C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/03/2013 at 15:24:57.80 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.303 - Logfile created 07/03/2013 at 15:14:53 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Austin - AUSTIN-PC # Boot Mode : Safe mode # Running from : C:\Users\Austin\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [22703 octets] - [30/06/2013 17:22:09] AdwCleaner[R2].txt - [22764 octets] - [30/06/2013 17:25:03] AdwCleaner[R3].txt - [1268 octets] - [30/06/2013 18:33:05] AdwCleaner[R4].txt - [1000 octets] - [03/07/2013 15:14:53] AdwCleaner[s1].txt - [23306 octets] - [30/06/2013 17:25:27] AdwCleaner[s2].txt - [340 octets] - [30/06/2013 18:33:44] AdwCleaner[s3].txt - [340 octets] - [02/07/2013 00:52:44] AdwCleaner[s4].txt - [1448 octets] - [02/07/2013 10:17:54] ########## EOF - C:\AdwCleaner[R4].txt - [1299 octets] ########## OTL Extras logfile created on: 7/3/2013 3:26:37 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.18% Memory free 7.50 Gb Paging File | 6.76 Gb Available in Paging File | 90.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.97 Gb Total Space | 96.83 Gb Free Space | 21.61% Space Free | Partition Type: NTFS Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 1863.01 Gb Total Space | 911.19 Gb Free Space | 48.91% Space Free | Partition Type: NTFS Computer Name: AUSTIN-PC | User Name: Austin | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2975216493-871587154-3665915270-1003\SOFTWARE\Classes\<extension>] .cmd [@ = cmdfile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .pif [@ = piffile] -- Reg Error: Key error. File not found .txt [@ = txtfile] -- Reg Error: Key error. File not found .vbs [@ = VBSFile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03FD6151-720E-48B1-8653-EC6439D09865}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{17F00CCA-D824-4F64-B6E9-692D1B524394}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{3422AFB4-6A44-492C-B454-F8DA6DA701DF}" = lport=445 | protocol=6 | dir=in | app=system | "{39329055-C6F1-4A72-933A-8AFBFA4BD563}" = lport=139 | protocol=6 | dir=in | app=system | "{4A44BE1F-28D4-468E-8977-80D610921840}" = rport=138 | protocol=17 | dir=out | app=system | "{5570E5A3-264A-4B56-9A05-11832B4A5A96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5ADC1B27-EC92-4A37-A185-8425FD5020A7}" = rport=10243 | protocol=6 | dir=out | app=system | "{5C4FCAF6-3329-493D-B07C-EC9D93C56412}" = lport=138 | protocol=17 | dir=in | app=system | "{5C607A8D-951B-4FD9-AB6D-13B84C5FE4AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6026AAD7-D9E9-4F7C-8E27-C2827CC0A9BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{607CCD35-EF71-4713-A162-902403C9FE79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67DF1E49-9EAF-47E1-BFE2-D24BD2C3F801}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6930BCF6-92E2-4C72-8981-632B3DBA8C54}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{8197A6DB-C9A4-4D85-8361-41788AC5A3A0}" = rport=137 | protocol=17 | dir=out | app=system | "{915FC868-0F5A-4BF5-A2A8-CDBC31B4A04C}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 | "{92AF7DE5-81CA-4176-8E65-01082E05B002}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95255B4C-35D0-4078-83FB-D119C88D0071}" = lport=137 | protocol=17 | dir=in | app=system | "{A664DDE1-E0D7-40F2-AAEC-FE0281F55BAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B5755706-36C7-4A1A-B7BB-E1F07F158336}" = rport=139 | protocol=6 | dir=out | app=system | "{B73C632A-8A8A-4A19-97E7-002A123AF8DD}" = lport=10243 | protocol=6 | dir=in | app=system | "{BF953460-80B1-4C12-B3FC-BE4BF962765B}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{BFE8A581-C19E-43D9-BE89-C9DECA3E3A5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D22D6297-CB8D-457D-AEFB-0D20A26C963C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D46A21BA-4470-44C2-9933-5CDAC0C8C2D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{D55154D4-D4E6-4205-80AA-59A10780819A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{DCF8F04E-178B-45C3-8416-9951D1010992}" = rport=445 | protocol=6 | dir=out | app=system | "{E1211257-2304-4CB5-9A26-8786A12F4897}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{E87D054E-D415-4529-81F4-AE34176CFCA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F1D22AD1-477E-4E9C-9436-5EA2E29E16DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F45EF06A-7C14-4A81-8D54-D3F5DF6F2B9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE695B7B-FA94-412A-89E2-E70DD56C6809}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00968847-1B7A-47B0-B076-518C533B223E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{01AF58B6-076B-4C3E-A920-D617F65FC71A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{0396A993-2FAC-4E02-A9E6-E52F0DA57096}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{0453785A-C84C-4E06-BC11-601E99538312}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{045E196D-8875-475E-A359-A85E931473BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{04D4B01D-004F-4312-89B6-00D66A1EBA9D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{058B4200-137B-4CEC-A38D-3A42AD2DBA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | "{060EAC78-3F47-4096-93D5-2DE66FCCF5AD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{0621383C-81D5-4541-A08D-8CD2FA31FF10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{07251191-D00C-4604-95E6-A3AF35819187}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe | "{07353631-4D5B-4FB9-A54A-5E4A65131829}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe | "{0814A83F-F347-4F0E-BC5E-52840B80CDE0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0851D790-A380-4848-A184-F880262CA738}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{0971DFB4-8DA9-4294-9296-0B75D2A1D43D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{0C8C8FD1-959F-42C2-ACF9-57378F132593}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0E89D171-9192-4B21-982A-67CD267EC860}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{103EB53B-B009-4F88-9424-3A26B73230D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{11D7B27B-23B2-4D3A-868F-EBB4F8D37FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{1235F50A-824B-4FF1-ADB3-3AC22914E12B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{129CE38F-E0E4-4600-9F9F-899DE58D67B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | "{142CDDAB-281F-4F14-93E0-EF07AEAC8359}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe | "{15FB015B-0878-4EFF-BEB9-284DE7536264}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{17513AFC-026E-412B-B811-B0E228E030CB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{1762F4A6-80AF-427A-88AE-70BD6D3ECEAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe | "{18662066-8941-4CAA-85A6-31EE64990081}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{1A1A64C7-7FA4-4E33-80F5-0C2B0AE4F36D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | "{1A904ED9-8E5B-490F-A8B8-5A4BF61FFAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{1DB49775-BFDC-4906-84EA-CFC35FFB5F52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | "{1E15D57E-B743-465E-A952-B5E4F8734CDE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{1EF22A77-6FFF-49A9-B0F1-126608948AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "{20A10DDE-14F6-420A-AD0F-466A35368576}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{22191B72-AD75-4002-8BFD-F2C814C96EBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | "{2286F86D-DC6D-4B0B-92FE-B6A47AD8B7EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe | "{23471422-BC00-40E5-A704-D3E044AD56F6}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{24DA75ED-03F0-4978-BADE-207ED1CEDC8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{28F3B765-6D55-4C8A-B16B-78EFEED818F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{29FA10A3-2D01-4116-B156-E338BE7CEC16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{2B45B68B-7AA0-4938-A4F7-D08A4436D640}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe | "{2B8F1582-544A-4462-9D48-28537505B629}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\zombie panic! source\hl2.exe | "{2CD1DE59-216F-44A5-9F16-88949FD762EE}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe | "{2D9AFEEC-99AE-4E06-95C5-606FC81EA341}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2E7A426B-7ABA-493F-91E8-1DF27D1DD711}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{2E98A220-5002-4477-B509-7FFBC737E2BC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{2F0B9899-B36E-49CA-8AE9-01EB0FB7BE6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | "{2F830DE5-F38A-4477-B005-0AA29303D5E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | "{2FEE4D13-E9B3-474A-A8E1-8345CC42CC08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe | "{300E18CB-1531-4338-8EF6-931FC14BE72A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | "{334F7ECE-8533-4501-BA42-F95C1DAA9E50}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{3556EB61-EBDF-446F-8E3F-B78B034830B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | "{374490DC-2211-4EE0-AAD9-27775769C586}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{38C8076D-4387-4F3D-985B-57AB12E5B628}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{3A3FCF18-8D26-4A37-B17A-619166CCDB95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{3CFF34C9-B631-48C5-81B9-A43E80048689}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{3DA9F498-5DD1-4F34-B40C-9C6A1C6241AA}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "{3DB00AF9-7868-4773-B7A2-89D9C7AFAE5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{3DB041EA-5F73-4790-8777-65B5834D5DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe | "{3F14C0B2-F7E8-4491-BCC6-11384F90E3B7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{3F71CD11-06CD-4469-992B-73F2689662E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe | "{3FD46C20-5195-4FFE-BCFC-6C358607172D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe | "{3FE1BA70-54FB-4ABB-864C-7515C0622E4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3FFAAB65-CBD8-49C5-8DAE-6AF0B6530A2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{420B5F09-B628-442E-9323-715C133F100E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{429D48F9-7473-4311-86E0-722B3867797A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{42C672B0-CAEB-42E1-8393-75E7FBD2A0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{43387F27-D2C3-415D-8827-DEB0D711C346}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe | "{43BDC9DA-043C-4DB3-AAC2-63BB986611E8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{44AB057C-B215-4C37-9ACD-E600E02ABC80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{46ACB9F7-34B5-44E1-87B5-C5B06BAECB4A}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{478B64D4-D577-4211-AFD5-9C74F43125B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe | "{48318C97-277B-426F-9BAF-CE3461658660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{48C25AAE-19C2-491E-9FDC-D05233AD5D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | "{4A1B51D0-E206-48A1-B622-4E3D1F318048}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{4AA0E8BE-E83D-475A-B473-1D88DD029C91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4AD4B1BF-B58E-46EF-80A5-D11B964AE6C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4C32343C-96B2-44D7-8AAA-958DFBE350C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{4D509693-42B9-4A16-88CA-DCF1DA24DD84}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{4EDBE0D1-C6E5-4E98-B66E-7672B2C06579}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{4FC483E0-FAE6-4DD9-AE18-851901EAFC48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "{4FC96618-795C-482C-82CF-6734AC53302F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | "{4FFFD9E1-5334-40C9-B491-474029D82191}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{501120BA-18F2-435B-A0F2-300CF9840B14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{50511F8A-697D-4618-90D6-F0ABAE838101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{515BF168-EB7E-4C06-9F43-B5481A5280F6}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | "{5293DA3F-B17E-430F-9C76-B45A5A91C981}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{531ECD3F-2E11-4375-AC84-72DBF0A458F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{53407BD3-194A-41EF-B313-B955606013D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{54F607A9-7902-4A66-BE81-514BAB40295B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{552BB5EA-EC31-4311-B257-90050321EAA9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{582E6C47-79A7-457A-9B73-3BE52BE0CC5A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{58D25627-DFBB-4771-92CD-03FCC6357741}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | "{5C8DE266-BAB5-4D52-972F-093D321EEAB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{5D52B2A7-51D3-4FC2-B48D-BF5D01AB1321}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{5EB0FA35-37B5-41B0-811C-E82DD9078C80}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | "{5FAF1253-21DD-43F1-84B2-47A5276D324B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | "{5FD173C8-815E-4397-9ED5-F6136CAA53A5}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | "{600F2516-0DEB-42A1-BF55-60863A7B8BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{618928B8-1FF2-47E0-A981-9C1BCB79E2C9}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | "{61BDE505-5397-4E6D-9F13-E5385E1B7896}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe | "{61D1B2AF-7F6B-4267-944C-4CF933E157C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | "{63719DFA-61A9-40A4-A316-230302DD15FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{670FD7C5-8BB4-40AF-9575-34249194426E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{68DF308C-7B61-446A-8EBC-6A4763630414}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe | "{69C99B15-5BBE-4604-9827-E2705CEAD918}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | "{69F52415-6E48-4561-B9BD-67F664DDCBDF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6AB1E573-A6EF-4FBE-BEE7-BAE0109A3A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe | "{6DF7C88B-0076-4F6A-B72C-DB2E0CCB9015}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{6E33188A-260E-48DE-B1DD-09DF516321DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe | "{6F2A1B08-9382-4E78-9BFA-6B3FD7D24B46}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{6F5D260B-2A86-4767-80C7-FD6AD3E1D578}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "{6FDDF6AD-4987-41A9-91D1-32ECADFA7E51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{74A5E302-E03D-47E2-BEBF-2E5062685E54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{757EC728-A4CE-43C1-A247-F3B2C9334B00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | "{76F4F1A2-172A-4F97-B50B-99E38030A837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{774CCDBF-85E3-4E20-A52E-1946E107BA05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe | "{77C1FE65-1B84-41DE-B87A-30A2E5918653}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe | "{78006569-3418-4EAC-ABFD-17F02A59A31E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{786CB0A3-9FEB-4D3A-ABE6-6AD835A4B8D0}" = protocol=17 | dir=in | app=c:\gpotato\rappelz\launcher.exe | "{795C3B0A-B325-411A-8D6D-2D3BBD486A04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | "{7A247DB6-F8F5-4D17-820D-81286BB13589}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{7A47C4F2-37A6-412E-B1DC-0EE50909FABF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\zombie panic! source\hl2.exe | "{7D58D211-B4AD-436B-BCAA-5F0DE07EC567}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{7F1A1459-FAFB-45EF-9B94-7DB31B8675B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{806172A8-AF6C-4EEA-BC95-28954E087319}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | "{8095DE65-854D-47D2-BB75-77C8CEF12D19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe | "{80D2413A-E03E-4D16-85D3-1CDF963B7835}" = protocol=6 | dir=out | app=system | "{8158BA83-B193-4F6D-9A1A-49A3248DB9BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{82185158-1B5D-4C9F-95AA-C17546775F36}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | "{826DD2E1-8283-4455-B9F0-58C7456F0B88}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{85586046-9295-4530-AAD1-EE85F6F96D50}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{85D22268-44DC-45A2-912B-66FBAF79E195}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{85EA82CF-1D4A-4880-9515-498A74C9CC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{86AE9F47-C16E-4DCD-9792-95FF527B78DD}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | "{87E7E523-FFBA-45BA-ABC1-5C135815AA88}" = dir=in | app=c:\users\austin\appdata\local\microsoft\skydrive\skydrive.exe | "{886960AC-B810-43CF-BF6B-25BC819B916C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{8B1D18B5-B30F-4DC3-8EB2-54270BD93795}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\eternal-silence\hl2.exe | "{8C38ECEA-9C33-4682-B1DA-B9DA1A73B29E}" = protocol=58 | dir=in | app=system | "{8D02BD89-37BD-455A-9C76-7B218E4F395C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{8F16470E-79DA-4813-8F3D-5E65A7D76933}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{8FAC3CFA-47BE-494A-BD67-B2D9B824FA13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{917E035B-E40C-4078-B3C7-00D1558E237E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{91899F3E-1C89-4936-B7E6-86734CA4A8D0}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | "{928C2219-1604-4F6F-B364-1631AD2C6074}" = protocol=6 | dir=in | app=c:\gpotato\rappelz\launcher.exe | "{945671CA-77F4-432E-8937-490C29EE7DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe | "{95C59588-0A3B-458A-9A60-937290A0C3CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{98720BBD-2542-4A8F-82E7-C13FF54DA5A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{9B338E21-3E6D-4FFD-9D96-67F34D91F53F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | "{9C5B8898-5CAC-41B0-B1E8-FCEEDFD26355}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{9D0E5694-E55E-4D6C-8688-7BF84B2BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe | "{9F7025F6-985A-4756-9483-57F58F528853}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9FE99FF7-4027-4B70-A8CB-99E346BAEB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{A0B52B96-8479-42A4-8BF3-DCF66656A074}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{A0EC131F-8243-436B-8EC1-03F2F15FCDC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe | "{A12C5580-DCAB-48BA-9F86-7FA8848FC2C0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{A1B35937-3FB5-433B-905F-73C6E53BFD20}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{A31AA887-8630-4352-B581-43284A74BE07}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A33BF414-2359-441B-97AC-D347C8DD51DD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A5076D16-0526-4155-B45A-9D8261EC77E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{A5BF996B-66F0-4122-B9DD-7C60B649C03E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe | "{A7626EA6-5B99-49B1-A648-811FD6B3DC96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe | "{A7F023FC-A4D2-4DB7-808A-F8D32A638E61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{A97671CB-284E-4B20-B935-5C828C4ABE87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{A9B18348-E8E6-4063-9122-C5085A6A32E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AA34E37A-85F8-499B-B8EB-17BA24CAEB27}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{AA99EB54-8BE6-40CD-9C7A-D79E47F324F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red demo\nationred.exe | "{AB0721C9-525F-4E1B-96AA-5F1B71916CCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | "{ABC65834-15C7-42F4-9956-88DAFB2E21F3}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | "{AF821224-DE32-4E8C-BFFD-C89DED210DE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{AFED2E52-32B8-4176-AD59-D584D94932C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | "{B0C03719-1DC3-4DA0-8FF3-A97B8D9FF704}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B248A74F-34BD-4036-B930-456855AE90AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe | "{B25D7E75-D709-4706-80C9-C019CF05B6D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{B4CE3C3A-65D9-4544-95A5-5775F913149B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{B58BCA16-3E0A-4ED3-9483-36475D9C7F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe | "{B5DC3577-33B0-41D1-8B7C-A38ADF4D0D0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B8037421-5A21-4DD1-BDA8-B57C9CCDC363}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B89D7BD8-7BE1-40CF-B8CB-DBDF10D06201}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{B8AA9E97-A125-46C9-A768-F411BCA9F5C3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{BDC8EF23-2206-49F3-A27C-DA46DFD6B0C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{BEA3A2A4-CBAF-4678-B0CF-DB75443A1287}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{BF324FBE-EFA2-48C5-9580-C1F2AE68D177}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{C0391F63-EA1E-4D75-846D-359477677B71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{C1DCFF4A-4610-463F-A05D-C84DC4398BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | "{C4DA0031-CC29-4798-894D-9B8D131B5D26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{C52A14A1-1302-4A64-B8D6-62C0EEFBFBCE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C5E607E3-A859-4035-9688-1A8D0FB7625D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{C861FE3F-FEB0-441C-9BA8-70E8EBE8243D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C961B871-B459-43FB-9FF5-5A3D1D2536AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{CA77994F-2C92-48C4-8811-01159D504223}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv beta version\ffxivboot.exe | "{CAC20328-A54A-4E8B-8BFD-99CD515EE805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{CD701828-B59C-4761-A3E2-15AECB359638}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "{CDA9A806-06EC-4544-99C6-132F79F07EA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CF1A6560-79FD-4B83-AFC3-493F6ABAF732}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "{D03CECC2-D320-4CC7-B5B4-4717D3CEF89C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{D0885D3C-8834-4B1D-9D3D-BC2E5B15D3C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D0CE759B-277A-4753-BCE9-F7537A8C667A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe | "{D1F69485-CB92-423B-9565-A10FE689EF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{D31B06DC-F174-4C72-A26C-0221728C1D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red demo\nationred.exe | "{D336D1C9-E1C7-4B8F-AB18-8645574195BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\eternal-silence\hl2.exe | "{D4E58B4C-2F4A-4D42-A53A-281D4D09E249}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe | "{D51D793E-9684-4282-8820-C360183369AF}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | "{D58F4388-0376-4137-ABC2-00A81E9051E7}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | "{D8CC53D5-B020-4847-A5A9-2E4C6970D956}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DB5C7DEC-09B4-4944-956B-3A8A0E290DB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{DC8D07B0-CCFB-4F62-81A1-21381BAA3CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | "{DD6F7E45-CD87-4E46-8D5D-FD266FF43550}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{DDA64F0F-B37A-493D-B2F9-AA24F1088A10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe | "{DDAA3DC9-8E85-4BD6-B82A-410C97189C9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe | "{DF1B4623-901B-4534-9610-C10EBF9DDAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe | "{E30E549E-14BF-4C58-BB96-2EA5A58BB096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | "{E4842386-82D4-4BDE-8D8A-1739B24EB829}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{E4B1D8B1-1B8A-4AC0-B8AD-534F55F66527}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E4F7C2D9-5757-4EDF-884E-84F06268A77E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{E6100732-3267-4FC6-8B74-893D8E7CF3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | "{E695421A-7882-4AFF-93E0-1BBC0ACC71D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{E721A4D1-93DC-48DA-9B15-BEEE7EE1A393}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{EC0D815B-6412-4AF7-A8A0-1A69F99474D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EEA0455D-B33F-401C-9B7B-8440344ADC70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{EEC3C6CE-1C67-448D-B29F-3B9EE85768D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe | "{EED44FFF-24C4-49F8-814B-9C87B5F87879}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv beta version\ffxivboot.exe | "{EFD513EF-FA0B-443C-B872-445A08BF1913}" = protocol=17 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe | "{F07DEF57-D6EA-4E2F-B348-E86CD7FEFA3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{F189CA07-43C6-40B6-BDD2-FFFE9AAC252A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F43592F6-928B-4890-A7ED-EF7BE61217B9}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F6548E3A-338D-486F-9C08-14BC7CE4992E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{F76194A8-ECCD-4689-8A37-4938BCA60EA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{F79F1C3D-A67B-498D-943E-12772EC64807}" = dir=in | app=d:\setup\hpznui40.exe | "{F9E8E479-B13E-467D-BDEA-6D524F5AB518}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | "{FA5E7CC4-8922-4CF0-BF88-B2A86E48576C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FA74AA0F-0780-4E28-8E66-81A7BB9AD660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | "{FA9525CB-1C35-48A9-8DEB-825198441A74}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FEAC0C6D-B264-4DF8-9151-4C38C542E2FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe | "{FEC8E989-90DD-4638-9E76-68FDAB9A3094}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{039DC8D6-EAE6-44C4-81E1-55633D099563}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{0E9F768C-491C-4DC4-9993-175E4DFB53CD}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "TCP Query User{0FF4CE6B-5C0D-4FDC-9909-CFD140775FC6}C:\users\austin\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\austin\downloads\championsonlinef2p.exe | "TCP Query User{1583F3A4-FD9B-48A5-A658-D4B8413C403B}C:\users\austin\downloads\drjava-stable-20040326.exe" = protocol=6 | dir=in | app=c:\users\austin\downloads\drjava-stable-20040326.exe | "TCP Query User{1D2B7EDF-68D6-4428-8CF4-14C95951BD60}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{21B1A929-1AE8-4A2C-BFDD-24B24F661D64}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "TCP Query User{2ABDA84E-F64A-4728-8EDA-C606F0E9ABEB}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe | "TCP Query User{377BE962-5964-4446-9BB8-3BDDAFCE6F4C}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe | "TCP Query User{38C38BE6-A486-40AE-A88D-AFFE4AB45AA8}C:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe | "TCP Query User{38FD10DF-7AAE-43C8-A683-7B746A0467E7}C:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe | "TCP Query User{3DE22CE6-71D4-465B-B134-823453C3A9AF}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "TCP Query User{420A2BA5-D760-41E4-BDE4-501081D21233}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{43910CC6-936B-41E3-976E-8CD784D6651D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{49D2D984-C950-42EE-B802-901944842800}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{49FC721C-2450-434C-8D57-3E731EF1D3FE}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe | "TCP Query User{4F208C18-B096-480F-93FB-2FAAF9322AAE}C:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe | "TCP Query User{5C2B0A3E-25B4-47D5-81CE-15F47D01D2F5}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe | "TCP Query User{6CE3B008-1793-49ED-801B-E323F2B68752}C:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe | "TCP Query User{719316F8-1271-4277-B3E1-61DCED25F985}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | "TCP Query User{8685BD4F-A2C6-421E-8009-7FE43ED153D3}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe | "TCP Query User{878484D7-DB7E-4491-AA06-4D3843CB6917}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{8A90F198-07B7-4A3B-821E-164EC372A306}C:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe | "TCP Query User{92B1A3A0-7277-4447-AF65-003757B1DF32}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{94B88380-E1FD-4DC1-B62E-16DF196DD9E6}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe | "TCP Query User{966EA829-68B8-46FA-82D9-C0C86C292F95}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{9DFC726A-7B38-4D3A-8F76-3B0DEE1DA90E}C:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe | "TCP Query User{9F3690E9-23E4-465C-AB3A-D0B81CCD0B48}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe | "TCP Query User{BC1B1150-1C0F-4FFF-B6B1-AF61923323B6}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe | "TCP Query User{C0B81D66-0CDC-4D47-B8C3-24264760D3D5}C:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe | "TCP Query User{C4B35EA2-EA4E-4062-8F3C-EE719E8DEBA9}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe | "TCP Query User{D1DBFC01-F27D-4DF9-91D4-FF9B2BF2A0F6}C:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe | "TCP Query User{D9048816-C6F6-48B3-B622-342BAD991BEF}C:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe | "TCP Query User{DB1CB208-7F0C-422A-B30D-31EF68B9A5C7}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "TCP Query User{E1372322-5A55-4104-A11B-07B719858187}C:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe | "TCP Query User{E25D0AD6-1833-43DE-9485-12DCE902FFE4}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "TCP Query User{ECB2A876-9641-4772-9560-E7043570890C}C:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe | "TCP Query User{F1C7A3C5-5E03-40CF-81CE-E0D53614AF85}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "TCP Query User{F6C6202A-028B-4104-9839-899D27E57E56}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe | "TCP Query User{F9871369-BACD-439D-B648-9776EAD1EFC6}C:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe | "UDP Query User{023C0698-405D-4E8A-9D87-70D288B10F22}C:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe | "UDP Query User{05C3C86A-51D8-46B3-BC17-967B855EEDC7}C:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe | "UDP Query User{0DBD9B46-5BB8-499E-A76F-91A9B529BBE1}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{10410D63-65FF-42B9-A63E-9EDF35CEA564}C:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe | "UDP Query User{286FFBFF-27B2-4923-83E0-77484804BEEC}C:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe | "UDP Query User{2A686B04-BE53-4345-A494-E7B784F45ED9}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{2D187F19-236E-4E91-9557-18670D581248}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe | "UDP Query User{2DBFD858-5DEA-464A-9982-B8492CCB5A17}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{353472CB-6141-4118-BC9C-73DF8D371CE4}C:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe | "UDP Query User{43349F91-D7E7-48B8-BD10-6A8CFF3600A7}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{46E35F69-70E1-4F8A-AE5F-D4E1BCE98B2E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{47A089B5-C6D1-4B97-A904-E7E4723A65C1}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "UDP Query User{4E484F41-0308-4444-B92A-F787B2D77572}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe | "UDP Query User{59B1C217-9BC8-4CBB-979C-D9632FD2703B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | "UDP Query User{5FA1BDD0-4DDE-4105-B4DE-9FF7B4369DFC}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe | "UDP Query User{6C9370CC-A5F7-494E-A9E7-521BB49520EA}C:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe | "UDP Query User{799B4879-A844-4A05-BADA-71200BA4F1D7}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{7E480AD3-1B94-4428-A159-72C48B2F8353}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{895063FD-1716-4D75-89FA-F13A71A0C765}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe | "UDP Query User{9421E55C-7CFE-4731-B39E-131AF3583756}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "UDP Query User{9D45249D-30FD-438C-BEF5-AD5382B9EF55}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe | "UDP Query User{9D708A7A-DA07-4FF3-9F04-49DE0626D4B0}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe | "UDP Query User{A42ADAD5-9074-4E22-B331-D2EBB3D8D55E}C:\users\austin\downloads\drjava-stable-20040326.exe" = protocol=17 | dir=in | app=c:\users\austin\downloads\drjava-stable-20040326.exe | "UDP Query User{A76960A1-B307-4CCB-9BCB-DC6B2371AF79}C:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe | "UDP Query User{B27B25CE-B78B-4392-9C5D-96E07B6A2889}C:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe | "UDP Query User{B483F1D5-58D7-4730-B25D-0CC490AB57F3}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe | "UDP Query User{C132ED16-5C3E-47A3-A4B8-783CBA7BF620}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{C714D3C1-FCCC-46A9-9CF5-7C9F824DABD9}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "UDP Query User{CDE751F8-D0CD-46EB-BBDF-EBD244D374A0}C:\users\austin\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\austin\downloads\championsonlinef2p.exe | "UDP Query User{D405BD94-FE3A-4D60-8CE7-A066D656BE67}C:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe | "UDP Query User{D44D866E-0F93-46E5-ABAA-BDBBA553518C}C:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe | "UDP Query User{D5AF9C07-D304-4537-9241-F95A9BF8AEE6}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | "UDP Query User{DD1E039D-E117-44A3-8AD7-678C5BC8EAC6}C:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe | "UDP Query User{DD6185E1-BA53-4F2F-8EBF-9D385C4ADEDE}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe | "UDP Query User{E12ABAB7-1313-48BC-9AFE-C8CBB0FC1FED}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "UDP Query User{EDA422F4-C5D7-4BA3-89A3-2133BEA3F6A9}C:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe | "UDP Query User{EF691517-B49F-4B90-AC37-5CAF8C559E06}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe | "UDP Query User{F0BECE94-C901-4C88-862E-FD36AF1B3AE1}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe | "UDP Query User{F1F2DA1E-6DAD-4E3D-8065-D205FBF8B771}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402 "{12F5D482-1F43-4708-BCC5-031F10A08949}" = Symantec Endpoint Protection "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit) "{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer "{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BCD55450-77AC-4347-B24F-654B1189F8D4}" = SpyHunter "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}" = HP Officejet 6500 E710n-z Product Improvement Study "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{E110DEF3-6022-436C-8290-A681CEDFF01C}" = Command Center "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "Blender" = Blender "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter "Creative OA007" = Integrated Webcam Driver (1.01.01.1227) "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "HPOCR" = OCR Software by I.R.I.S. 11.0 "jEdit_is1" = jEdit 4.5.