boombaby16 Posted September 14, 2012 ID:597046 Share Posted September 14, 2012 I started getting help in PC Help but turns out my computer is infected here is the link to the other forum- http://forums.malwarebytes.org/index.php?showtopic=115818 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2012 ID:597826 Share Posted September 16, 2012 (edited) Hello boombaby16.You must first uninstall uTorrent along with any other peer-to-peer app. That is forum policy and I need for you to confirm you have done that before we get going further.Risks of File-Sharing Technology.P2P file sharing: Know the risksForum policy on peer-to-peer-prams:If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.http://forums.malwarebytes.org/index.php?showtopic=97700Reply back when that is done.NEXTStep 1Disable CD-ROM Emulation Software:Please download the following tool DeFogger to your desktop.◦Double click DeFogger to run the tool.◦The application window will appear◦Click the Disable button to disable your CD Emulation drivers.◦Click Yes to continue◦A 'Finished!' message will appear◦Click OK◦DeFogger will now ask to reboot the machine - click OK◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.◦Do not re-enable these drivers until otherwise instructed.Step 21. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 3To show all files:Go to your DesktopDouble-Click the Computer icon. From the menu options, Select Tools, then Folder Options. Next click the View tab. Locate and uncheck Hide file extensions for known file types. Locate and uncheck Hide protected operating system files (Recommended). Locate and click Show hidden files and folders and drives. Click Apply > OK. Step 4For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt [*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Edited September 16, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597843 Share Posted September 16, 2012 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03Ran by SYSTEM at 16-09-2012 10:30:31Running from G:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [7981088 2009-07-20] (Realtek Semiconductor)HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2779024 2011-03-14] (CANON INC.)HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-08-12] (NewTech Infosystems, Inc.)HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-07-07] (Creative Technology Ltd)HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1611160 2011-03-28] (CANON INC.)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()HKU\Gabe\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()HKU\Gabe\...\Run: [Akamai NetSession Interface] "C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)HKU\Gabe\...\Run: [Google Update] "C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-26] (Google Inc.)HKU\Gabe\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]HKU\Gabe\...\Run: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe [321736 2012-08-14] ( New Softwares.net)HKU\Gabe\...\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2012-08-14] (New Softwares.net)HKU\Gabe\...\Run: [steam] "C:\Program Files (x86)\newsteam\steam.exe" -silent [1353080 2012-09-13] (Valve Corporation)HKU\Gabe\...\Policies\system: [LogonHoursAction] 2HKU\Gabe\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Mcx1-AUSTIN\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)HKU\UpdatusUser\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()Tcpip\Parameters: [DhcpNameServer] 69.169.190.211 208.72.160.67Tcpip\..\Interfaces\{6BC084C6-73F6-4A18-AC61-EB4D9553E781}: [NameServer]192.168.1.1Startup: C:\Users\Gabe\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\Gabe\Start Menu\Programs\Startup\ts3server_win64.exe (TeamSpeak Systems GmbH)==================== Services (Whitelisted) ===================2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)4 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)2 FLService; C:\Windows\SysWow64\WinFLService.exe [91336 2012-08-14] (New Softwares.net)2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-15] ()==================== Drivers (Whitelisted) =====================3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-01-19] (Ralink Technology Corp.)3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2012-08-13] ()3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)3 U6000ALL; C:\Windows\System32\DRIVERS\dmdcap.sys [276480 2007-06-08] ()1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2012-08-14] ()2 WinVDEDrv; \??\C:\Windows\SysWow64\WinVDEdrv.sys [225680 2012-08-13] (NewSoftwares.net, Inc.)3 catchme; \??\C:\ComboFix\catchme.sys [x]3 dump_wmimmc; \??\C:\Program Files (x86)\CABAL Online (NA - Global)\GameGuard\dump_wmimmc.sys [x]3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]1 pilzjtxd; \??\C:\Windows\system32\drivers\pilzjtxd.sys [x]3 X6va003; \??\C:\Users\Gabe\AppData\Local\Temp\0036C13.tmp [x]1 xylmutwv; \??\C:\Windows\system32\drivers\xylmutwv.sys [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2012-09-16 08:16 - 2012-09-16 08:16 - 00000470 ____A C:\Users\Gabe\Desktop\defogger_disable.log2012-09-16 08:16 - 2012-09-16 08:16 - 00000000 ____A C:\Users\Gabe\defogger_reenable2012-09-16 08:13 - 2012-09-16 08:15 - 00000000 ____D C:\Users\Gabe\Desktop\ERUNT2012-09-16 08:10 - 2012-09-16 08:10 - 00050477 ____A C:\Users\Gabe\Desktop\Defogger.exe2012-09-15 14:46 - 2012-09-15 14:46 - 00302219 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp2012-09-15 06:22 - 2012-09-15 06:23 - 00000000 ____D C:\Users\Gabe\Documents\Battlefield 32012-09-15 06:19 - 2012-09-15 06:19 - 03878360 ____A C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe2012-09-15 06:07 - 2012-09-15 06:07 - 00001141 ____A C:\Users\Public\Desktop\Battlefield 3.lnk2012-09-15 06:06 - 2012-09-15 16:03 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe2012-09-15 06:06 - 2012-09-15 06:30 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe2012-09-15 05:37 - 2012-09-15 06:17 - 00000000 ____D C:\Users\Gabe\AppData\Local\Origin2012-09-15 05:37 - 2012-09-15 05:37 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Origin2012-09-15 05:35 - 2012-09-15 05:39 - 00000000 ____D C:\Users\All Users\Origin2012-09-15 05:35 - 2012-09-15 05:37 - 00000000 ____D C:\Program Files (x86)\Origin2012-09-15 05:35 - 2012-09-15 05:35 - 00000950 ____A C:\Users\Public\Desktop\Origin.lnk2012-09-15 05:35 - 2012-09-15 05:35 - 00000537 ____A C:\Windows\KB893803v2.log2012-09-15 05:33 - 2012-09-15 05:34 - 16910992 ____A (Electronic Arts, Inc.) C:\Users\Gabe\Desktop\OriginThinSetup.exe2012-09-15 05:32 - 2012-09-15 05:32 - 00000000 ____D C:\Users\Gabe\Desktop\Battlefield 3- Premium Edition2012-09-14 17:43 - 2012-09-14 17:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\dotNetFx40_Full_setup.exe2012-09-14 17:30 - 2012-08-30 22:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe2012-09-14 17:29 - 2012-09-14 17:29 - 16868888 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\Windows-KB890830-V4.12.exe2012-09-14 13:27 - 2012-09-14 16:41 - 00000038 ___RH C:\Users\Gabe\Desktop\stinger.opt2012-09-14 13:26 - 2012-09-14 16:41 - 00000000 ____D C:\Program Files (x86)\stinger2012-09-14 13:26 - 2012-09-14 13:26 - 09994856 ____A (McAfee Inc.) C:\Users\Gabe\Desktop\stinger.exe2012-09-14 06:23 - 2012-09-14 17:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\ArmA 22012-09-13 20:38 - 2012-09-13 20:38 - 00032037 ____A C:\Users\Gabe\Desktop\DDS.txt2012-09-13 20:38 - 2012-09-13 20:38 - 00009748 ____A C:\Users\Gabe\Desktop\Attach.txt2012-09-13 20:34 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Desktop\Result.txt2012-09-13 20:18 - 2012-09-13 20:18 - 00607260 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com2012-09-13 20:17 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Downloads\Result.txt2012-09-13 20:16 - 2012-09-13 20:16 - 00751391 ____A (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe2012-09-13 19:22 - 2012-09-13 19:22 - 00001750 ____A C:\Users\Public\Desktop\iTunes.lnk2012-09-13 19:22 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF692012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Program Files\iTunes2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Program Files (x86)\iTunes2012-09-13 19:21 - 2012-09-13 19:21 - 00000000 ____D C:\Program Files\iPod2012-09-13 19:10 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys2012-09-13 19:10 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2012-09-13 19:10 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2012-09-13 19:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys2012-09-13 19:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys2012-09-13 19:06 - 2012-09-13 19:06 - 00000000 ____D C:\f1367e126a89152dbd332012-09-13 18:31 - 2012-09-14 17:25 - 00000000 ____D C:\Users\Gabe\Documents\ArmA 22012-09-13 18:31 - 2012-09-13 18:33 - 00000000 ____D C:\Users\Gabe\AppData\Local\ArmA 2 OA2012-09-13 18:30 - 2012-09-15 06:06 - 00073702 ____A C:\Windows\DirectX.log2012-09-13 18:21 - 2012-09-13 18:21 - 00001301 ____A C:\Users\Public\Desktop\DayZ Commander.lnk2012-09-13 18:21 - 2012-09-13 18:21 