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1 "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1 "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java 7 Update 3 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java SE Development Kit 6 Update 16 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR "{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01 "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta "{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{e460c2b8-962b-4780-bd63-6bbfcc28827d}" = Nero 9 Essentials "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004 "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App "{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi "{FBA1239D-189F-4855-88B6-4DBE606D30A5}" = Fiesta "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "4Story" = 4Story (4STORY) "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "AIM Toolbar" = AOL Messaging Toolbar "AIM_7" = AIM 7 "AlienRespawn20_AD" = AlienRespawn v2.0 "Anvi Smart Defender" = Anvi Smart Defender 1.9 "APB Reloaded" = APB Reloaded "Atlantica" = Atlantica "Audacity_is1" = Audacity 1.2.6 "AVerMedia MCE Encoder x64" = AVerMedia MCE Encoder x64 3.0.1.0 "AVS Image Converter_is1" = AVS Image Converter 2.2.2.218 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cisco Connect" = Cisco Connect "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "DFO" = DFOLauncher "Diablo III" = Diablo III "Diablo III Beta" = Diablo III Beta "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DragonNest" = DragonNest "Dynasty Warriors Online" = Dynasty Warriors Online "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVE" = EVE Online (remove only) "Fraps" = Fraps (remove only) "GamersFirst LIVE!" = GamersFirst LIVE! "GameSpy Arcade" = GameSpy Arcade "GameStop App" = GameStop App "Google Chrome" = Google Chrome "Guild Wars" = Guild Wars "Guild Wars 2" = Guild Wars 2 "Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool "Hauppauge Device Central" = Hauppauge Device Central "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "InstallShield_{E110DEF3-6022-436C-8290-A681CEDFF01C}" = Command Center "KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.5 (Standard) "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NSS" = Norton Security Scan "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "pcsx2-r3113" = PCSX2 - Playstation 2 Emulator "PunkBusterSvc" = PunkBuster Services "Steam App 105600" = Terraria "Steam App 113200" = The Binding of Isaac "Steam App 12210" = Grand Theft Auto IV "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City "Steam App 1250" = Killing Floor "Steam App 17550" = Eternal Silence "Steam App 200710" = Torchlight II "Steam App 212220" = Dungeon Fighter Online "Steam App 212680" = FTL: Faster Than Light "Steam App 215" = Source SDK Base "Steam App 219150" = Hotline Miami "Steam App 220" = Half-Life 2 "Steam App 221260" = Little Inferno "Steam App 22380" = Fallout: New Vegas "Steam App 22480" = GECK - New Vegas Edition "Steam App 240" = Counter-Strike: Source "Steam App 27940" = Dead Horde "Steam App 300" = Day of Defeat: Source "Steam App 320" = Half-Life 2: Deathmatch "Steam App 340" = Half-Life 2: Lost Coast "Steam App 35420" = Killing Floor Mod: Defence Alliance 2 "Steam App 36620" = Forsaken World "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 4000" = Garry's Mod "Steam App 4010" = Garry's Mod 13 Beta "Steam App 420" = Half-Life 2: Episode Two "Steam App 42910" = Magicka "Steam App 440" = Team Fortress 2 "Steam App 550" = Left 4 Dead 2 "Steam App 55230" = Saints Row: The Third "Steam App 6850" = Hitman 2: Silent Assassin "Steam App 6860" = Hitman: Blood Money "Steam App 6900" = Hitman: Codename 47 "Steam App 8190" = Just Cause 2 "Steam App 8980" = Borderlands "Steam App 91600" = Sanctum "Steam App 99900" = Spiral Knights "SystemRequirementsLab" = System Requirements Lab "The Secret World_is1" = The Secret World "Uniblue RegistryBooster" = Uniblue RegistryBooster "uTorrent" = µTorrent "uTorrent Acceleration Tool" = uTorrent Acceleration Tool "VLC media player" = VLC media player 2.0.5 "Warhammer 40,000 Boltgun1.0" = Warhammer 40,000 Boltgun "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2975216493-871587154-3665915270-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "AOL Messaging Toolbar" = AOL Messaging Toolbar "SkyDriveSetup.exe" = Microsoft SkyDrive < End of report >
  4. combofix attached because it was too long ComboFix.txt
  5. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: FAT32 Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.800000 GHz Memory total: 4024877056, free: 3371134976 DNS error DNS error Initializing... ------------ Kernel report ------------ 07/03/2013 12:43:26 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\41268209.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\nvstor64.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\jgogo.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\nvsmu.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\rimmpx64.sys \SystemRoot\system32\DRIVERS\rimspx64.sys \SystemRoot\system32\DRIVERS\rixdpx64.sys \SystemRoot\SysWOW64\drivers\Afc.sys \??\C:\Windows\system32\drivers\UBHelper.sys \SystemRoot\system32\drivers\cdrom.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\itecir.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\system32\drivers\dadder.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor64.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\comdlg32.dll \Windows\System32\imm32.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\shell32.dll \Windows\System32\ws2_32.dll \Windows\System32\normaliz.dll \Windows\System32\shlwapi.dll \Windows\System32\msctf.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\psapi.dll \Windows\System32\advapi32.dll \Windows\System32\lpk.dll \Windows\System32\ole32.dll \Windows\System32\urlmon.dll \Windows\System32\oleaut32.dll \Windows\System32\clbcatq.dll \Windows\System32\wininet.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\setupapi.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa800585b060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xfffffa800585a060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8005152790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xfffffa800511b990 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004772760 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa8004688060 Lower Device Driver Name: \Driver\nvstor64\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80047721b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003c6ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004688060, DeviceName: \Device\00000071\, DriverName: \Driver\nvstor64\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B64D5C06 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 939456512 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 939458560 Numsec = 37308416 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80051475c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800511b990, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: B323F410 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398931968 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa800585b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005864640, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800585b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800585a060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: C3072E18 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 8064 Numsec = 7826880 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4011491328 bytes Sector size: 512 bytes Done! --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: FAT32 Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.800000 GHz Memory total: 4024877056, free: 3399745536 Initializing... ------------ Kernel report ------------ 07/03/2013 13:06:09 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\41268209.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\nvstor64.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\jgogo.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\nvsmu.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\rimmpx64.sys \SystemRoot\system32\DRIVERS\rimspx64.sys \SystemRoot\system32\DRIVERS\rixdpx64.sys \SystemRoot\SysWOW64\drivers\Afc.sys \??\C:\Windows\system32\drivers\UBHelper.sys \SystemRoot\system32\drivers\cdrom.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\itecir.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\system32\drivers\dadder.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor64.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\comdlg32.dll \Windows\System32\imm32.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\shell32.dll \Windows\System32\ws2_32.dll \Windows\System32\normaliz.dll \Windows\System32\shlwapi.dll \Windows\System32\msctf.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\psapi.dll \Windows\System32\advapi32.dll \Windows\System32\lpk.dll \Windows\System32\ole32.dll \Windows\System32\urlmon.dll \Windows\System32\oleaut32.dll \Windows\System32\clbcatq.dll \Windows\System32\wininet.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\setupapi.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk2\DR12 Upper Device Object: 0xfffffa8005b7b060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa8005d571c0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8005152790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xfffffa800511b990 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004772760 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa8004688060 Lower Device Driver Name: \Driver\nvstor64\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80047721b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8003c6ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004688060, DeviceName: \Device\00000071\, DriverName: \Driver\nvstor64\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B64D5C06 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 939456512 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 939458560 Numsec = 37308416 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80051475c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800511b990, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: B323F410 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398931968 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8005b7b060, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800593a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005b7b060, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005d571c0, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: C3072E18 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 8064 Numsec = 7826880 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4011491328 bytes Sector size: 512 bytes Done! Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svidete --> [Trojan.Agent.U] Scan finished Creating System Restore point... Could not create restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam... Removal finished Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.01.01 Windows 7 Service Pack 1 x64 FAT32 (Safe Mode) Internet Explorer 10.0.9200.16618 Austin :: AUSTIN-PC [administrator] 7/3/2013 1:06:18 PM mbar-log-2013-07-03 (13-06-18).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 289452 Time elapsed: 30 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svidete (Trojan.Agent.U) -> Data: rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  6. 12:38:41.0010 0568 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19 12:38:41.0384 0568 ============================================================ 12:38:41.0384 0568 Current date / time: 2013/07/03 12:38:41.0384 12:38:41.0384 0568 SystemInfo: 12:38:41.0384 0568 12:38:41.0384 0568 OS Version: 6.1.7601 ServicePack: 1.0 12:38:41.0384 0568 Product type: Workstation 12:38:41.0384 0568 ComputerName: AUSTIN-PC 12:38:41.0384 0568 UserName: Austin 12:38:41.0384 0568 Windows directory: C:\Windows 12:38:41.0384 0568 System windows directory: C:\Windows 12:38:41.0384 0568 Running under WOW64 12:38:41.0384 0568 Processor architecture: Intel x64 12:38:41.0384 0568 Number of processors: 2 12:38:41.0384 0568 Page size: 0x1000 12:38:41.0384 0568 Boot type: Safe boot 12:38:41.0384 0568 ============================================================ 12:38:42.0320 0568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:38:42.0320 0568 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115800 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:38:50.0198 0568 Drive \Device\Harddisk2\DR3 - Size: 0xEF1A8000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:38:50.0198 0568 ============================================================ 12:38:50.0198 0568 \Device\Harddisk0\DR0: 12:38:50.0198 0568 MBR partitions: 12:38:50.0198 0568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37FEF800 12:38:50.0198 0568 \Device\Harddisk1\DR1: 12:38:50.0198 0568 MBR partitions: 12:38:50.0198 0568 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 12:38:50.0198 0568 \Device\Harddisk2\DR3: 12:38:50.0198 0568 MBR partitions: 12:38:50.0198 0568 \Device\Harddisk2\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x776DC0 12:38:50.0198 0568 ============================================================ 12:38:50.0261 0568 C: <-> \Device\Harddisk0\DR0\Partition1 12:38:50.0292 0568 E: <-> \Device\Harddisk1\DR1\Partition1 12:38:50.0292 0568 ============================================================ 12:38:50.0292 0568 Initialize success 12:38:50.0292 0568 ============================================================ 12:38:53.0006 1008 ============================================================ 12:38:53.0006 1008 Scan started 12:38:53.0006 1008 Mode: Manual; 12:38:53.0006 1008 ============================================================ 12:38:53.0053 1008 ================ Scan system memory ======================== 12:38:53.0053 1008 System memory - ok 12:38:53.0053 1008 ================ Scan services ============================= 12:38:53.0318 1008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:38:53.0318 1008 1394ohci - ok 12:38:53.0412 1008 ACDaemon - ok 12:38:53.0443 1008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:38:53.0443 1008 ACPI - ok 12:38:53.0490 1008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:38:53.0490 1008 AcpiPmi - ok 12:38:53.0584 1008 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:38:53.0599 1008 AdobeARMservice - ok 12:38:53.0771 1008 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:38:53.0786 1008 AdobeFlashPlayerUpdateSvc - ok 12:38:53.0833 1008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 12:38:53.0833 1008 adp94xx - ok 12:38:53.0864 1008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 12:38:53.0864 1008 adpahci - ok 12:38:53.0880 1008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 12:38:53.0880 1008 adpu320 - ok 12:38:53.0927 1008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:38:53.0927 1008 AeLookupSvc - ok 12:38:54.0067 1008 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe 12:38:54.0098 1008 AESTFilters - ok 12:38:54.0176 1008 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys 12:38:54.0176 1008 Afc - ok 12:38:54.0254 1008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 12:38:54.0254 1008 AFD - ok 12:38:54.0301 1008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 12:38:54.0301 1008 agp440 - ok 12:38:54.0332 1008 [ 8F4121EB79C000F53331BA836EAFD3D6 ] ahcix64 C:\Windows\system32\drivers\ahcix64.sys 12:38:54.0332 1008 ahcix64 - ok 12:38:54.0348 1008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 12:38:54.0348 1008 ALG - ok 12:38:54.0504 1008 [ DAE4E931AAA2CC2229D6EE9D1E040963 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe 12:38:54.0504 1008 AlienFusionService - ok 12:38:54.0551 1008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 12:38:54.0551 1008 aliide - ok 12:38:54.0582 1008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 12:38:54.0582 1008 amdide - ok 12:38:54.0629 1008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 12:38:54.0629 1008 AmdK8 - ok 12:38:54.0644 1008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 12:38:54.0644 1008 AmdPPM - ok 12:38:54.0676 1008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:38:54.0691 1008 amdsata - ok 12:38:54.0707 1008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 12:38:54.0707 1008 amdsbs - ok 12:38:54.0722 1008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:38:54.0722 1008 amdxata - ok 12:38:54.0785 1008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 12:38:54.0785 1008 AppID - ok 12:38:54.0800 1008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:38:54.0800 1008 AppIDSvc - ok 12:38:54.0863 1008 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 12:38:54.0863 1008 Appinfo - ok 12:38:54.0941 1008 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:38:54.0941 1008 Apple Mobile Device - ok 12:38:54.0956 1008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 12:38:54.0956 1008 arc - ok 12:38:54.0972 1008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 12:38:54.0972 1008 arcsas - ok 12:38:55.0050 1008 [ 44837F1CB5BD166A7BD8869F9E86E907 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys 12:38:55.0050 1008 asdrm - ok 12:38:55.0112 1008 [ 88390FE440DCC3F10556AE41F4EDFCA1 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys 12:38:55.0112 1008 asdrs - ok 12:38:55.0206 1008 [ ACF9720EFB9B2D5128446F2291F07A7A ] asdsrv C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe 12:38:55.0222 1008 asdsrv - ok 12:38:55.0268 1008 [ 2D6D1BCBE6B7D0688681CE71C4A4C828 ] asdws C:\Windows\system32\DRIVERS\asdws.sys 12:38:55.0268 1008 asdws - ok 12:38:55.0393 1008 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 12:38:55.0409 1008 aspnet_state - ok 12:38:55.0456 1008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:38:55.0456 1008 AsyncMac - ok 12:38:55.0518 1008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 12:38:55.0518 1008 atapi - ok 12:38:55.0580 1008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:38:55.0596 1008 AudioEndpointBuilder - ok 12:38:55.0612 1008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 12:38:55.0612 1008 AudioSrv - ok 12:38:55.0705 1008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:38:55.0705 1008 AxInstSV - ok 12:38:55.0752 1008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 12:38:55.0752 1008 b06bdrv - ok 12:38:55.0768 1008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 12:38:55.0783 1008 b57nd60a - ok 12:38:55.0846 1008 [ 57E58BCD31D8C34CB75649910FFD6D64 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 12:38:55.0892 1008 BCM43XX - ok 12:38:55.0939 1008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 12:38:55.0939 1008 BDESVC - ok 12:38:55.0939 1008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 12:38:55.0955 1008 Beep - ok 12:38:56.0017 1008 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 12:38:56.0033 1008 BFE - ok 12:38:56.0095 1008 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 12:38:56.0111 1008 BITS - ok 12:38:56.0158 1008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:38:56.0158 1008 blbdrive - ok 12:38:56.0236 1008 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:38:56.0236 1008 Bonjour Service - ok 12:38:56.0298 1008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:38:56.0298 1008 bowser - ok 12:38:56.0329 1008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:38:56.0329 1008 BrFiltLo - ok 12:38:56.0360 1008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:38:56.0360 1008 BrFiltUp - ok 12:38:56.0407 1008 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 12:38:56.0423 1008 Browser - ok 12:38:56.0438 1008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:38:56.0438 1008 Brserid - ok 12:38:56.0454 1008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:38:56.0454 1008 BrSerWdm - ok 12:38:56.0485 1008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:38:56.0485 1008 BrUsbMdm - ok 12:38:56.0516 1008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:38:56.0516 1008 BrUsbSer - ok 12:38:56.0579 1008 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 12:38:56.0626 1008 BthEnum - ok 12:38:56.0641 1008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 12:38:56.0657 1008 BTHMODEM - ok 12:38:56.0672 1008 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 12:38:56.0688 1008 BthPan - ok 12:38:56.0704 1008 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 12:38:56.0704 1008 BTHPORT - ok 12:38:56.0766 1008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 12:38:56.0766 1008 bthserv - ok 12:38:56.0766 1008 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 12:38:56.0766 1008 BTHUSB - ok 12:38:56.0797 1008 [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 12:38:56.0797 1008 btwaudio - ok 12:38:56.0813 1008 [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 12:38:56.0813 1008 btwavdt - ok 12:38:56.0891 1008 [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 12:38:56.0922 1008 btwdins - ok 12:38:56.0969 1008 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 12:38:56.0969 1008 btwl2cap - ok 12:38:57.0016 1008 [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 12:38:57.0016 1008 btwrchid - ok 12:38:57.0078 1008 [ 93A45B3F2403670A6D14A0B466D97698 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 12:38:57.0078 1008 ccEvtMgr - ok 12:38:57.0094 1008 [ 93A45B3F2403670A6D14A0B466D97698 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 12:38:57.0094 1008 ccSetMgr - ok 12:38:57.0094 1008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:38:57.0094 1008 cdfs - ok 12:38:57.0140 1008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 12:38:57.0140 1008 cdrom - ok 12:38:57.0203 1008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 12:38:57.0203 1008 CertPropSvc - ok 12:38:57.0281 1008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 12:38:57.0281 1008 circlass - ok 12:38:57.0328 1008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 12:38:57.0343 1008 CLFS - ok 12:38:57.0421 1008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:38:57.0437 1008 clr_optimization_v2.0.50727_32 - ok 12:38:57.0499 1008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:38:57.0515 1008 clr_optimization_v2.0.50727_64 - ok 12:38:57.0593 1008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:38:57.0780 1008 clr_optimization_v4.0.30319_32 - ok 12:38:57.0827 1008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:38:57.0874 1008 clr_optimization_v4.0.30319_64 - ok 12:38:57.0936 1008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:38:57.0936 1008 CmBatt - ok 12:38:57.0967 1008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:38:57.0967 1008 cmdide - ok 12:38:58.0014 1008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 12:38:58.0014 1008 CNG - ok 12:38:58.0061 1008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 12:38:58.0061 1008 Compbatt - ok 12:38:58.0076 1008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 12:38:58.0076 1008 CompositeBus - ok 12:38:58.0108 1008 COMSysApp - ok 12:38:58.0123 1008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 12:38:58.0139 1008 crcdisk - ok 12:38:58.0186 1008 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:38:58.0186 1008 CryptSvc - ok 12:38:58.0232 1008 [ 6A56407675844CB11E65964EE35E0B46 ] CustomSvc C:\Program Files\OSD\Service1.exe 12:38:58.0248 1008 CustomSvc - ok 12:38:58.0279 1008 [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys 12:38:58.0279 1008 DAdderFltr - ok 12:38:58.0342 1008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:38:58.0342 1008 DcomLaunch - ok 12:38:58.0388 1008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 12:38:58.0388 1008 defragsvc - ok 12:38:58.0435 1008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:38:58.0435 1008 DfsC - ok 12:38:58.0482 1008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 12:38:58.0482 1008 Dhcp - ok 12:38:58.0498 1008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 12:38:58.0498 1008 discache - ok 12:38:58.0544 1008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 12:38:58.0544 1008 Disk - ok 12:38:58.0591 1008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:38:58.0591 1008 Dnscache - ok 12:38:58.0638 1008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 12:38:58.0638 1008 dot3svc - ok 12:38:58.0669 1008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 12:38:58.0685 1008 DPS - ok 12:38:58.0732 1008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:38:58.0747 1008 drmkaud - ok 12:38:58.0778 1008 dump_wmimmc - ok 12:38:58.0825 1008 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:38:58.0856 1008 DXGKrnl - ok 12:38:58.0872 1008 EagleX64 - ok 12:38:58.0919 1008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 12:38:58.0919 1008 EapHost - ok 12:38:59.0012 1008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 12:38:59.0075 1008 ebdrv - ok 12:38:59.0168 1008 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 12:38:59.0184 1008 eeCtrl - ok 12:38:59.0231 1008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 12:38:59.0231 1008 EFS - ok 12:38:59.0324 1008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:38:59.0324 1008 ehRecvr - ok 12:38:59.0371 1008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 12:38:59.0371 1008 ehSched - ok 12:38:59.0402 1008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 12:38:59.0402 1008 elxstor - ok 12:38:59.0449 1008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:38:59.0449 1008 ErrDev - ok 12:38:59.0527 1008 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys 12:38:59.0527 1008 EsgScanner - ok 12:38:59.0574 1008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 12:38:59.0574 1008 EventSystem - ok 12:38:59.0590 1008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 12:38:59.0590 1008 exfat - ok 12:38:59.0683 1008 [ BCCB1252F5F310C54991888C4B80D997 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe 12:38:59.0746 1008 FAService - ok 12:38:59.0761 1008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:38:59.0777 1008 fastfat - ok 12:38:59.0839 1008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 12:38:59.0839 1008 Fax - ok 12:38:59.0855 1008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:38:59.0855 1008 fdc - ok 12:38:59.0902 1008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 12:38:59.0902 1008 fdPHost - ok 12:38:59.0917 1008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 12:38:59.0917 1008 FDResPub - ok 12:38:59.0917 1008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:38:59.0917 1008 FileInfo - ok 12:38:59.0933 1008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:38:59.0933 1008 Filetrace - ok 12:38:59.0948 1008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:38:59.0948 1008 flpydisk - ok 12:38:59.0995 1008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:38:59.0995 1008 FltMgr - ok 12:39:00.0058 1008 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 12:39:00.0073 1008 FontCache - ok 12:39:00.0167 1008 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:39:00.0167 1008 FontCache3.0.0.0 - ok 12:39:00.0182 1008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:39:00.0182 1008 FsDepends - ok 12:39:00.0229 1008 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 12:39:00.0229 1008 fssfltr - ok 12:39:00.0338 1008 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 12:39:00.0416 1008 fsssvc - ok 12:39:00.0448 1008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:39:00.0448 1008 Fs_Rec - ok 12:39:00.0510 1008 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:39:00.0510 1008 fvevol - ok 12:39:00.0526 1008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 12:39:00.0526 1008 gagp30kx - ok 12:39:00.0572 1008 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:39:00.0572 1008 GEARAspiWDM - ok 12:39:00.0619 1008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 12:39:00.0650 1008 gpsvc - ok 12:39:00.0744 1008 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca70abb4bf12a0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:39:00.0760 1008 gupdate1ca70abb4bf12a0 - ok 12:39:00.0806 1008 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:39:00.0806 1008 gupdatem - ok 12:39:00.0838 1008 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 12:39:00.0838 1008 hamachi - ok 12:39:00.0947 1008 [ B1E3F445943F06E36DC079AF28D0F86B ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 12:39:01.0009 1008 Hamachi2Svc - ok 12:39:01.0056 1008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:39:01.0056 1008 hcw85cir - ok 12:39:01.0165 1008 [ 1D3719A2693816261FB8A0D7EC2E7931 ] HcwDevCentralService C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE 12:39:01.0181 1008 HcwDevCentralService - ok 12:39:01.0228 1008 [ 1DC06A88220FBF4DBED7D352BDA93A26 ] hcwE5bda C:\Windows\system32\drivers\hcwE5bda.sys 12:39:01.0243 1008 hcwE5bda - ok 12:39:01.0306 1008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 12:39:01.0321 1008 HDAudBus - ok 12:39:01.0337 1008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 12:39:01.0337 1008 HidBatt - ok 12:39:01.0352 1008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:39:01.0352 1008 HidBth - ok 12:39:01.0368 1008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:39:01.0368 1008 HidIr - ok 12:39:01.0415 1008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 12:39:01.0415 1008 hidserv - ok 12:39:01.0493 1008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:39:01.0493 1008 HidUsb - ok 12:39:01.0555 1008 [ 6C92CA750A30650AD73ACA88F5A0CC32 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 12:39:01.0571 1008 HiPatchService - ok 12:39:01.0618 1008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:39:01.0618 1008 hkmsvc - ok 12:39:01.0664 1008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:39:01.0664 1008 HomeGroupListener - ok 12:39:01.0711 1008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:39:01.0711 1008 HomeGroupProvider - ok 12:39:01.0805 1008 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 12:39:01.0820 1008 hpqcxs08 - ok 12:39:01.0852 1008 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 12:39:01.0852 1008 hpqddsvc - ok 12:39:01.0867 1008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:39:01.0867 1008 HpSAMD - ok 12:39:01.0930 1008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:39:01.0945 1008 HTTP - ok 12:39:01.0992 1008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:39:01.0992 1008 hwpolicy - ok 12:39:02.0023 1008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 12:39:02.0023 1008 i8042prt - ok 12:39:02.0086 1008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:39:02.0086 1008 iaStorV - ok 12:39:02.0148 1008 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:39:02.0164 1008 idsvc - ok 12:39:02.0210 1008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 12:39:02.0210 1008 iirsp - ok 12:39:02.0257 1008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 12:39:02.0273 1008 IKEEXT - ok 12:39:02.0288 1008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 12:39:02.0304 1008 intelide - ok 12:39:02.0335 1008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:39:02.0335 1008 intelppm - ok 12:39:02.0398 1008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:39:02.0398 1008 IPBusEnum - ok 12:39:02.0444 1008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:39:02.0444 1008 IpFilterDriver - ok 12:39:02.0507 1008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:39:02.0522 1008 IPMIDRV - ok 12:39:02.0522 1008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:39:02.0538 1008 IPNAT - ok 12:39:02.0616 1008 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 12:39:02.0647 1008 iPod Service - ok 12:39:02.0663 1008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:39:02.0663 1008 IRENUM - ok 12:39:02.0678 1008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:39:02.0678 1008 isapnp - ok 12:39:02.0694 1008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:39:02.0710 1008 iScsiPrt - ok 12:39:02.0756 1008 [ 5FEF11C18EC25CDCB27E6C8680690B69 ] itecir C:\Windows\system32\DRIVERS\itecir.sys 12:39:02.0772 1008 itecir - ok 12:39:02.0803 1008 [ 7FF7DB8466DA74DA7AD64A55F31221F6 ] JGOGO C:\Windows\system32\drivers\jgogo.sys 12:39:02.0803 1008 JGOGO - ok 12:39:02.0819 1008 [ F8D19D891C60213FAB6DB93EEF2DA2A5 ] JRAID C:\Windows\system32\drivers\jraid.sys 12:39:02.0819 1008 JRAID - ok 12:39:02.0834 1008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 12:39:02.0834 1008 kbdclass - ok 12:39:02.0881 1008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 12:39:02.0881 1008 kbdhid - ok 12:39:02.0897 1008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 12:39:02.0897 1008 KeyIso - ok 12:39:02.0944 1008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:39:02.0944 1008 KSecDD - ok 12:39:02.0959 1008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:39:02.0959 1008 KSecPkg - ok 12:39:02.0975 1008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 