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios2012-09-13 16:58 - 2012-09-13 16:58 - 00000224 ____A C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url2012-09-12 12:01 - 2012-09-12 12:01 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab2012-09-12 12:01 - 2012-09-12 12:01 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab2012-09-11 22:54 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2012-09-11 22:54 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2012-09-11 22:54 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2012-09-02 23:53 - 2012-09-02 23:53 - 00000000 ____D C:\Users\Gabe\Documents\Amazon MP32012-09-01 22:50 - 2012-09-01 22:50 - 00000000 ___DC C:\Users\All Users\{3FC66E2C-85B6-4398-82FB-C13C51DE9DD8}2012-09-01 22:42 - 2012-09-01 22:50 - 1519417223 ____A C:\Users\Gabe\Downloads\LOLPBE.zip2012-09-01 01:11 - 1999-12-31 16:00 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll2012-09-01 01:11 - 1999-12-31 16:00 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll2012-09-01 01:11 - 1999-12-31 16:00 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2012-09-01 01:11 - 1999-12-31 16:00 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2012-09-01 01:11 - 1999-12-31 16:00 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2012-09-01 01:11 - 1999-12-31 16:00 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys2012-09-01 01:11 - 1999-12-31 16:00 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll2012-09-01 01:11 - 1999-12-31 16:00 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2012-09-01 01:11 - 1999-12-31 16:00 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2012-09-01 01:11 - 1999-12-31 16:00 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll2012-09-01 01:11 - 1999-12-31 16:00 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll2012-09-01 01:11 - 1999-12-31 16:00 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2012-09-01 01:11 - 1999-12-31 16:00 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2012-09-01 01:11 - 1999-12-31 16:00 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2012-09-01 00:40 - 2012-09-01 00:40 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\InstallShield2012-09-01 00:40 - 2012-09-01 00:40 - 00000000 ____D C:\Users\All Users\InstallShield2012-09-01 00:40 - 2011-02-18 06:11 - 00439320 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys2012-09-01 00:38 - 2012-09-01 00:38 - 00000000 ____D C:\Windows\SysWOW64\sda2012-09-01 00:36 - 1999-12-31 16:00 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll2012-09-01 00:36 - 1999-12-31 16:00 - 00422504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStor.dll2012-09-01 00:36 - 1999-12-31 16:00 - 00250984 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys2012-09-01 00:33 - 2012-09-01 00:33 - 00000000 ____D C:\Program Files\Intel2012-09-01 00:33 - 2011-09-26 15:15 - 00178344 ____A (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe2012-09-01 00:32 - 2011-09-06 13:33 - 00355016 ____A (Intel Corporation) C:\Windows\System32\PROUnstl.exe2012-09-01 00:32 - 2006-01-12 12:52 - 00001904 ____N C:\Windows\System32\SetupBD.din2012-09-01 00:19 - 2011-07-20 06:58 - 00342704 ____A (Intel Corporation) C:\Windows\System32\Drivers\e1k62x64.sys2012-09-01 00:19 - 2011-06-29 21:55 - 00068264 ____A (Intel Corporation) C:\Windows\System32\e1kmsg.dll2012-09-01 00:19 - 2011-06-15 22:14 - 00098496 ____A (Intel Corporation) C:\Windows\System32\NicInstK.dll2012-09-01 00:19 - 2009-10-09 08:43 - 00003143 ____A C:\Windows\System32\e1k62x64.din2012-09-01 00:04 - 2012-09-01 00:04 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Users\Gabe\AppData\Local\SlimWare Utilities Inc2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Program Files (x86)\DriverUpdate2012-08-31 20:19 - 2012-08-31 20:19 - 00002885 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log2012-08-31 20:19 - 2012-08-28 18:10 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe2012-08-31 20:19 - 2012-08-28 18:10 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe2012-08-31 20:19 - 2012-08-28 18:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe2012-08-29 20:05 - 2012-08-29 20:05 - 00000318 ____A C:\Users\Gabe\Desktop\Curse Client.appref-ms2012-08-29 20:05 - 2012-08-29 20:05 - 00000000 ____D C:\Users\Gabe\Documents\My Curse2012-08-29 19:46 - 2012-08-29 20:04 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.02012-08-29 19:46 - 2012-08-29 19:46 - 00000965 ____A C:\Users\Gabe\Gabe - Shortcut.lnk2012-08-28 08:52 - 2012-08-28 08:52 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp2012-08-28 08:25 - 2012-08-28 08:59 - 00000984 ____A C:\Users\Public\Desktop\World of Warcraft.lnk2012-08-24 13:39 - 2012-08-24 13:39 - 00000000 ____D C:\Users\Gabe\AppData\Local\{2E299EFB-46B7-442A-845F-11E4B795ED59}2012-08-19 18:27 - 2012-08-19 18:27 - 00000030 ____A C:\Users\Gabe\AppData\Local\HackLogs.dat2012-08-19 18:24 - 2012-08-28 18:24 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll2012-08-19 18:23 - 2012-08-19 18:23 - 00000000 ____D C:\Users\All Users\McAfee==================== 3 Months Modified Files ==================2012-09-16 08:26 - 2012-07-26 15:27 - 00024776 ____A C:\Windows\PFRO.log2012-09-16 08:26 - 2012-07-26 14:56 - 00015166 ____A C:\Windows\setupact.log2012-09-16 08:26 - 2010-02-02 06:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2012-09-16 08:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-09-16 08:25 - 2009-10-17 02:53 - 01186162 ____A C:\Windows\WindowsUpdate.log2012-09-16 08:25 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-09-16 08:25 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-09-16 08:17 - 2009-07-13 21:13 - 00852118 ____A C:\Windows\System32\PerfStringBackup.INI2012-09-16 08:16 - 2012-09-16 08:16 - 00000470 ____A C:\Users\Gabe\Desktop\defogger_disable.log2012-09-16 08:16 - 2012-09-16 08:16 - 00000000 ____A C:\Users\Gabe\defogger_reenable2012-09-16 08:11 - 2012-04-07 21:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2012-09-16 08:10 - 2012-09-16 08:10 - 00050477 ____A C:\Users\Gabe\Desktop\Defogger.exe2012-09-16 07:51 - 2009-12-26 20:18 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000UA.job2012-09-16 06:54 - 2010-02-02 06:07 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2012-09-15 16:03 - 2012-09-15 06:06 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe2012-09-15 16:03 - 2011-08-31 09:12 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr2012-09-15 16:03 - 2011-08-31 09:10 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex02012-09-15 14:46 - 2012-09-15 14:46 - 00302219 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp2012-09-15 13:50 - 2009-12-26 20:18 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000Core.job2012-09-15 06:30 - 2012-09-15 06:06 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe2012-09-15 06:19 - 2012-09-15 06:19 - 03878360 ____A C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe2012-09-15 06:07 - 2012-09-15 06:07 - 00001141 ____A C:\Users\Public\Desktop\Battlefield 3.lnk2012-09-15 06:06 - 2012-09-13 18:30 - 00073702 ____A C:\Windows\DirectX.log2012-09-15 05:35 - 2012-09-15 05:35 - 00000950 ____A C:\Users\Public\Desktop\Origin.lnk2012-09-15 05:35 - 2012-09-15 05:35 - 00000537 ____A C:\Windows\KB893803v2.log2012-09-15 05:35 - 2010-01-26 11:38 - 00003000 ____A C:\Windows\wininit.ini2012-09-15 05:34 - 2012-09-15 05:33 - 16910992 ____A (Electronic Arts, Inc.) C:\Users\Gabe\Desktop\OriginThinSetup.exe2012-09-14 17:43 - 2012-09-14 17:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\dotNetFx40_Full_setup.exe2012-09-14 17:29 - 2012-09-14 17:29 - 16868888 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\Windows-KB890830-V4.12.exe2012-09-14 16:41 - 2012-09-14 13:27 - 00000038 ___RH C:\Users\Gabe\Desktop\stinger.opt2012-09-14 13:26 - 2012-09-14 13:26 - 09994856 ____A (McAfee Inc.) C:\Users\Gabe\Desktop\stinger.exe2012-09-13 20:38 - 2012-09-13 20:38 - 00032037 ____A C:\Users\Gabe\Desktop\DDS.txt2012-09-13 20:38 - 2012-09-13 20:38 - 00009748 ____A C:\Users\Gabe\Desktop\Attach.txt2012-09-13 20:34 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Desktop\Result.txt2012-09-13 20:34 - 2012-09-13 20:17 - 00034177 ____A C:\Users\Gabe\Downloads\Result.txt2012-09-13 20:18 - 2012-09-13 20:18 - 00607260 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com2012-09-13 20:16 - 2012-09-13 20:16 - 00751391 ____A (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe2012-09-13 20:04 - 2012-01-01 03:40 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2012-09-13 19:25 - 2010-12-23 11:30 - 00868104 ____A C:\Windows\SysWOW64\PerfStringBackup.INI2012-09-13 19:22 - 2012-09-13 19:22 - 00001750 ____A C:\Users\Public\Desktop\iTunes.lnk2012-09-13 19:04 - 2012-04-07 21:30 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-09-13 19:04 - 2011-11-20 23:33 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-09-13 18:21 - 2012-09-13 18:21 - 00001301 ____A C:\Users\Public\Desktop\DayZ Commander.lnk2012-09-13 16:58 - 2012-09-13 16:58 - 00000224 ____A C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url2012-09-12 01:00 - 2009-11-26 