12:39:02.0975 1008 ksthunk - ok 12:39:03.0022 1008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 12:39:03.0037 1008 KtmRm - ok 12:39:03.0068 1008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 12:39:03.0068 1008 LanmanServer - ok 12:39:03.0115 1008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:39:03.0131 1008 LanmanWorkstation - ok 12:39:03.0271 1008 [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE 12:39:03.0334 1008 LiveUpdate - ok 12:39:03.0380 1008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:39:03.0380 1008 lltdio - ok 12:39:03.0412 1008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:39:03.0412 1008 lltdsvc - ok 12:39:03.0427 1008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:39:03.0427 1008 lmhosts - ok 12:39:03.0552 1008 [ 8F2CFF01F12955477450DA5E572D4001 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe 12:39:03.0568 1008 LMIGuardianSvc - ok 12:39:03.0630 1008 [ 0F28935ECF1FBDEC22BAF720A5A94564 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys 12:39:03.0630 1008 LMIInfo - ok 12:39:03.0692 1008 [ CA86C7042E406070B905AE6CA45D22EA ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe 12:39:03.0692 1008 LMIMaint - ok 12:39:03.0755 1008 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 12:39:03.0755 1008 lmimirr - ok 12:39:03.0755 1008 LMIRfsClientNP - ok 12:39:03.0770 1008 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 12:39:03.0770 1008 LMIRfsDriver - ok 12:39:03.0817 1008 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe 12:39:03.0817 1008 LogMeIn - ok 12:39:03.0864 1008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 12:39:03.0880 1008 LSI_FC - ok 12:39:03.0911 1008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 12:39:03.0911 1008 LSI_SAS - ok 12:39:03.0926 1008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:39:03.0942 1008 LSI_SAS2 - ok 12:39:03.0958 1008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:39:03.0973 1008 LSI_SCSI - ok 12:39:04.0004 1008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 12:39:04.0004 1008 luafv - ok 12:39:04.0051 1008 [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe 12:39:04.0051 1008 Macromedia Licensing Service - ok 12:39:04.0098 1008 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 12:39:04.0114 1008 MBAMProtector - ok 12:39:04.0223 1008 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 12:39:04.0223 1008 MBAMScheduler - ok 12:39:04.0254 1008 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:39:04.0285 1008 MBAMService - ok 12:39:04.0316 1008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:39:04.0316 1008 Mcx2Svc - ok 12:39:04.0348 1008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 12:39:04.0348 1008 megasas - ok 12:39:04.0379 1008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 12:39:04.0379 1008 MegaSR - ok 12:39:04.0472 1008 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 12:39:04.0519 1008 Microsoft Office Groove Audit Service - ok 12:39:04.0566 1008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 12:39:04.0566 1008 MMCSS - ok 12:39:04.0582 1008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 12:39:04.0582 1008 Modem - ok 12:39:04.0628 1008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:39:04.0628 1008 monitor - ok 12:39:04.0675 1008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:39:04.0675 1008 mouclass - ok 12:39:04.0722 1008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:39:04.0738 1008 mouhid - ok 12:39:04.0784 1008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:39:04.0784 1008 mountmgr - ok 12:39:04.0894 1008 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:39:04.0909 1008 MozillaMaintenance - ok 12:39:04.0909 1008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 12:39:04.0925 1008 mpio - ok 12:39:04.0940 1008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:39:04.0940 1008 mpsdrv - ok 12:39:05.0018 1008 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:39:05.0034 1008 MpsSvc - ok 12:39:05.0081 1008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:39:05.0081 1008 MRxDAV - ok 12:39:05.0128 1008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:39:05.0128 1008 mrxsmb - ok 12:39:05.0159 1008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:39:05.0159 1008 mrxsmb10 - ok 12:39:05.0174 1008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:39:05.0190 1008 mrxsmb20 - ok 12:39:05.0221 1008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 12:39:05.0221 1008 msahci - ok 12:39:05.0237 1008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:39:05.0252 1008 msdsm - ok 12:39:05.0268 1008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 12:39:05.0268 1008 MSDTC - ok 12:39:05.0315 1008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:39:05.0315 1008 Msfs - ok 12:39:05.0330 1008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:39:05.0330 1008 mshidkmdf - ok 12:39:05.0330 1008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:39:05.0330 1008 msisadrv - ok 12:39:05.0393 1008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:39:05.0393 1008 MSiSCSI - ok 12:39:05.0393 1008 msiserver - ok 12:39:05.0424 1008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:39:05.0440 1008 MSKSSRV - ok 12:39:05.0455 1008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:39:05.0455 1008 MSPCLOCK - ok 12:39:05.0471 1008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:39:05.0471 1008 MSPQM - ok 12:39:05.0518 1008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:39:05.0518 1008 MsRPC - ok 12:39:05.0533 1008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 12:39:05.0533 1008 mssmbios - ok 12:39:05.0564 1008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:39:05.0564 1008 MSTEE - ok 12:39:05.0580 1008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 12:39:05.0580 1008 MTConfig - ok 12:39:05.0627 1008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 12:39:05.0627 1008 Mup - ok 12:39:05.0658 1008 [ 72BC95EAD29FAF301FDD4B733C30EE19 ] mv61xx C:\Windows\system32\drivers\mv61xx.sys 12:39:05.0658 1008 mv61xx - ok 12:39:05.0705 1008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 12:39:05.0720 1008 napagent - ok 12:39:05.0767 1008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:39:05.0767 1008 NativeWifiP - ok 12:39:05.0939 1008 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS 12:39:05.0939 1008 NAVENG - ok 12:39:06.0001 1008 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS 12:39:06.0048 1008 NAVEX15 - ok 12:39:06.0126 1008 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:39:06.0142 1008 NDIS - ok 12:39:06.0204 1008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:39:06.0204 1008 NdisCap - ok 12:39:06.0251 1008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:39:06.0251 1008 NdisTapi - ok 12:39:06.0298 1008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:39:06.0298 1008 Ndisuio - ok 12:39:06.0360 1008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:39:06.0360 1008 NdisWan - ok 12:39:06.0407 1008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:39:06.0407 1008 NDProxy - ok 12:39:06.0500 1008 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 12:39:06.0516 1008 Nero BackItUp Scheduler 4.0 - ok 12:39:06.0578 1008 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 12:39:06.0578 1008 Net Driver HPZ12 - ok 12:39:06.0594 1008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:39:06.0594 1008 NetBIOS - ok 12:39:06.0641 1008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:39:06.0656 1008 NetBT - ok 12:39:06.0656 1008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 12:39:06.0656 1008 Netlogon - ok 12:39:06.0719 1008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 12:39:06.0734 1008 Netman - ok 12:39:06.0812 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:39:06.0859 1008 NetMsmqActivator - ok 12:39:06.0875 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:39:06.0875 1008 NetPipeActivator - ok 12:39:06.0906 1008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 12:39:06.0906 1008 netprofm - ok 12:39:06.0906 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:39:06.0906 1008 NetTcpActivator - ok 12:39:06.0922 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:39:06.0922 1008 NetTcpPortSharing - ok 12:39:06.0922 1008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 12:39:06.0937 1008 nfrd960 - ok 12:39:06.0984 1008 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 12:39:07.0000 1008 NlaSvc - ok 12:39:07.0000 1008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:39:07.0000 1008 Npfs - ok 12:39:07.0031 1008 npggsvc - ok 12:39:07.0046 1008 NPPTNT2 - ok 12:39:07.0062 1008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 12:39:07.0078 1008 nsi - ok 12:39:07.0093 1008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:39:07.0093 1008 nsiproxy - ok 12:39:07.0156 1008 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:39:07.0187 1008 Ntfs - ok 12:39:07.0265 1008 [ 07953351A3424BAA50FC5C4A1434FB04 ] NTI BackupNowEZSvr C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe 12:39:07.0265 1008 NTI BackupNowEZSvr - ok 12:39:07.0280 1008 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 12:39:07.0280 1008 NTIDrvr - ok 12:39:07.0296 1008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 12:39:07.0296 1008 Null - ok 12:39:07.0374 1008 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 12:39:07.0374 1008 NVENETFD - ok 12:39:07.0624 1008 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:39:07.0842 1008 nvlddmkm - ok 12:39:07.0904 1008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:39:07.0904 1008 nvraid - ok 12:39:07.0936 1008 [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys 12:39:07.0936 1008 nvrd64 - ok 12:39:07.0936 1008 [ 71C1C6F1D0E5F29E7BCD62411F5D9EB6 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys 12:39:07.0951 1008 nvsmu - ok 12:39:07.0951 1008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:39:07.0967 1008 nvstor - ok 12:39:08.0014 1008 [ 581286807B5832503FD700A3217B589F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 12:39:08.0014 1008 nvstor64 - ok 12:39:08.0060 1008 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe 12:39:08.0092 1008 nvsvc - ok 12:39:08.0170 1008 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:39:08.0201 1008 nvUpdatusService - ok 12:39:08.0216 1008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:39:08.0216 1008 nv_agp - ok 12:39:08.0263 1008 [ A884303EA5CD3D250B514FDD5CE92AC8 ] OA007Vid C:\Windows\system32\DRIVERS\OA007Vid.sys 12:39:08.0263 1008 OA007Vid - ok 12:39:08.0404 1008 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 12:39:08.0419 1008 odserv - ok 12:39:08.0466 1008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:39:08.0466 1008 ohci1394 - ok 12:39:08.0513 1008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:39:08.0513 1008 ose - ok 12:39:08.0560 1008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:39:08.0560 1008 p2pimsvc - ok 12:39:08.0622 1008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 12:39:08.0622 1008 p2psvc - ok 12:39:08.0653 1008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 12:39:08.0653 1008 Parport - ok 12:39:08.0700 1008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:39:08.0700 1008 partmgr - ok 12:39:08.0716 1008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:39:08.0716 1008 PcaSvc - ok 12:39:08.0731 1008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 12:39:08.0747 1008 pci - ok 12:39:08.0762 1008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 12:39:08.0762 1008 pciide - ok 12:39:08.0778 1008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 12:39:08.0778 1008 pcmcia - ok 12:39:08.0794 1008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 12:39:08.0794 1008 pcw - ok 12:39:08.0809 1008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:39:08.0825 1008 PEAUTH - ok 12:39:08.0918 1008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 12:39:09.0106 1008 PerfHost - ok 12:39:09.0152 1008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 12:39:09.0184 1008 pla - ok 12:39:09.0215 1008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:39:09.0230 1008 PlugPlay - ok 12:39:09.0293 1008 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 12:39:09.0293 1008 Pml Driver HPZ12 - ok 12:39:09.0324 1008 PnkBstrA - ok 12:39:09.0355 1008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:39:09.0371 1008 PNRPAutoReg - ok 12:39:09.0386 1008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:39:09.0386 1008 PNRPsvc - ok 12:39:09.0433 1008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:39:09.0449 1008 PolicyAgent - ok 12:39:09.0496 1008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 12:39:09.0496 1008 Power - ok 12:39:09.0542 1008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:39:09.0542 1008 PptpMiniport - ok 12:39:09.0574 1008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 12:39:09.0574 1008 Processor - ok 12:39:09.0620 1008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 12:39:09.0620 1008 ProfSvc - ok 12:39:09.0636 1008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 12:39:09.0636 1008 ProtectedStorage - ok 12:39:09.0683 1008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:39:09.0698 1008 Psched - ok 12:39:09.0745 1008 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 12:39:09.0745 1008 PxHlpa64 - ok 12:39:09.0776 1008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 12:39:09.0808 1008 ql2300 - ok 12:39:09.0823 1008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 12:39:09.0839 1008 ql40xx - ok 12:39:09.0854 1008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 12:39:09.0854 1008 QWAVE - ok 12:39:09.0870 1008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:39:09.0870 1008 QWAVEdrv - ok 12:39:09.0886 1008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:39:09.0886 1008 RasAcd - ok 12:39:09.0917 1008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:39:09.0917 1008 RasAgileVpn - ok 12:39:09.0932 1008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 12:39:09.0948 1008 RasAuto - ok 12:39:09.0979 1008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:39:09.0979 1008 Rasl2tp - ok 12:39:10.0026 1008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 12:39:10.0057 1008 RasMan - ok 12:39:10.0073 1008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:39:10.0073 1008 RasPppoe - ok 12:39:10.0088 1008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:39:10.0088 1008 RasSstp - ok 12:39:10.0135 1008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:39:10.0135 1008 rdbss - ok 12:39:10.0151 1008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 12:39:10.0151 1008 rdpbus - ok 12:39:10.0166 1008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:39:10.0166 1008 RDPCDD - ok 12:39:10.0213 1008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:39:10.0213 1008 RDPENCDD - ok 12:39:10.0213 1008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:39:10.0213 1008 RDPREFMP - ok 12:39:10.0260 1008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:39:10.0260 1008 RDPWD - ok 12:39:10.0307 1008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:39:10.0322 1008 rdyboost - ok 12:39:10.0385 1008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:39:10.0400 1008 RemoteAccess - ok 12:39:10.0447 1008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:39:10.0463 1008 RemoteRegistry - ok 12:39:10.0510 1008 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 12:39:10.0510 1008 RFCOMM - ok 12:39:10.0556 1008 [ CB7C996F3878E936BFDD9CDFE6A3A987 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys 12:39:10.0556 1008 rimmptsk - ok 12:39:10.0603 1008 [ 2C543F0E04B5F6FD5C17509D0ECE6D1D ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys 12:39:10.0603 1008 rimsptsk - ok 12:39:10.0619 1008 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys 12:39:10.0619 1008 rismxdp - ok 12:39:10.0619 1008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:39:10.0634 1008 RpcEptMapper - ok 12:39:10.0666 1008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 12:39:10.0666 1008 RpcLocator - ok 12:39:10.0744 1008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 12:39:10.0744 1008 RpcSs - ok 12:39:10.0759 1008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:39:10.0759 1008 rspndr - ok 12:39:10.0775 1008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 12:39:10.0775 1008 SamSs - ok 12:39:10.0822 1008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:39:10.0822 1008 sbp2port - ok 12:39:10.0853 1008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:39:10.0853 1008 SCardSvr - ok 12:39:10.0900 1008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:39:10.0900 1008 scfilter - ok 12:39:10.0962 1008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 12:39:10.0993 1008 Schedule - ok 12:39:11.0009 1008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 12:39:11.0009 1008 SCPolicySvc - ok 12:39:11.0056 1008 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 12:39:11.0056 1008 sdbus - ok 12:39:11.0102 