14:54 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-09-07 15:04 - 2011-10-09 21:14 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-09-04 09:46 - 2011-11-01 13:56 - 00002455 ____A C:\Users\Gabe\Desktop\Google Chrome.lnk2012-09-01 22:50 - 2012-09-01 22:42 - 1519417223 ____A C:\Users\Gabe\Downloads\LOLPBE.zip2012-09-01 00:04 - 2012-09-01 00:04 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk2012-08-31 20:19 - 2012-08-31 20:19 - 00002885 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log2012-08-30 22:12 - 2012-09-14 17:30 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe2012-08-29 20:05 - 2012-08-29 20:05 - 00000318 ____A C:\Users\Gabe\Desktop\Curse Client.appref-ms2012-08-29 20:01 - 2012-08-14 17:19 - 00003465 __ASH C:\Windows\SysWOW64\win_stlthdb_sys.dat2012-08-29 20:01 - 2012-08-13 19:06 - 00003465 __ASH C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat2012-08-29 20:01 - 2012-08-13 19:06 - 00000700 __ASH C:\Users\Gabe\AppData\Local\systemFL7.dat2012-08-29 19:46 - 2012-08-29 19:46 - 00000965 ____A C:\Users\Gabe\Gabe - Shortcut.lnk2012-08-28 18:24 - 2012-08-19 18:24 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll2012-08-28 18:24 - 2010-09-03 11:41 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll2012-08-28 18:10 - 2012-08-31 20:19 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe2012-08-28 18:10 - 2012-08-31 20:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe2012-08-28 18:09 - 2012-08-31 20:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe2012-08-28 08:59 - 2012-08-28 08:25 - 00000984 ____A C:\Users\Public\Desktop\World of Warcraft.lnk2012-08-28 08:52 - 2012-08-28 08:52 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp2012-08-27 17:26 - 2012-08-13 19:12 - 00001906 __ASH C:\Users\Gabe\AppData\Local\win_fldb_sys.dat2012-08-27 17:26 - 2012-08-13 19:12 - 00001386 __ASH C:\Windows\SysWOW64\win_fldb_sys.dat2012-08-22 10:12 - 2012-09-13 19:10 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys2012-08-22 10:12 - 2012-09-11 22:54 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2012-08-22 10:12 - 2012-09-11 22:54 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2012-08-22 10:12 - 2012-09-11 22:54 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2012-08-21 11:01 - 2012-09-13 19:22 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys2012-08-21 11:01 - 2009-11-27 11:46 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll2012-08-21 11:01 - 2009-11-27 11:46 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll2012-08-19 18:27 - 2012-08-19 18:27 - 00000030 ____A C:\Users\Gabe\AppData\Local\HackLogs.dat2012-08-16 12:51 - 2012-08-16 12:47 - 00049512 ____A C:\Users\Gabe\Documents\(Unknown) - Clip 001.avi.sfk2012-08-16 12:51 - 2012-08-16 12:47 - 00001024 ____A C:\Users\Gabe\Documents\Default.sfvidcap2012-08-16 12:46 - 2012-08-16 12:45 - 967345152 ____A C:\Users\Gabe\Documents\(Unknown) - Clip 001.avi2012-08-16 01:28 - 2009-07-13 20:45 - 04909576 ____A C:\Windows\System32\FNTCACHE.DAT2012-08-14 17:24 - 2012-08-14 17:24 - 00000620 __ASH C:\Users\Gabe\AppData\Local\settingsFL.dat2012-08-14 17:18 - 2012-08-13 19:05 - 00321736 ____A ( New Softwares.net) C:\Windows\SysWOW64\WinFLTrayShred.exe2012-08-14 17:18 - 2012-08-13 19:05 - 00321736 ____A ( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe2012-08-14 17:18 - 2012-08-13 19:05 - 00091336 ____A (New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe2012-08-14 17:18 - 2012-08-13 19:05 - 00040960 ____A C:\Windows\SysWOW64\nwsftUninstall.exe2012-08-14 17:18 - 2012-08-13 19:05 - 00034816 ____A C:\Windows\SysWOW64\WinFLAdrv.sys2012-08-14 17:18 - 2012-08-13 19:05 - 00014024 ____A C:\Windows\SysWOW64\WinFLMsgService.exe2012-08-14 17:18 - 2012-08-13 19:05 - 00001106 ____A C:\Users\Gabe\Desktop\Folder Lock.lnk2012-08-14 17:17 - 2012-08-14 17:16 - 00001328 ____A C:\Users\Public\Desktop\World of Warcraft Beta.lnk2012-08-14 17:11 - 2012-08-14 17:11 - 31727744 ____A (Blizzard Entertainment) C:\Users\Gabe\Desktop\World of Warcraft Beta Setup.exe2012-08-13 19:06 - 2012-08-13 19:06 - 00002568 __ASH C:\Users\All Users\win_mpwd_sys.dat2012-08-13 19:05 - 2012-08-13 19:05 - 00225680 ____A (NewSoftwares.net, Inc.) C:\Windows\SysWOW64\WinVDEdrv.sys2012-08-13 19:05 - 2012-08-13 19:05 - 00197648 ____A C:\Windows\SysWOW64\WinVDEdrv6.sys2012-08-06 21:05 - 2012-08-06 21:05 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-06 23_05_03.581740.dmp2012-08-05 17:25 - 2012-03-14 10:40 - 00001156 ____A C:\Users\Public\Desktop\GOM Player.lnk2012-08-02 09:58 - 2012-09-13 19:10 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2012-08-02 08:57 - 2012-09-13 19:10 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2012-08-01 21:12 - 2012-08-01 21:12 - 00007603 ____A C:\Users\Gabe\AppData\Local\Resmon.ResmonCfg2012-08-01 16:31 - 2012-08-01 16:31 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-01 18_31_09.895452.dmp2012-07-31 20:33 - 2012-07-31 20:33 - 00002533 ____A C:\Users\Gabe\Desktop\Skype.lnk2012-07-31 20:11 - 2011-10-03 22:26 - 00021352 ____A C:\Windows\System32\lvcoinst.log2012-07-30 11:32 - 2012-07-30 11:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys2012-07-30 11:32 - 2012-07-30 11:32 - 00102240 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys2012-07-29 17:03 - 2011-10-30 23:14 - 00036864 ____A C:\Users\Gabe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-07-29 09:52 - 2012-07-29 09:52 - 00001047 ____A C:\Users\Public\Desktop\Vegas Pro 11.0.lnk2012-07-28 17:20 - 2011-10-04 11:13 - 00083984 ____A C:\Users\Gabe\AppData\Local\GDIPFONTCACHEV1.DAT2012-07-28 17:19 - 2010-01-11 12:13 - 00007756 ____A C:\Users\All Users\hpzinstall.log2012-07-26 14:56 - 2012-07-26 14:56 - 00000000 ____A C:\Windows\setuperr.log2012-07-25 14:01 - 2012-07-25 11:19 - 00002046 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk2012-07-25 14:00 - 2012-07-25 11:17 - 00002329 ____A C:\Users\Public\Desktop\Canon MG2100 series On-screen Manual.lnk2012-07-18 10:15 - 2012-08-15 02:27 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-07-16 17:16 - 2012-07-16 17:16 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1342421813-2012-07-16 19_16_09.766721.dmp2012-07-12 06:37 - 2012-07-12 06:37 - 00041174 ____A C:\Users\Gabe\Documents\cc_20120712_083703.reg2012-07-12 06:33 - 2012-06-08 16:58 - 00000829 ____A C:\Users\Public\Desktop\CCleaner.lnk2012-07-09 11:42 - 2012-07-09 11:42 - 04547984 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll2012-07-09 11:42 - 2012-07-09 11:42 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys2012-07-04 14:16 - 2012-08-15 02:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll2012-07-04 14:13 - 2012-08-15 02:27 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll2012-07-04 14:13 - 2012-08-15 02:27 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll2012-07-04 13:16 - 2012-08-15 02:27 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll2012-07-04 13:14 - 2012-08-15 02:27 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll2012-07-04 12:26 - 2012-09-13 19:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys2012-07-04 12:26 - 2012-09-13 19:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys2012-06-28 20:55 - 2012-08-16 01:08 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-06-28 20:09 - 2012-08-16 01:08 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-06-28 19:56 - 2012-08-16 01:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-06-28 19:49 - 2012-08-16 01:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-06-28 19:49 - 2012-08-16 01:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-06-28 19:48 - 2012-08-16 01:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-06-28 19:47 - 2012-08-16 01:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-06-28 19:45 - 2012-08-16 01:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-06-28 19:44 - 2012-08-16 01:08 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-06-28 19:43 - 2012-08-16 01:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-06-28 19:42 - 2012-08-16 01:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-06-28 19:40 - 2012-08-16 01:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-06-28 19:39 - 2012-08-16 01:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-06-28 19:35 - 2012-08-16 01:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-06-28 16:52 - 2012-08-16 01:08 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-06-28 16:27 - 2012-08-16 01:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-06-28 16:16 - 2012-08-16 01:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-06-28 16:09 - 2012-08-16 01:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-06-28 16:09 - 2012-08-16 01:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-06-28 16:08 - 2012-08-16 01:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-06-28 16:07 - 2012-08-16 01:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-06-28 16:06 - 2012-08-16 01:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-06-28 16:04 - 2012-08-16 01:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-06-28 16:04 - 2012-08-16 01:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-06-28 16:01 - 2012-08-16 01:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-06-28 16:01 - 2012-08-16 01:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-06-28 16:00 - 2012-08-16 01:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-06-28 15:57 - 2012-08-16 01:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-06-25 13:22 - 2012-04-28 18:36 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2012-09-14 17:23:35Restore point made on: 2012-09-15 06:04:52==================== Memory info =========================== Percentage of memory in use: 10%Total physical RAM: 8183.11 MBAvailable physical RAM: 7355.73 MBTotal Pagefile: 8181.26 MBAvailable Pagefile: 7356.68 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB==================== Partitions =============================1 Drive c: (Gateway) (Fixed) (Total:916.41 GB) (Free:418.75 GB) NTFS2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.68 GB) NTFS4 Drive g: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT3210 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 3824 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 15 GB 1024 KB Partition 2 Primary 100 MB 15 GB Partition 3 Primary 916 GB 15 GB==================================================================================Disk: 0Partition 1Type : 27Hidden: YesActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy =========================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C Gateway NTFS Partition 916 GB Healthy =========================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3823 MB 564 KB==================================================================================Disk: 1Partition 1Type : 0BHidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 G USB20FD FAT32 Removable 3823 MB Healthy =========================================================Last Boot: 2012-09-06 04:59==================== End Of Log ============================= Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597845 Share Posted September 16, 2012 I just used Crtl F and typed utorrent because ive been trying to find the rest of the files and it looks like i missed some. I have uninstalled it though Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597846 Share Posted September 16, 2012 I didn't think of looking in program files(x86) because when i was using a search bar nothing else came up sorry about that Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2012 ID:597888 Share Posted September 16, 2012 Return back to normal Windows. {Restart your system}IF you have a previous copy of OTL.exe then delete it.Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exeClose all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!Exit OTL by clicking the X at top right.Download Security Check by screen317 and save it to your Desktop: here Run Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Then copy/paste the following into your post (in order):the contents of OTL.txt;the contents of Extras.txt ; andthe contents of checkup.txt Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597911 Share Posted September 16, 2012 OTL logfile created on: 9/16/2012 11:43:16 AM - Run 1OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Gabe\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.99 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.54% Memory free15.98 Gb Paging File | 14.01 Gb Available in Paging File | 87.69% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 916.41 Gb Total Space | 418.74 Gb Free Space | 45.69% Space Free | Partition Type: NTFSComputer Name: AUSTIN | User Name: Gabe | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/09/16 11:34:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exePRC - [2012/09/15 08:30:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exePRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2012/08/24 05:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exePRC - [2012/08/14 19:18:16 | 000,275,656 | ---- | M] (New Softwares.net) -- C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exePRC - [2012/08/14 19:18:11 | 001,238,216 | ---- | M] ( New Softwares.net) -- C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exePRC - [2012/08/14 19:18:07 | 000,091,336 | ---- | M] (New Softwares.net) -- C:\Windows\SysWOW64\WinFLService.exePRC - [2012/08/14 19:18:04 | 000,321,736 | ---- | M] ( New Softwares.net) -- C:\Windows\SysWOW64\WinFLTray.exePRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exePRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exePRC - [2011/11/16 22:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exePRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exePRC - [2011/03/28 11:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEPRC - [2011/03/07 13:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXEPRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exePRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exePRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exePRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exePRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exePRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exePRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exePRC - [2009/07/07 14:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exePRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exePRC - [2009/02/23 13:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exePRC - [1999/12/31 18:00:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe========== Modules (No Company Name) ==========MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exeMOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exeMOD - [2009/08/13 17:00:46 | 000,169,984 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLLMOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLLMOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll========== Services (SafeList) ==========SRV:64bit: - [2012/03/26 19:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/03/26 19:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/09/26 17:15:38 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)SRV - [2012/09/15 08:30:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2012/09/13 21:04:13 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/09/13 18:52:02 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2012/09/10 13:27:04 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)SRV - [2012/09/09 19:56:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/08/24 05:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)SRV - [2012/08/14 19:18:07 | 000,091,336 | ---- | M] (New Softwares.net) [Auto | Running] -- C:\Windows\SysWOW64\WinFLService.exe -- (FLService)SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)SRV - [2011/11/15 11:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)SRV - [2010/10/21 14:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)SRV - [2009/10/17 04:59:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)SRV - [2009/10/17 04:58:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2009/02/23 13:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)SRV - [1999/12/31 18:00:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)DRV:64bit: - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/03/20 21:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)DRV:64bit: - [2011/11/15 11:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)DRV:64bit: - [2011/07/20 08:58:22 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)DRV:64bit: - [2011/04/13 21:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/18 08:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2010/01/19 12:50:23 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2009/04/30 16:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)DRV:64bit: - [2009/04/30 16:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV:64bit: - [2007/06/08 08:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL)DRV:64bit: - [1999/12/31 18:00:00 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV - [2012/08/13 21:05:42 | 000,197,648 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysWOW64\WinVDEdrv6.sys -- (NEWDRIVER)DRV - [2012/08/13 21:05:41 | 000,225,680 | ---- | M] (NewSoftwares.net, Inc.) [File_System | Auto | Running] -- C:\Windows\SysWOW64\WinVDEdrv.sys -- (WinVDEDrv)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2004/12/31 09:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6830&r=173611095216p0325v1k5k48926241IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6830&r=173611095216p0325v1k5k48926241IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGWIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={D7F9B83F-2513-4C25-8580-245EC3C2841A}&mid=d57939cbbc8547d0804fd1482a8b5da6-5f0d3d0792bd5478ce8e5957931ac5ca75832844〈=en&ds=gm011&pr=sa&d=2012-04-19 17:20:43&v=11.0.0.9&sap=hpIE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value foundIE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value