1008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:39:11.0102 1008 SDRSVC - ok 12:39:11.0149 1008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:39:11.0149 1008 secdrv - ok 12:39:11.0196 1008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 12:39:11.0196 1008 seclogon - ok 12:39:11.0212 1008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 12:39:11.0212 1008 SENS - ok 12:39:11.0212 1008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:39:11.0212 1008 SensrSvc - ok 12:39:11.0243 1008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:39:11.0243 1008 Serenum - ok 12:39:11.0274 1008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:39:11.0274 1008 Serial - ok 12:39:11.0305 1008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 12:39:11.0305 1008 sermouse - ok 12:39:11.0352 1008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 12:39:11.0368 1008 SessionEnv - ok 12:39:11.0414 1008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:39:11.0414 1008 sffdisk - ok 12:39:11.0430 1008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:39:11.0430 1008 sffp_mmc - ok 12:39:11.0430 1008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:39:11.0446 1008 sffp_sd - ok 12:39:11.0461 1008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 12:39:11.0461 1008 sfloppy - ok 12:39:11.0508 1008 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:39:11.0508 1008 SharedAccess - ok 12:39:11.0570 1008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:39:11.0570 1008 ShellHWDetection - ok 12:39:11.0586 1008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:39:11.0586 1008 SiSRaid2 - ok 12:39:11.0617 1008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 12:39:11.0617 1008 SiSRaid4 - ok 12:39:11.0680 1008 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 12:39:11.0680 1008 SkypeUpdate - ok 12:39:11.0711 1008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:39:11.0711 1008 Smb - ok 12:39:11.0820 1008 [ C5F27FC0503704946148A5E1BB97ADDB ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe 12:39:11.0914 1008 SmcService - ok 12:39:11.0945 1008 [ 86523066C79C7642CD0F08585A12E412 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE 12:39:11.0960 1008 SNAC - ok 12:39:12.0007 1008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:39:12.0007 1008 SNMPTRAP - ok 12:39:12.0023 1008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 12:39:12.0023 1008 spldr - ok 12:39:12.0070 1008 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 12:39:12.0070 1008 Spooler - ok 12:39:12.0163 1008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 12:39:12.0257 1008 sppsvc - ok 12:39:12.0288 1008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:39:12.0288 1008 sppuinotify - ok 12:39:12.0460 1008 [ 623E4A909E759D73D1C9FA5059A49E9A ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 12:39:12.0491 1008 SpyHunter 4 Service - ok 12:39:12.0522 1008 [ 569F8D9768A00AB9A5166997C88EFE42 ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS 12:39:12.0538 1008 SRTSP - ok 12:39:12.0569 1008 [ FB283AE148CC4C5A4954DAEFBB9DFFF0 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS 12:39:12.0584 1008 SRTSPL - ok 12:39:12.0584 1008 [ C9ECA0A26CEBADE5134BA01FD8EF86A6 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS 12:39:12.0600 1008 SRTSPX - ok 12:39:12.0678 1008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 12:39:12.0709 1008 srv - ok 12:39:12.0740 1008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:39:12.0740 1008 srv2 - ok 12:39:12.0756 1008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:39:12.0772 1008 srvnet - ok 12:39:12.0834 1008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:39:12.0834 1008 SSDPSRV - ok 12:39:12.0850 1008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:39:12.0850 1008 SstpSvc - ok 12:39:12.0974 1008 [ FF84750B1AB2F0FCC494DFD41D9656B5 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe 12:39:12.0990 1008 STacSV - ok 12:39:13.0021 1008 Steam Client Service - ok 12:39:13.0099 1008 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 12:39:13.0115 1008 Stereo Service - ok 12:39:13.0146 1008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 12:39:13.0146 1008 stexstor - ok 12:39:13.0208 1008 [ DDE4B46E0E91EC78808766EA449457B8 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 12:39:13.0208 1008 STHDA - ok 12:39:13.0271 1008 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 12:39:13.0271 1008 StillCam - ok 12:39:13.0318 1008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 12:39:13.0333 1008 stisvc - ok 12:39:13.0380 1008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 12:39:13.0380 1008 swenum - ok 12:39:13.0520 1008 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 12:39:13.0536 1008 SwitchBoard - ok 12:39:13.0583 1008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 12:39:13.0583 1008 swprv - ok 12:39:13.0645 1008 [ AB135C5739D0AB8CBAAF1D4B23E3C259 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe 12:39:13.0723 1008 Symantec AntiVirus - ok 12:39:13.0754 1008 [ 70C8D165063EB76F1A373B74456D2AAB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 12:39:13.0754 1008 SymEvent - ok 12:39:13.0817 1008 [ 2F240094AFFC3D5AA8BF3060B22FE7ED ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 12:39:13.0817 1008 SynTP - ok 12:39:13.0879 1008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 12:39:13.0910 1008 SysMain - ok 12:39:13.0957 1008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:39:13.0957 1008 TabletInputService - ok 12:39:14.0004 1008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 12:39:14.0004 1008 TapiSrv - ok 12:39:14.0020 1008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 12:39:14.0020 1008 TBS - ok 12:39:14.0082 1008 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:39:14.0129 1008 Tcpip - ok 12:39:14.0191 1008 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:39:14.0207 1008 TCPIP6 - ok 12:39:14.0238 1008 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:39:14.0254 1008 tcpipreg - ok 12:39:14.0300 1008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:39:14.0300 1008 TDPIPE - ok 12:39:14.0332 1008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:39:14.0347 1008 TDTCP - ok 12:39:14.0394 1008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:39:14.0410 1008 tdx - ok 12:39:14.0456 1008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 12:39:14.0456 1008 TermDD - ok 12:39:14.0519 1008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 12:39:14.0534 1008 TermService - ok 12:39:14.0550 1008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 12:39:14.0550 1008 Themes - ok 12:39:14.0597 1008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 12:39:14.0597 1008 THREADORDER - ok 12:39:14.0612 1008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 12:39:14.0612 1008 TrkWks - ok 12:39:14.0690 1008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:39:14.0690 1008 TrustedInstaller - ok 12:39:14.0737 1008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:39:14.0737 1008 tssecsrv - ok 12:39:14.0800 1008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 12:39:14.0800 1008 TsUsbFlt - ok 12:39:14.0846 1008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:39:14.0846 1008 tunnel - ok 12:39:14.0862 1008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 12:39:14.0878 1008 uagp35 - ok 12:39:14.0940 1008 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 12:39:14.0940 1008 UBHelper - ok 12:39:14.0971 1008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:39:14.0987 1008 udfs - ok 12:39:14.0987 1008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:39:15.0002 1008 UI0Detect - ok 12:39:15.0018 1008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:39:15.0018 1008 uliagpkx - ok 12:39:15.0065 1008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 12:39:15.0065 1008 umbus - ok 12:39:15.0080 1008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 12:39:15.0080 1008 UmPass - ok 12:39:15.0143 1008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 12:39:15.0143 1008 upnphost - ok 12:39:15.0205 1008 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 12:39:15.0205 1008 USBAAPL64 - ok 12:39:15.0221 1008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:39:15.0221 1008 usbccgp - ok 12:39:15.0268 1008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 12:39:15.0268 1008 usbcir - ok 12:39:15.0283 1008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:39:15.0283 1008 usbehci - ok 12:39:15.0299 1008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:39:15.0299 1008 usbhub - ok 12:39:15.0314 1008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 12:39:15.0314 1008 usbohci - ok 12:39:15.0330 1008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:39:15.0330 1008 usbprint - ok 12:39:15.0346 1008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:39:15.0346 1008 USBSTOR - ok 12:39:15.0361 1008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 12:39:15.0361 1008 usbuhci - ok 12:39:15.0377 1008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 12:39:15.0377 1008 UxSms - ok 12:39:15.0392 1008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 12:39:15.0392 1008 VaultSvc - ok 12:39:15.0392 1008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:39:15.0392 1008 vdrvroot - ok 12:39:15.0439 1008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 12:39:15.0455 1008 vds - ok 12:39:15.0502 1008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:39:15.0502 1008 vga - ok 12:39:15.0517 1008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 12:39:15.0517 1008 VgaSave - ok 12:39:15.0564 1008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:39:15.0564 1008 vhdmp - ok 12:39:15.0580 1008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 12:39:15.0580 1008 viaide - ok 12:39:15.0595 1008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:39:15.0595 1008 volmgr - ok 12:39:15.0642 1008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:39:15.0658 1008 volmgrx - ok 12:39:15.0658 1008 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:39:15.0673 1008 volsnap - ok 12:39:15.0689 1008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 12:39:15.0689 1008 vsmraid - ok 12:39:15.0751 1008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 12:39:15.0798 1008 VSS - ok 12:39:15.0814 1008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:39:15.0814 1008 vwifibus - ok 12:39:15.0860 1008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 12:39:15.0876 1008 W32Time - ok 12:39:15.0892 1008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 12:39:15.0892 1008 WacomPen - ok 12:39:15.0938 1008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:39:15.0938 1008 WANARP - ok 12:39:15.0938 1008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:39:15.0938 1008 Wanarpv6 - ok 12:39:16.0032 1008 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 12:39:16.0048 1008 WatAdminSvc - ok 12:39:16.0110 1008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 12:39:16.0141 1008 wbengine - ok 12:39:16.0157 1008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:39:16.0157 1008 WbioSrvc - ok 12:39:16.0204 1008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:39:16.0204 1008 wcncsvc - ok 12:39:16.0219 1008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:39:16.0219 1008 WcsPlugInService - ok 12:39:16.0250 1008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 12:39:16.0250 1008 Wd - ok 12:39:16.0297 1008 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:39:16.0313 1008 Wdf01000 - ok 12:39:16.0328 1008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:39:16.0328 1008 WdiServiceHost - ok 12:39:16.0344 1008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:39:16.0344 1008 WdiSystemHost - ok 12:39:16.0391 1008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 12:39:16.0391 1008 WebClient - ok 12:39:16.0406 1008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:39:16.0422 1008 Wecsvc - ok 12:39:16.0422 1008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:39:16.0422 1008 wercplsupport - ok 12:39:16.0469 1008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 12:39:16.0484 1008 WerSvc - ok 12:39:16.0516 1008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:39:16.0531 1008 WfpLwf - ok 12:39:16.0547 1008 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 12:39:16.0562 1008 WimFltr - ok 12:39:16.0562 1008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:39:16.0562 1008 WIMMount - ok 12:39:16.0562 1008 WinHttpAutoProxySvc - ok 12:39:16.0656 1008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:39:16.0672 1008 Winmgmt - ok 12:39:16.0734 1008 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files\OSD\WinRing0x64.sys 12:39:16.0734 1008 WinRing0_1_2_0 - ok 12:39:16.0812 1008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 12:39:16.0859 1008 WinRM - ok 12:39:16.0937 1008 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 12:39:16.0937 1008 WinUsb - ok 12:39:16.0999 1008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 12:39:17.0015 1008 Wlansvc - ok 12:39:17.0108 1008 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:39:17.0155 1008 wlidsvc - ok 12:39:17.0202 1008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:39:17.0202 1008 WmiAcpi - ok 12:39:17.0249 1008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:39:17.0249 1008 wmiApSrv - ok 12:39:17.0311 1008 WMPNetworkSvc - ok 12:39:17.0327 1008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:39:17.0327 1008 WPCSvc - ok 12:39:17.0374 1008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:39:17.0374 1008 WPDBusEnum - ok 12:39:17.0405 1008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:39:17.0420 1008 ws2ifsl - ok 12:39:17.0467 1008 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 12:39:17.0467 1008 WSDPrintDevice - ok 12:39:17.0467 1008 WSearch - ok 12:39:17.0545 1008 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 12:39:17.0608 1008 wuauserv - ok 12:39:17.0654 1008 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:39:17.0654 1008 WudfPf - ok 12:39:17.0701 1008 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:39:17.0717 1008 WUDFRd - ok 12:39:17.0748 1008 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:39:17.0748 1008 wudfsvc - ok 12:39:17.0795 1008 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 12:39:17.0810 1008 WwanSvc - ok 12:39:17.0873 1008 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 12:39:17.0873 1008 xusb21 - ok 12:39:17.0935 1008 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl 12:39:17.0951 1008 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok 12:39:17.0951 1008 ================ Scan global =============================== 12:39:17.0982 1008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 12:39:18.0044 1008 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 12:39:18.0044 1008 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 12:39:18.0091 1008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 12:39:18.0122 1008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 12:39:18.0138 1008 [Global] - ok 12:39:18.0138 1008 ================ Scan MBR ================================== 12:39:18.0154 1008 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0 12:39:18.0154 1008 Suspicious mbr (Forged): \Device\Harddisk0\DR0 12:39:18.0232 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected 12:39:18.0232 1008 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0) 12:39:18.0232 1008 [ 508F4A6A6A6B3DADC6D881D9948389D2 ] \Device\Harddisk1\DR1 12:39:19.0963 1008 \Device\Harddisk1\DR1 - ok 12:39:19.0979 1008 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3 12:39:19.0979 1008 \Device\Harddisk2\DR3 - ok 12:39:19.0979 1008 ================ Scan VBR ================================== 12:39:20.0026 1008 [ E763A24D024F94699947D3D82CAB5AF0 ] \Device\Harddisk0\DR0\Partition1 12:39:20.0026 1008 \Device\Harddisk0\DR0\Partition1 - ok 12:39:20.0026 1008 [ 0E241EDDA96A71AE2BE25A8043495FDE ] \Device\Harddisk1\DR1\Partition1 12:39:20.0026 1008 \Device\Harddisk1\DR1\Partition1 - ok 12:39:20.0026 1008 [ 7015487D7B17CDF5111DCACDE252E0E8 ] \Device\Harddisk2\DR3\Partition1 12:39:20.0026 1008 \Device\Harddisk2\DR3\Partition1 - ok 12:39:20.0026 1008 ============================================================ 12:39:20.0026 1008 Scan finished 12:39:20.0026 1008 ============================================================ 12:39:20.0041 0848 Detected object count: 1 12:39:20.0041 0848 Actual detected object count: 1 12:39:32.0287 0848 \Device\Harddisk0\DR0\# - copied to quarantine 12:39:32.0287 0848 \Device\Harddisk0\DR0 - copied to quarantine 12:39:32.0443 0848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot 12:39:32.0443 0848 \Device\Harddisk0\DR0 - ok 12:39:35.0017 0848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure 12:39:41.0803 0780 Deinitialize success
  7. so after 12 minutes which thankfully was shorter than the 20 minutes it took last night i got to the desktop in normal mode. Then my computer detected a problem and gave me a blue screen and restarted.