foundIE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS355US355IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D7F9B83F-2513-4C25-8580-245EC3C2841A}&mid=d57939cbbc8547d0804fd1482a8b5da6-5f0d3d0792bd5478ce8e5957931ac5ca75832844〈=en&ds=gm011&pr=sa&d=2012-04-19 17:20:43&v=11.0.0.9&sap=dsp&q={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [string data over 1000 bytes]========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"FF - prefs.js..browser.search.defaultthis.engineName: " "FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.com/"'>http://www.google.com/"FF - prefs.js..extensions.enabledAddons: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110621FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not foundFF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Gabe\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gabe\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gabe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gabe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2012/09/09 19:56:37 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2012/08/19 20:24:19 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Gabe\AppData\Roaming\Move Networks [2009/12/22 21:22:18 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2012/09/09 19:56:37 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2012/08/19 20:24:19 | 000,000,000 | ---D | M][2009/12/26 22:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Extensions[2012/09/07 22:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions[2011/01/30 00:59:27 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}[2012/09/07 22:10:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}[2012/08/26 10:15:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}[2011/04/21 20:32:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com[2012/02/21 18:23:30 | 000,166,900 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}.xpi[2012/08/27 19:29:41 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi[2011/01/23 18:21:38 | 000,919,575 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\conduitengine.xpi[2011/01/23 18:21:38 | 000,917,835 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\xfirexo_tb.xpi[2011/05/04 15:08:19 | 000,001,832 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\bing.xml[2011/10/02 13:57:40 | 000,000,863 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\conduit.xml[2010/03/27 09:26:19 | 000,010,017 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\mywebsearch.xml[2012/08/31 22:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 3.6 BETA 5\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}========== Chrome ==========CHR - homepage: http://www.google.com/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},CHR - homepage: http://www.google.com/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dllCHR - plugin: Skype Click to Call (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\np-mswmp.dllCHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllCHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npijjiFFPlugin1.dllCHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\NPOFF12.DLLCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin7.dllCHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dllCHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dllCHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLLCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dllCHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllCHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllCHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dllCHR - plugin: Unity Player (Enabled) = C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllCHR - plugin: Raidcall plugin (Enabled) = C:\Users\Gabe\AppData\LocalLow\raidcall\plugins\webplugin_en.dllCHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Gabe\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dllCHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - Extension: Prezi = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\CHR - Extension: Angry Birds = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\CHR - Extension: YouTube Downloader = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\baghcaokjpiflfgfddiobkomaaklphhg\12.0_0\CHR - Extension: Adblock Plus (Beta) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\CHR - Extension: Add to Amazon Wish List = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\CHR - Extension: Japanese Kana = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign\2.0.3_0\CHR - Extension: Picnik = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\CHR - Extension: StumbleUpon = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.7.12.1_0\CHR - Extension: Easy YouTube Downloader = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\linimbofbhfiebblpncbhgefaolagapd\73_0\CHR - Extension: Google Mail Checker = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.4_0\CHR - Extension: Xbox LIVE Dashboard = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobdmiffgnobnpagcjjmpcajhdaoighg\0.9.9.5_0\O1 HOSTS File: ([2011/10/28 17:55:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)O4 - HKCU..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe (New Softwares.net)O4 - HKCU..\Run: [steam] C:\Program Files (x86)\newsteam\steam.exe (Valve Corporation)O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not foundO4 - HKCU..\Run: [WinFLTray] C:\Windows\SysWOW64\WinFLTray.exe ( New Softwares.net)O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()O4 - Startup: C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()O4 - Startup: C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ts3server_win64.exe (TeamSpeak Systems GmbH)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not foundO10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not foundO10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not foundO15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.169.190.211 208.72.160.67O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9045E3-1B5D-42FD-ACCF-147F1A58918A}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC53C46-B7D6-4384-9DB9-6F11CE9EF5FF}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC084C6-73F6-4A18-AC61-EB4D9553E781}: NameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EC38F95-65F6-43C4-87D8-F3D8D6914123}: DhcpNameServer = 69.169.190.211 208.72.160.67O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99934CF4-7A22-40A0-899A-D684F507105A}: DhcpNameServer = 75.75.75.75 75.75.76.76O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB09BEB4-0DB7-45B4-8312-2F60BED851D6}: DhcpNameServer = 208.67.222.222 208.67.220.220O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9D5DC4-3F91-4CB2-93DF-F380073CF7D6}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE598C3D-2A0E-4B49-94AF-BC91032D5B2B}: DhcpNameServer = 208.67.222.222 208.67.220.220O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/09/16 12:30:21 | 000,000,000 | ---D | C] -- C:\FRST[2012/09/16 11:34:05 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe[2012/09/16 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Desktop\ERUNT[2012/09/15 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\Battlefield 3[2012/09/15 08:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs[2012/09/15 07:37:32 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Origin[2012/09/15 07:37:31 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\Origin[2012/09/15 07:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin[2012/09/15 07:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin[2012/09/15 07:33:57 | 016,910,992 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\Gabe\Desktop\OriginThinSetup.exe[2012/09/15 07:32:30 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Desktop\Battlefield 3- Premium Edition[2012/09/14 19:30:11 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe[2012/09/14 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive[2012/09/14 15:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger[2012/09/14 15:26:19 | 009,994,856 | ---- | C] (McAfee Inc.) -- C:\Users\Gabe\Desktop\stinger.exe[2012/09/14 08:23:18 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\ArmA 2[2012/09/13 21:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2012/09/13 21:22:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys[2012/09/13 21:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2012/09/13 21:10:40 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll[2012/09/13 21:10:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rndismpx.sys[2012/09/13 21:10:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys[2012/09/13 21:06:02 | 000,000,000 | ---D | C] -- C:\f1367e126a89152dbd33[2012/09/13 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive[2012/09/13 20:31:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\ArmA 2 OA[2012/09/13 20:31:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\ArmA 2[2012/09/13 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios[2012/09/12 14:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab[2012/09/12 