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013 Ran by Austin at 2013-07-03 11:59:10 Run:3 Running from G:\ Boot Mode: Safe Mode (minimal) ============================================== C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => File/Directory not found. C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@ => File/Directory not found. C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L => File/Directory not found. C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U => File/Directory not found. C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0 => Moved successfully. C:\Users\Austin\AppData\Roaming\skype.ini => Moved successfully. C:\ProgramData\hash.dat => Moved successfully. C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => Moved successfully. X6va001 => Service deleted successfully. X6va005 => Service deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Temp => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Fraps3 => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found. HKU\UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => File/Directory not found. C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => File/Directory not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => Moved successfully. C:\Windows\Tasks\RegistryBooster.job => Moved successfully. C:\Windows\Tasks\SA.DAT => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => File/Directory not found. C:\Windows\Tasks\Adobe Flash Player Updater.job => File/Directory not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => File/Directory not found. C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => File/Directory not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => File/Directory not found. C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => File/Directory not found. C:\Windows\Tasks\RegistryBooster.job => File/Directory not found. C:\Windows\Tasks\SA.DAT => File/Directory not found. C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk => Moved successfully. C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe not found. ==== End of Fixlog ====
  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013 Ran by Austin at 2013-07-03 01:51:24 Run:2 Running from G:\ Boot Mode: Safe Mode (minimal) ============================================== C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => File/Directory not found. X6va001 => Service not found. X6va005 => Service not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Temp => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Fraps3 => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Adobe CSS5.1 Manager => Value not found. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found. HKU\ UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe not found. ==== End of Fixlog ====
  10. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013 Ran by Austin (administrator) on 03-07-2013 01:23:57 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated) HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [52480 2009-04-24] (Alienware Corporation) HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait [42496 2012-01-30] (Contributors) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-11-29] (LogMeIn, Inc.) HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [75825640 2013-06-13] (Microsoft Corporation) HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation) HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [742264 2012-03-30] (BitTorrent, Inc.) HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [x] HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] () HKCU\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 [67456 2011-11-07] (Uniblue Systems Limited) HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTION HKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTION HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION HKCU\...\Run: [Akamai NetSession Interface] [x] HKCU\...\Run: [svidete] rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup [x] HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION MountPoints2: {1c1a6c67-9403-11de-b5da-0025643a50d8} - E:\LaunchU3.exe -a MountPoints2: {b6401647-eabf-11de-ae7c-806e6f6e6963} - D:\DVDROM\MediaManager\MediaManagerII.exe HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM-x32\...\Run: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" [75048 2009-05-01] (cyberlink) HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-01-22] (Symantec Corporation) HKLM-x32\...\Run: [FAStartup] [x] HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-03-05] (Sensible Vision ) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard) HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard) HKLM-x32\...\Run: [OSD] c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH) HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2007-12-14] () HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2008-10-17] (CyberLink Corp.) HKLM-x32\...\Run: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [backupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x] HKLM-x32\...\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" [492912 2008-06-30] (Symantec Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.) HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-08] (Anvisoft) HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTION AppInit_DLLs-x32: [0 ] () Lsa: [Notification Packages] scecli FAPassSync Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.) Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.) Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/xbox-360 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm URLSearchHook: (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011 SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011 BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision ) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File BHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://www.support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6089/mcfscan.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Google Toolbar for Firefox - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: AOL Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} FF Extension: AOL Messaging Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} FF Extension: uriloader - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\uriloader@pdf.js.xpi FF Extension: wdfopjxrea - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\wdfopjxrea@wdfopjxrea.org.xpi FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description> </RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>{3112ca9c-de6d-4884-a869-9855de68056c}</em:id> <em:version>3.1.20081127W</em:version> <!-- For Up-To-Date Documentation of this Format Please See: http://www.mozilla.org/projects/firefox/extensions/packaging/extensions.html --> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>2.0</em:minVersion> <em:maxVersion>3.*</em:maxVersion> </Description> </em:targetApplication> <em:targetPlatform>WINNT</em:targetPlatform> <em:name>Google Toolbar for Firefox</em:name> <em:description>Take the power of Google with you anywhere on the Web!</em:description> <em:creator>Google Inc.</em:creator> <em:homepageURL>http://www.google.com/</em:homepageURL> <em:updateURL><![CDATA[https://tools.google.com/firefox/update?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%&dist=google]]></em:updateURL> <em:file> <Description about="urn:mozilla:extension:file:google-toolbar.jar"> <em:package>content/</em:package> <em:locale>locale/en-US/</em:locale> <em:locale>locale/da-DK/</em:locale> <em:locale>locale/de-DE/</em:locale> <em:locale>locale/es-AR/</em:locale> <em:locale>locale/es-ES/</em:locale> <em:locale>locale/fi-FI/</em:locale> <em:locale>locale/fr-FR/</em:locale> <em:locale>locale/it-IT/</em:locale> <em:locale>locale/ja-JP/</em:locale> <em:locale>locale/ja-JPM/</em:locale> <em:locale>locale/ko-KR/</em:locale> <em:locale>locale/nb-NO/</em:locale> <em:locale>locale/nl-NL/</em:locale> <em:locale>locale/pt-BR/</em:locale> <em:locale>locale/ru-RU/</em:locale> <em:locale>locale/sv-SE/</em:locale> <em:locale>locale/zh-CN/</em:locale> <em:locale>locale/zh-TW/</em:locale> <em:skin>skin/</em:skin> </Description> </em:file> </Description> </RDF> - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description> </RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [{C0B62AAB-8E55-4B42-8670-E066358BE912}] C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\ FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:name>XULRunner</em:name> <em:id>{C0B62AAB-8E55-4B42-8670-E066358BE912}</em:id> <em:version>1.9.1</em:version> <em:creator>Mozilla Corp.</em:creator> <em:description>XULRunner is a Mozilla runtime package</em:description> <em:type>2</em:type> <em:hidden>true</em:hidden> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>1.5</em:minVersion> <em:maxVersion>3.*.*.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\ Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File ==================== Services (Whitelisted) ================= S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-08] (Anvisoft) S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation) S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation) S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] () S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2360584 2009-03-05] (Sensible Vision ) S2 gupdate1ca70abb4bf12a0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-11-29] (Google Inc.) S3 HcwDevCentralService; C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [401232 2013-02-07] (Hauppauge Computer Works, Inc.) S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.) S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.) S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.) S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-07-25] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.) S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-22] () S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3081544 2009-01-22] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [388424 2009-01-22] (Symantec Corporation) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe [268288 2009-03-19] (IDT, Inc.) S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-01-22] (Symantec Corporation) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] ==================== Drivers (Whitelisted) ==================== S4 ahcix64; C:\Windows\system32\drivers\ahcix64.sys [146944 2008-07-29] (ATI Technologies Inc.) S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft) S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft) S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft) S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] () S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] () R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.) R0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [8704 2006-02-07] (JMicron ) S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S4 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [163736 2007-06-15] (Marvell Semiconductor, Inc.) S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation) S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation) S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation) S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation) S3 OA007Vid; C:\Windows\System32\DRIVERS\OA007Vid.sys [310208 2008-12-27] (Creative Technology Ltd.) S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation) S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation) S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation) S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation) S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2009-07-28] (Symantec Corporation) S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org) S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org) S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.) S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.) S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S4 LMIRfsClientNP; No ImagePath S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x] S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-03 01:22 - 2013-07-03 01:22 - 00282680 ____A C:\Windows\Minidump\070313-28828-01.dmp 2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST 2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp 2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp 2013-07-02 10:17 - 2013-07-02 10:18 - 00001448 ____A C:\AdwCleaner[s4].txt 2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt 2013-07-02 00:35 - 2013-07-02 00:36 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt 2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp 2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt 2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt 2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2013-06-30 18:02 - 2012-11-07 03:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys 2013-06-30 18:02 - 2012-11-07 03:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys 2013-06-30 18:02 - 2012-11-07 03:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys 2013-06-30 17:55 - 2013-06-30 17:57 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini 2013-06-30 17:25 - 2013-06-30 17:26 - 00023306 ____A C:\AdwCleaner[s1].txt 2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt 2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe 2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt 2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe 2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe 2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill 2013-06-30 17:16 - 2013-07-02 11:33 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt 2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe 2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-06-30 12:31 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys 2013-06-30 12:30 - 2013-06-30 12:31 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP 2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan 2013-06-30 11:51 - 2013-07-03 00:00 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job 2013-06-30 11:51 - 2013-06-30 17:23 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk 2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad 2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-06-23 01:35 - 2013-06-23 13:48 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3 2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL 2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url 2013-06-16 03:02 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 03:02 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 03:02 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 03:02 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 03:02 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 03:02 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 03:02 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 03:02 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 03:03 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-13 03:03 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 03:03 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-13 03:03 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-13 03:03 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-13 03:03 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 10:04 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 10:04 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 10:04 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 10:02 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 10:02 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 10:01 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 10:01 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 09:59 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 09:59 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 09:59 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 09:59 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 09:59 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 09:59 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 09:59 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 09:59 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 09:59 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 09:59 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 09:58 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 09:58 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url 2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url 2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-05 09:43 - 2013-06-05 09:50 - 00008121 ____A C:\Windows\IE10_main.log ==================== One Month Modified Files and Folders ======= 2013-07-03 01:22 - 2013-07-03 01:22 - 00282680 ____A C:\Windows\Minidump\070313-28828-01.dmp 2013-07-03 01:22 - 2011-04-21 10:07 - 00000000 ____D C:\Windows\Minidump 2013-07-03 01:22 - 2009-12-12 04:29 - 599587703 ____A C:\Windows\MEMORY.DMP 2013-07-03 01:17 - 2011-09-05 23:37 - 00000000 ____D C:\Users\Austin\AppData\Local\LogMeIn Hamachi 2013-07-03 01:16 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-03 01:15 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job 2013-07-03 01:15 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job 2013-07-03 01:15 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-03 01:14 - 2009-07-14 00:51 - 01935559 ____A C:\Windows\setupact.log 2013-07-03 01:14 - 2009-07-10 19:58 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-03 00:53 - 2009-07-14 01:13 - 00797670 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST 2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp 2013-07-03 00:01 - 2010-07-23 21:24 - 00000000 ____D C:\Users\Austin\AppData\Local\PMB Files 2013-07-03 00:01 - 2010-05-07 10:46 - 00000000 ____D C:\Users\Austin\AppData\Roaming\uTorrent 2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job 2013-07-03 00:00 - 2013-03-22 00:34 - 00000000 ____D C:\ProgramData\LogMeIn 2013-07-03 00:00 - 2009-12-17 00:41 - 01892612 ____A C:\Windows\WindowsUpdate.log 2013-07-02 23:54 - 2012-02-05 14:55 - 00000000 ____D C:\Users\Austin\.jedit 2013-07-02 23:54 - 2009-07-23 12:36 - 00000000 ____D C:\Program Files (x86)\Steam 2013-07-02 23:45 - 2009-12-17 00:29 - 00391708 ____A C:\Windows\PFRO.log 2013-07-02 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2013-07-02 18:25 - 2013-05-23 14:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-07-02 18:25 - 2011-12-22 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-02 18:25 - 2010-07-23 21:23 - 00000000 ____D C:\ProgramData\PMB Files 2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sysprep 2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2013-07-02 14:42 - 2009-12-16 23:57 - 00000000 ____D C:\users\Austin 2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp 2013-07-02 11:35 - 2012-07-10 12:03 - 00007594 ____A C:\Users\Austin\AppData\Local\Resmon.ResmonCfg 2013-07-02 11:33 - 2013-06-30 17:16 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt 2013-07-02 11:06 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-07-02 10:18 - 2013-07-02 10:17 - 00001448 ____A C:\AdwCleaner[s4].txt 2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt 2013-07-02 00:36 - 2013-07-02 00:35 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt 2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp 2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt 2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt 2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2013-06-30 17:57 - 2013-06-30 17:55 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini 2013-06-30 17:26 - 2013-06-30 17:25 - 00023306 ____A C:\AdwCleaner[s1].txt 2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt 2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe 2013-06-30 17:23 - 2013-06-30 11:51 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk 2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt 2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe 2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe 2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill 2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe 2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP 2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan 2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad 2013-06-29 11:30 - 2010-05-07 11:05 - 00000404 ___AH C:\Windows\Tasks\Norton Security Scan for Austin.job 2013-06-29 01:11 - 2010-12-21 20:24 - 00000000 ____D C:\Users\Austin\AppData\Roaming\vlc 2013-06-27 02:20 - 2010-09-05 11:09 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job 2013-06-23 13:51 - 2009-07-23 12:51 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Adobe 2013-06-23 13:48 - 2013-06-23 01:35 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3 2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-06-23 13:33 - 2009-07-10 20:45 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-06-23 13:32 - 2009-07-30 19:07 - 00000000 ____D C:\Users\Austin\AppData\Local\Adobe 2013-06-23 13:31 - 2009-07-10 20:45 - 00000000 ____D C:\ProgramData\Adobe 2013-06-23 01:35 - 2012-03-06 14:24 - 00000000 ____D C:\Users\Austin\AppData\Local\Amazon 2013-06-18 12:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL 2013-06-16 23:24 - 2009-07-10 20:47 - 00531797 ____A C:\Windows\DirectX.log 2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url 2013-06-13 03:14 - 2009-07-30 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 03:06 - 2010-08-05 12:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 23:17 - 2012-05-09 17:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 23:17 - 2012-01-20 13:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url 2013-06-08 10:54 - 2013-03-22 00:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2013-06-08 10:53 - 2013-03-22 00:35 - 00107368 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll 2013-06-08 10:53 - 2013-03-22 00:35 - 00035656 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll 2013-06-08 10:53 - 2013-03-22 00:34 - 00100680 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll 2013-06-08 10:08 - 2013-06-16 03:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 10:07 - 2013-06-16 03:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 10:06 - 2013-06-16 03:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 10:06 - 2013-06-16 03:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 10:06 - 2013-06-16 03:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 08:28 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 07:42 - 2013-06-16 03:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 07:13 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-06 03:35 - 2012-05-21 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-06-06 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url 2013-06-05 09:50 - 2013-06-05 09:43 - 00008121 ____A C:\Windows\IE10_main.log 2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0 Files to move or delete: ==================== C:\Users\Austin\AppData\Roaming\skype.ini C:\ProgramData\hash.dat C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 14:31 ==================== End Of Log ============================
  11. so it just now got to the login screen, a full 20 minutes after i turned it on
  12. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013 Ran by Austin at 2013-07-03 00:52:58 Run:1 Running from G:\ Boot Mode: Safe Mode (minimal) ============================================== C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => Moved successfully. X6va001 => Service not found. X6va005 => Service not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Temp => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Fraps3 => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Adobe CSS5.1 Manager => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Adobe CSS5.1 Manager => Value not found. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully. HKU\ UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. ==== End of Fixlog ==== I am not able to boot into normal mode, it gets to the starting windows stage, finishes like its going to start then goes to an all black screen and remains like that.
  13. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013 Ran by Austin (administrator) on 03-07-2013 00:40:20 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated) HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [52480 2009-04-24] (Alienware Corporation) HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait [42496 2012-01-30] (Contributors) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-11-29] (LogMeIn, Inc.) HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [75825640 2013-06-13] (Microsoft Corporation) HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation) HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [742264 2012-03-30] (BitTorrent, Inc.) HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [x] HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] () HKCU\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 [67456 2011-11-07] (Uniblue Systems Limited) HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTION HKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTION HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION HKCU\...\Run: [Akamai NetSession Interface] [x] HKCU\...\Run: [svidete] rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup [x] HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION HKCU\...\Winlogon: [shell] C:\Users\Austin\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n. ATTENTION! ====> ZeroAccess? MountPoints2: {1c1a6c67-9403-11de-b5da-0025643a50d8} - E:\LaunchU3.exe -a MountPoints2: {b6401647-eabf-11de-ae7c-806e6f6e6963} - D:\DVDROM\MediaManager\MediaManagerII.exe HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM-x32\...\Run: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" [75048 2009-05-01] (cyberlink) HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-01-22] (Symantec Corporation) HKLM-x32\...\Run: [FAStartup] [x] HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-03-05] (Sensible Vision ) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard) HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard) HKLM-x32\...\Run: [OSD] c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH) HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2007-12-14] () HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2008-10-17] (CyberLink Corp.) HKLM-x32\...\Run: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [backupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x] HKLM-x32\...\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" [492912 2008-06-30] (Symantec Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.) HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-08] (Anvisoft) HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTION AppInit_DLLs-x32: [0 ] () Lsa: [Notification Packages] scecli FAPassSync Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.) Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.) Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/xbox-360 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm URLSearchHook: (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011 SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011 BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision ) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File BHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://www.support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6089/mcfscan.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Google Toolbar for Firefox - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: AOL Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} FF Extension: AOL Messaging Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} FF Extension: uriloader - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\uriloader@pdf.js.xpi FF Extension: wdfopjxrea - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\wdfopjxrea@wdfopjxrea.org.xpi FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description> </RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>{3112ca9c-de6d-4884-a869-9855de68056c}</em:id> <em:version>3.1.20081127W</em:version> <!-- For Up-To-Date Documentation of this Format Please See: http://www.mozilla.org/projects/firefox/extensions/packaging/extensions.html --> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>2.0</em:minVersion> <em:maxVersion>3.*</em:maxVersion> </Description> </em:targetApplication> <em:targetPlatform>WINNT</em:targetPlatform> <em:name>Google Toolbar for Firefox</em:name> <em:description>Take the power of Google with you anywhere on the Web!</em:description> <em:creator>Google Inc.</em:creator> <em:homepageURL>http://www.google.com/</em:homepageURL> <em:updateURL><![CDATA[https://tools.google.com/firefox/update?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%&dist=google]]></em:updateURL> <em:file> <Description about="urn:mozilla:extension:file:google-toolbar.jar"> <em:package>content/</em:package> <em:locale>locale/en-US/</em:locale> <em:locale>locale/da-DK/</em:locale> <em:locale>locale/de-DE/</em:locale> <em:locale>locale/es-AR/</em:locale> <em:locale>locale/es-ES/</em:locale> <em:locale>locale/fi-FI/</em:locale> <em:locale>locale/fr-FR/</em:locale> <em:locale>locale/it-IT/</em:locale> <em:locale>locale/ja-JP/</em:locale> <em:locale>locale/ja-JPM/</em:locale> <em:locale>locale/ko-KR/</em:locale> <em:locale>locale/nb-NO/</em:locale> <em:locale>locale/nl-NL/</em:locale> <em:locale>locale/pt-BR/</em:locale> <em:locale>locale/ru-RU/</em:locale> <em:locale>locale/sv-SE/</em:locale> <em:locale>locale/zh-CN/</em:locale> <em:locale>locale/zh-TW/</em:locale> <em:skin>skin/</em:skin> </Description> </em:file> </Description> </RDF> - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description> </RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [{C0B62AAB-8E55-4B42-8670-E066358BE912}] C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\ FF Extension: <?xml version="1.0"?> <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:name>XULRunner</em:name> <em:id>{C0B62AAB-8E55-4B42-8670-E066358BE912}</em:id> <em:version>1.9.1</em:version> <em:creator>Mozilla Corp.</em:creator> <em:description>XULRunner is a Mozilla runtime package</em:description> <em:type>2</em:type> <em:hidden>true</em:hidden> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>1.5</em:minVersion> <em:maxVersion>3.*.*.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\ Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File ==================== Services (Whitelisted) ================= S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-08] (Anvisoft) S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation) S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation) S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] () S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2360584 2009-03-05] (Sensible Vision ) S2 gupdate1ca70abb4bf12a0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-11-29] (Google Inc.) S3 HcwDevCentralService; C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [401232 2013-02-07] (Hauppauge Computer Works, Inc.) S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.) S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.) S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.) S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-07-25] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.) S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-22] () S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3081544 2009-01-22] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [388424 2009-01-22] (Symantec Corporation) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe [268288 2009-03-19] (IDT, Inc.) S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-01-22] (Symantec Corporation) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] ==================== Drivers (Whitelisted) ==================== S4 ahcix64; C:\Windows\system32\drivers\ahcix64.sys [146944 2008-07-29] (ATI Technologies Inc.) S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft) S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft) S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft) S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] () S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] () R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.) R0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [8704 2006-02-07] (JMicron ) S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S4 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [163736 2007-06-15] (Marvell Semiconductor, Inc.) S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation) S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation) S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation) S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation) S3 OA007Vid; C:\Windows\System32\DRIVERS\OA007Vid.sys [310208 2008-12-27] (Creative Technology Ltd.) S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation) S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation) S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation) S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation) S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2009-07-28] (Symantec Corporation) S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org) S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org) S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.) S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.) S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S4 LMIRfsClientNP; No ImagePath S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x] S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST 2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp 2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp 2013-07-02 10:17 - 2013-07-02 10:18 - 00001448 ____A C:\AdwCleaner[s4].txt 2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt 2013-07-02 00:35 - 2013-07-02 00:36 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt 2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp 2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt 2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt 2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2013-06-30 18:02 - 2012-11-07 03:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys 2013-06-30 18:02 - 2012-11-07 03:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys 2013-06-30 18:02 - 2012-11-07 03:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys 2013-06-30 17:55 - 2013-06-30 17:57 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini 2013-06-30 17:25 - 2013-06-30 17:26 - 00023306 ____A C:\AdwCleaner[s1].txt 2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt 2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe 2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt 2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe 2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe 2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill 2013-06-30 17:16 - 2013-07-02 11:33 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt 2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe 2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-06-30 12:31 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys 2013-06-30 12:30 - 2013-06-30 12:31 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP 2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan 2013-06-30 11:51 - 2013-07-03 00:00 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job 2013-06-30 11:51 - 2013-06-30 17:23 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk 2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad 2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-06-23 01:35 - 2013-06-23 13:48 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3 2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL 2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url 2013-06-16 03:02 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 03:02 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 03:02 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 03:02 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 03:02 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 03:02 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 03:02 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 03:02 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 03:02 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 03:03 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-13 03:03 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-13 03:03 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 03:03 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-13 03:03 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 03:03 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-13 03:03 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-13 03:03 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 10:04 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 10:04 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 10:04 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 10:02 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 10:02 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 10:01 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 10:01 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 09:59 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 09:59 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 09:59 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 09:59 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 09:59 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 09:59 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 09:59 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 09:59 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 09:59 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 09:59 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 09:58 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 09:58 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url 2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url 2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-05 09:43 - 2013-06-05 09:50 - 00008121 ____A C:\Windows\IE10_main.log ==================== One Month Modified Files and Folders ======= 2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST 2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp 2013-07-03 00:04 - 2011-04-21 10:07 - 00000000 ____D C:\Windows\Minidump 2013-07-03 00:04 - 2009-12-12 04:29 - 714636151 ____A C:\Windows\MEMORY.DMP 2013-07-03 00:01 - 2010-07-23 21:24 - 00000000 ____D C:\Users\Austin\AppData\Local\PMB Files 2013-07-03 00:01 - 2010-05-07 10:46 - 00000000 ____D C:\Users\Austin\AppData\Roaming\uTorrent 2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job 2013-07-03 00:00 - 2013-03-22 00:34 - 00000000 ____D C:\ProgramData\LogMeIn 2013-07-02 23:57 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-02 23:55 - 2011-09-05 23:37 - 00000000 ____D C:\Users\Austin\AppData\Local\LogMeIn Hamachi 2013-07-02 23:54 - 2012-02-05 14:55 - 00000000 ____D C:\Users\Austin\.jedit 2013-07-02 23:54 - 2009-07-23 12:36 - 00000000 ____D C:\Program Files (x86)\Steam 2013-07-02 23:52 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job 2013-07-02 23:52 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job 2013-07-02 23:52 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-02 23:51 - 2009-07-14 00:51 - 01930249 ____A C:\Windows\setupact.log 2013-07-02 23:50 - 2009-07-10 19:58 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-02 23:45 - 2009-12-17 00:29 - 00391708 ____A C:\Windows\PFRO.log 2013-07-02 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2013-07-02 18:25 - 2013-05-23 14:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-07-02 18:25 - 2011-12-22 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-02 18:25 - 2010-07-23 21:23 - 00000000 ____D C:\ProgramData\PMB Files 2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sysprep 2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2013-07-02 14:42 - 2009-12-16 23:57 - 00000000 ____D C:\users\Austin 2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp 2013-07-02 11:35 - 2012-07-10 12:03 - 00007594 ____A C:\Users\Austin\AppData\Local\Resmon.ResmonCfg 2013-07-02 11:33 - 2013-06-30 17:16 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt 2013-07-02 11:06 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-07-02 10:18 - 2013-07-02 10:17 - 00001448 ____A C:\AdwCleaner[s4].txt 2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt 2013-07-02 00:36 - 2013-07-02 00:35 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt 2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-01 07:15 - 2009-12-17 00:41 - 01886483 ____A C:\Windows\WindowsUpdate.log 2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp 2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt 2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt 2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft 2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2013-06-30 17:57 - 2013-06-30 17:55 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini 2013-06-30 17:26 - 2013-06-30 17:25 - 00023306 ____A C:\AdwCleaner[s1].txt 2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt 2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe 2013-06-30 17:23 - 2013-06-30 11:51 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk 2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt 2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe 2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe 2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill 2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe 2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr 2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP 2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan 2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad 2013-06-29 11:30 - 2010-05-07 11:05 - 00000404 ___AH C:\Windows\Tasks\Norton Security Scan for Austin.job 2013-06-29 01:11 - 2010-12-21 20:24 - 00000000 ____D C:\Users\Austin\AppData\Roaming\vlc 2013-06-27 02:20 - 2010-09-05 11:09 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job 2013-06-23 13:51 - 2009-07-23 12:51 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Adobe 2013-06-23 13:48 - 2013-06-23 01:35 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3 2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-06-23 13:33 - 2009-07-10 20:45 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-06-23 13:32 - 2009-07-30 19:07 - 00000000 ____D C:\Users\Austin\AppData\Local\Adobe 2013-06-23 13:31 - 2009-07-10 20:45 - 00000000 ____D C:\ProgramData\Adobe 2013-06-23 01:35 - 2012-03-06 14:24 - 00000000 ____D C:\Users\Austin\AppData\Local\Amazon 2013-06-18 12:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL 2013-06-16 23:24 - 2009-07-10 20:47 - 00531797 ____A C:\Windows\DirectX.log 2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url 2013-06-13 03:14 - 2009-07-30 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 03:06 - 2010-08-05 12:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 23:17 - 2012-05-09 17:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 23:17 - 2012-01-20 13:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url 2013-06-08 10:54 - 2013-03-22 00:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2013-06-08 10:53 - 2013-03-22 00:35 - 00107368 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll 2013-06-08 10:53 - 2013-03-22 00:35 - 00035656 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll 2013-06-08 10:53 - 2013-03-22 00:34 - 00100680 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll 2013-06-08 10:08 - 2013-06-16 03:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 10:07 - 2013-06-16 03:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 10:06 - 2013-06-16 03:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 10:06 - 2013-06-16 03:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 10:06 - 2013-06-16 03:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 08:28 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 07:42 - 2013-06-16 03:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 07:40 - 2013-06-16 03:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 07:13 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-06 03:35 - 2012-05-21 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-06-06 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url 2013-06-05 09:50 - 2013-06-05 09:43 - 00008121 ____A C:\Windows\IE10_main.log 2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0 ZeroAccess: C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@ C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U Files to move or delete: ==================== C:\Users\Austin\AppData\Roaming\skype.ini C:\ProgramData\hash.dat C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 14:31 ==================== End Of Log ============================
  14. First off I have a triple team going on my system right now. I have the Fbi scam virus keeping me from doing anything. I can only keep the computer UN stuck by booting in safe mode with command window. I also have the internet security virus waiting and a suspected zero access rootkit as told by the rkill program. I need some help fixing this thing.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.