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab[2012/09/12 00:54:40 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys[2012/09/12 00:54:39 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS[2012/09/03 01:53:02 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\Amazon MP3[2012/09/02 00:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{3FC66E2C-85B6-4398-82FB-C13C51DE9DD8}[2012/09/01 03:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation[2012/09/01 03:11:39 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll[2012/09/01 03:11:39 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll[2012/09/01 03:11:39 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll[2012/09/01 03:11:39 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll[2012/09/01 03:11:39 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll[2012/09/01 03:11:39 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll[2012/09/01 03:11:39 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll[2012/09/01 03:11:39 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll[2012/09/01 03:11:39 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll[2012/09/01 03:11:39 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll[2012/09/01 03:11:38 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll[2012/09/01 03:11:38 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll[2012/09/01 03:11:38 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll[2012/09/01 02:40:58 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys[2012/09/01 02:40:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\InstallShield[2012/09/01 02:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield[2012/09/01 02:38:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda[2012/09/01 02:36:17 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll[2012/09/01 02:36:17 | 000,250,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys[2012/09/01 02:36:16 | 000,422,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll[2012/09/01 02:33:14 | 000,178,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IPROSetMonitor.exe[2012/09/01 02:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel[2012/09/01 02:32:56 | 000,355,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe[2012/09/01 02:19:15 | 000,342,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1k62x64.sys[2012/09/01 02:19:15 | 000,098,496 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstK.dll[2012/09/01 02:19:15 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1kmsg.dll[2012/09/01 02:04:29 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\SlimWare Utilities Inc[2012/09/01 02:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate[2012/09/01 02:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate[2012/09/01 02:04:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers[2012/08/31 22:19:30 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe[2012/08/31 22:19:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe[2012/08/31 22:19:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe[2012/08/29 22:05:34 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\My Curse[2012/08/29 22:05:28 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse[2012/08/28 10:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft[2012/08/24 15:39:12 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\{2E299EFB-46B7-442A-845F-11E4B795ED59}[2012/08/19 20:24:19 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll[2012/08/19 20:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee[2010/01/17 00:24:36 | 1648,462,032 | ---- | C] (Macrovision Corporation ) -- C:\Program Files\MSSetupv80.exe========== Files - Modified Within 30 Days ==========[2012/09/16 11:50:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000UA.job[2012/09/16 11:36:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/09/16 11:36:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/09/16 11:34:36 | 000,852,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/09/16 11:34:36 | 000,709,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/09/16 11:34:36 | 000,145,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/09/16 11:34:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe[2012/09/16 11:29:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/09/16 11:28:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/09/16 11:28:48 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys[2012/09/16 10:16:00 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\defogger_reenable[2012/09/16 10:11:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/09/16 10:10:50 | 000,050,477 | ---- | M] () -- C:\Users\Gabe\Desktop\Defogger.exe[2012/09/16 08:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/09/15 18:03:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr[2012/09/15 18:03:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/09/15 18:03:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0[2012/09/15 16:46:36 | 000,302,219 | ---- | M] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp[2012/09/15 16:44:41 | 000,063,803 | ---- | M] () -- C:\Users\Gabe\Desktop\35058358.jpg[2012/09/15 16:44:37 | 000,044,604 | ---- | M] () -- C:\Users\Gabe\Desktop\35058353.jpg[2012/09/15 16:44:32 | 000,086,068 | ---- | M] () -- C:\Users\Gabe\Desktop\35058347.jpg[2012/09/15 16:44:28 | 000,065,308 | ---- | M] () -- C:\Users\Gabe\Desktop\35058336.jpg[2012/09/15 15:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000Core.job[2012/09/15 08:30:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/09/15 08:19:23 | 003,878,360 | ---- | M] () -- C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe[2012/09/15 08:07:12 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk[2012/09/15 07:35:16 | 000,003,000 | ---- | M] () -- C:\Windows\wininit.ini[2012/09/15 07:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk[2012/09/15 07:34:35 | 016,910,992 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Gabe\Desktop\OriginThinSetup.exe[2012/09/14 18:41:07 | 000,000,038 | RH-- | M] () -- C:\Users\Gabe\Desktop\stinger.opt[2012/09/14 15:26:23 | 009,994,856 | ---- | M] (McAfee Inc.) -- C:\Users\Gabe\Desktop\stinger.exe[2012/09/13 22:04:09 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/09/13 21:25:22 | 000,868,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/09/13 21:22:48 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/09/13 21:04:12 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/09/13 21:04:12 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2012/09/13 20:21:09 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk[2012/09/13 18:58:02 | 000,000,224 | ---- | M] () -- C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url[2012/09/09 19:56:38 | 000,002,118 | ---- | M] () -- C:\Users\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.6 Beta 5.lnk[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2012/09/04 11:46:36 | 000,002,455 | ---- | M] () -- C:\Users\Gabe\Desktop\Google Chrome.lnk[2012/09/01 02:04:24 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk[2012/08/31 00:12:46 | 062,164,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe[2012/08/30 08:52:25 | 002,441,049 | ---- | M] () -- C:\Users\Gabe\Desktop\2012BTS_PrintAd_6x9_M1.pdf[2012/08/29 22:05:34 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip[2012/08/29 22:05:28 | 000,000,318 | ---- | M] () -- C:\Users\Gabe\Desktop\Curse Client.appref-ms[2012/08/29 22:01:51 | 000,003,465 | -HS- | M] () -- C:\Windows\SysWow64\win_stlthdb_sys.dat[2012/08/29 22:01:50 | 000,003,465 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat[2012/08/29 22:01:46 | 000,000,700 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\systemFL7.dat[2012/08/29 21:46:49 | 000,000,965 | ---- | M] () -- C:\Users\Gabe\Gabe - Shortcut.lnk[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe[2012/08/28 10:59:23 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk[2012/08/28 10:52:52 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp[2012/08/27 19:26:50 | 000,001,906 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\win_fldb_sys.dat[2012/08/27 19:26:50 | 000,001,386 | -HS- | M] () -- C:\Windows\SysWow64\win_fldb_sys.dat[2012/08/22 12:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys[2012/08/22 12:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS[2012/08/21 13:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll[2012/08/21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll[2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys[2012/08/19 20:27:53 | 000,000,030 | ---- | M] () -- C:\Users\Gabe\AppData\Local\HackLogs.dat========== Files Created - No Company Name ==========[2012/09/16 10:16:00 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\defogger_reenable[2012/09/16 10:10:52 | 000,050,477 | ---- | C] () -- C:\Users\Gabe\Desktop\Defogger.exe[2012/09/15 16:46:36 | 000,302,219 | ---- | C] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp[2012/09/15 16:44:43 | 000,063,803 | ---- | C] () -- C:\Users\Gabe\Desktop\35058358.jpg[2012/09/15 16:44:38 | 000,044,604 | ---- | C] () -- C:\Users\Gabe\Desktop\35058353.jpg[2012/09/15 16:44:34 | 000,086,068 | ---- | C] () -- C:\Users\Gabe\Desktop\35058347.jpg[2012/09/15 16:44:30 | 000,065,308 | ---- | C] () -- C:\Users\Gabe\Desktop\35058336.jpg[2012/09/15 08:19:26 | 003,878,360 | ---- | C] () -- C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe[2012/09/15 08:07:12 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk[2012/09/15 08:06:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/09/15 08:06:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/09/15 07:35:15 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk[2012/09/14 15:27:09 | 000,000,038 | RH-- | C] () -- C:\Users\Gabe\Desktop\stinger.opt[2012/09/13 21:22:48 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/09/13 20:21:09 | 000,001,301 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk[2012/09/13 18:58:02 | 000,000,224 | ---- | C] () -- C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url[2012/09/01 02:32:57 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din[2012/09/01 02:19:15 | 000,003,143 | ---- | C] () -- C:\Windows\SysNative\e1k62x64.din[2012/09/01 02:04:24 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk[2012/08/30 08:52:24 | 002,441,049 | ---- | C] () -- C:\Users\Gabe\Desktop\2012BTS_PrintAd_6x9_M1.pdf[2012/08/29 22:05:34 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip[2012/08/29 22:05:28 | 000,000,318 | ---- | C] () -- C:\Users\Gabe\Desktop\Curse Client.appref-ms[2012/08/29 21:46:49 | 000,000,965 | ---- | C] () -- C:\Users\Gabe\Gabe - Shortcut.lnk[2012/08/28 10:52:52 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp[2012/08/28 10:25:38 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk[2012/08/19 20:27:53 | 000,000,030 | ---- | C] () -- C:\Users\Gabe\AppData\Local\HackLogs.dat[2012/08/14 19:24:27 | 000,000,620 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\settingsFL.dat[2012/08/14 19:19:17 | 000,003,465 | -HS- | C] () -- C:\Windows\SysWow64\win_stlthdb_sys.dat[2012/08/13 21:12:59 | 000,001,906 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\win_fldb_sys.dat[2012/08/13 21:12:59 | 000,001,386 | -HS- | C] () -- C:\Windows\SysWow64\win_fldb_sys.dat[2012/08/13 21:06:38 | 000,002,568 | -HS- | C] () -- C:\ProgramData\win_mpwd_sys.dat[2012/08/13 21:06:03 | 000,003,465 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat[2012/08/13 21:06:03 | 000,000,700 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\systemFL7.dat[2012/08/13 21:05:43 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\WinFLAdrv.sys[2012/08/13 21:05:42 | 000,197,648 | ---- | C] () -- C:\Windows\SysWow64\WinVDEdrv6.sys[2012/08/13 21:05:18 | 000,014,024 | ---- | C] () -- C:\Windows\SysWow64\WinFLMsgService.exe[2012/08/13 21:05:17 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nwsftUninstall.exe[2012/08/01 23:12:30 | 000,007,603 | ---- | C] () -- C:\Users\Gabe\AppData\Local\Resmon.ResmonCfg[2012/06/08 23:54:55 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini[2012/06/08 19:01:28 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe[2012/06/08 19:01:28 | 000,001,066 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe[2012/04/21 00:54:37 | 000,000,040 | ---- | C] () -- C:\Users\Gabe\jagex_cl_runescape_LIVE.dat[2012/04/09 01:52:25 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll[2012/04/09 01:52:25 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll[2012/04/09 01:52:24 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll[2012/02/21 19:30:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe[2011/11/01 23:27:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2011/11/01 23:27:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2011/10/31 01:14:26 | 000,036,864 | ---- | C] () -- C:\Users\Gabe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/10/07 01:45:14 | 000,000,042 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\iPod Access Photo Prefs[2011/10/07 01:44:02 | 000,000,011 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\iPodAccessPhoto_Time[2011/09/26 19:07:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini[2011/09/01 20:17:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI[2011/08/31 11:10:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe[2010/12/23 13:30:39 | 000,868,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2010/11/21 09:05:57 | 000,000,219 | ---- | C] () -- C:\Windows\iepreview.ini[2010/03/04 19:19:14 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\jagex__preferences3.dat[2009/12/15 09:02:40 | 000,000,650 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\wklnhst.dat[2009/12/03 08:34:02 | 000,000,632 | RHS- | C] () -- C:\Users\Gabe\ntuser.pol[2009/11/28 19:46:12 | 000,000,117 | ---- | C] () -- C:\Users\Gabe\jagex_runescape_preferences2.dat[2009/11/28 19:43:57 | 000,000,041 | ---- | C] () -- C:\Users\Gabe\jagex_runescape_preferences.dat========== LOP Check ==========[2012/09/09 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\.minecraft[2012/09/13 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Amazon[2012/09/02 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Audacity[2011/10/07 01:14:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\BSD[2012/08/20 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Canon[2012/07/12 08:36:16 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\DAEMON Tools Lite[2011/01/17 03:42:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\DriverCure[2010/03/14 09:04:31 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\eMusic[2011/01/30 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ijjigame[2010/10/13 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\KeePass[2011/10/04 00:27:15 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Leadertech[2011/01/06 14:24:00 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\LolClient[2012/06/14 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\LolClient2[2010/02/14 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Opera[2012/09/15 07:37:58 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Origin[2011/01/17 03:42:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ParetoLogic[2012/07/29 11:57:21 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Publish Providers[2010/12/25 12:17:28 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\runic games[2011/01/19 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\School Zone Preferences[2011/10/31 01:14:26 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Solveig Multimedia[2012/07/29 11:57:17 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Sony[2012/06/28 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\SplitMediaLabs[2009/12/05 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Stardock[2012/09/12 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab[2012/08/01 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TeamViewer[2009/12/15 09:03:55 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Template[2011/07/08 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico 3[2011/06/29 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico 3 Demo[2011/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico3[2012/07/26 04:18:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TS3Client[2012/02/12 05:36:02 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TuneUp Software[2009/12/07 20:41:53 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tutor[2010/12/23 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Uniblue[2010/03/11 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Unity[2012/09/13 22:01:05 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\uTorrent[2010/11/23 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Windows Live Writer[2011/06/02 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ZiggyTV[2012/05/23 17:32:51 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34< End of report > Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597912 Share Posted September 16, 2012 OTL Extras logfile created on: 9/16/2012 11:43:16 AM - Run 1OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Gabe\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.99 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.54% Memory free15.98 Gb Paging File | 14.01 Gb Available in Paging File | 87.69% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 916.41 Gb Total Space | 418.74 Gb Free Space | 45.69% Space Free | Partition Type: NTFSComputer Name: AUSTIN | User Name: Gabe | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe" -osint -url "%1" (Mozilla Corporation)inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.https [open] -- "C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe" -osint -url "%1" (Mozilla Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]"DisableUnicastResponsesToMulticastBroadcast" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{04C040A3-6155-49B4-BEE5-B162F4CFAEB8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | "{0969BD7E-D03C-4426-A9FD-A2AC7A2CC017}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{143317E5-0C0B-4786-96FF-DF14366621B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1E14B04A-1362-4FBD-9030-DED87035CEA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2106C174-DC53-4F22-A1EE-5A7CE086863B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{238315D8-5CCA-40A1-9EFA-A63C48104431}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{2A233DCC-CFDD-4DBB-BE38-FF889314DDB1}" = lport=139 | protocol=6 | dir=in | app=system | "{2BA7741A-19D7-4EBB-A7F1-68C9E8906252}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{2ECD5ADD-B272-4D98-98B2-7DDC9FDB1EF4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2EE92A94-6FBD-4614-9869-452D298DC6CC}" = lport=3390 | protocol=6 | dir=in | app=system | "{2FE00AF6-E7E1-4D0B-8F48-1296FC67BA01}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{335A9CB4-6D2B-492F-B835-8E895FFE3204}" = rport=2869 | protocol=6 | dir=out | app=system | "{3A442E4B-24C7-4631-B399-1AB2AA848817}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3C7D539D-CB23-4E73-ABD1-F5A7371AD74E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3EF0CBC0-3002-42F5-8334-1D5B4D0DC31A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{40A9325A-7E3F-4F8D-928F-FBC6153BDD05}" = lport=2869 | protocol=6 | dir=in | app=system | "{4DEB35B9-4CD3-44EB-8A94-EAD0B9236F77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4ED49A28-5F64-443E-A8FD-F8A237617586}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{500A63A7-4190-42CF-9B3E-2CB3B8E6173D}" = lport=2869 | protocol=6 | dir=in | app=system | "{506A6BEB-AE57-4B07-8E1F-A5ADD16285AA}" = rport=445 | protocol=6 | dir=out | app=system | "{52A29A33-AC6A-4A54-B38A-0FCD6E60CFB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{56C0D160-AD5A-4DB6-A1A4-4D04F7DC587F}" = lport=137 | protocol=17 | dir=in | app=system | "{58126FA2-EF82-4489-969A-45D1D0202231}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{5A86BD9B-446B-4C41-8CA1-D036353837F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5BF3D399-5629-4FFC-9816-7FDD77B3A087}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{5D77FC71-C5AC-4A67-AFCC-4C64B668FA81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{60099793-3549-4200-93C5-96A7B3E068C8}" = lport=2869 | protocol=6 | dir=in | app=system | "{64DDAF5C-48A1-4FF6-9B4D-16DEB6B5D5E9}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | "{66A4BDFD-9654-4EFB-BCFB-D83D0E55F3CB}" = lport=10243 | protocol=6 | dir=in | app=system | "{6C6A18FA-3EAC-4327-A4F2-66D7AEFEC128}" = rport=137 | protocol=17 | dir=out | app=system | "{6CA57AB4-E7FB-48E4-9DAA-3062FA66F20D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CE851B1-33DD-424E-85B7-273017E79375}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6EEE1E37-ABB4-43E3-BCC7-3EF5E818AF1E}" = lport=10244 | protocol=6 | dir=in | app=system | "{7042382A-7EEC-43DF-9F60-8B952046598B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{719484F6-6178-44A8-BB3F-FADEB87C0C84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7920D849-AF6D-4DB7-B8AB-456745B5C047}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7D1BD266-08BB-42B7-8B35-7822921B3763}" = rport=10243 | protocol=6 | dir=out | app=system | "{818EFD75-25A8-42E9-9388-1044A2E8916A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8640AB5C-704B-4B10-B4F4-DD995B739B4A}" = lport=2869 | protocol=6 | dir=in | app=system | "{87297657-74B5-49B2-A3C0-CBB54E9A94C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{88823938-F57D-450B-A9E1-E9E6CB81B03B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9819B9AE-7C23-452C-86E4-E268FA4AD63F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{996AB946-E670-4DE6-B6EC-97F876DC839E}" = lport=53 | protocol=6 | dir=in | name=xbox | "{9A4FF8D5-7259-40EF-A826-20DCC60A1CDF}" = lport=445 | protocol=6 | dir=in | app=system | "{9D40C250-0F7F-4395-A2CF-F55B7708053D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A54AE23C-1C01-4820-B914-DA45313653DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A746A6D5-3D8E-4E9C-8ADE-45A6FEEF77DB}" = lport=3390 | protocol=6 | dir=in | app=system | "{AB71F573-8431-4A45-81A4-D71ADDAF404F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B032458E-FE53-4AE9-B20D-A15CC8FB5C53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B3EAF040-68B9-4DAB-90CC-EC50A2A6B9DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B60612CB-9DFC-417B-8A02-3D808170E791}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B834C371-7F91-43FC-94C6-C31DFA710F1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B9821534-BEEC-424D-B8A9-7CFE9C4BA661}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BC753A0C-56BA-4299-9738-CC3CD25F4B98}" = lport=88 | protocol=17 | dir=in | name=xbox | "{C30CD350-A799-46C7-BC34-2694A5A097F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5A862BE-26BF-4CBC-BA20-5106514BC228}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CB8AD1BA-8116-4466-AFD7-B109E8950FF4}" = lport=80 | protocol=6 | dir=in | name=xbox | "{D1B88A36-1A3C-4469-B0D0-B2EAE96D7DB9}" = lport=138 | protocol=17 | dir=in | app=system | "{D1CC3E2A-CECD-41C0-8049-8FD26B5D3529}" = lport=2869 | protocol=6 | dir=in | app=system | "{D2CF3071-4ABB-42B5-A1DF-C5322EBF4C5F}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | "{D33A831A-682C-4091-9726-9D5983F7D13C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D595E61A-6CA5-4527-80D7-FF20178C1C11}" = lport=53 | protocol=17 | dir=in | name=xbox | "{D6A3D4C2-56FD-48D3-9BAD-5AA977D365BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D7B999DF-E15D-4F94-B871-CCF4454C2329}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9606CD2-402A-4C11-9F3A-5242CDAB8643}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E4AC2093-151C-4AA1-9C81-5C7B9B1A8973}" = rport=138 | protocol=17 | dir=out | app=system | "{E56B1AEE-09A0-4AA9-A462-FEC4A4E6FD41}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{E848CF91-F0B3-49F0-A0C2-652328EE7A16}" = lport=3074 | protocol=6 | dir=in | name=xbox | "{EE0F3F28-31E5-4594-8FFF-EA2E02997E2C}" = rport=139 | protocol=6 | dir=out | app=system | "{EE242A3B-934B-45DC-AB7B-3923BD1ED6CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F2A66BD1-8329-44FC-AA76-4C2C06C014BA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{F7E26640-543C-4A5F-A3E8-C0CB1669983D}" = lport=49194 | protocol=6 | dir=in | name=akamai netsession interface | "{F84DB62E-7411-415A-94DA-BC5D80F34EDC}" = lport=3074 | protocol=17 | dir=in | name=xbox | "{F912922B-61CC-473F-B37D-B8996E11C8F9}" = lport=10244 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00BC28E7-85C9-41A2-BB67-18B4A7BE0963}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{00E7F2F9-7756-43CA-917A-3BCF218D2715}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{030CFC1B-9641-4C4B-82D2-15A7BC5E3004}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{056FD8BA-7CA9-4391-92CF-777DBDE809F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{06A0C1CB-05D2-4D36-B18A-B370DC6C175B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{07166C9A-0A83-48ED-BE31-19D9D0887BC2}" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe | "{07855779-D91F-46DC-99D4-BDA55CF34EFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{091A4580-EBBC-4DF9-B6EF-235D2A96E824}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{0A8A3B82-B669-40F5-AB22-303AF58E73A3}" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\google\google talk plugin\googletalkplugin.exe | "{0AB1B4BB-1077-407E-966C-0DDF70288350}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{0BD1B5BE-2887-49EE-B1D9-E9EB75FC2271}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{12B4EF22-A976-47D7-8978-2AFADEEE826F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1554A731-F9FE-4526-A020-A433C28FCABE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{15D60749-804D-47DC-BB89-A978085DCEA7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{1ADEE01A-A2B5-4B6A-9782-CB7E75D3C3CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{1B6C01C6-132A-4002-A7E0-24E38BC85EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{1CE24A00-2FD1-49A0-B047-818BE64D8578}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{1ECC0E6B-6FF8-414A-A033-CBFA0DD75B52}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1FD0014D-88E6-4BDB-B8C7-1325273A0D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe | "{202F609A-207F-4493-A6F4-310E9D5A1F55}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{20E59715-E916-4706-9A52-C4D5F9C13F3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{21B86A8F-DB77-451F-902C-148BAE57DC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{24B6F2BA-DB10-4F4A-8ABD-E693DD568622}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{258B8DAC-2674-470F-A9E0-C0927C4E07CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{261B9352-820A-4CCA-B840-F0AE2061AE71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe | "{27028A6C-D2C6-479C-89A9-CA6922C466A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe | "{2817AA6F-6F85-4BE8-BD8B-E3B533CF8E49}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{28F8C773-1978-4918-A4AB-000F0C9A25D2}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{2A0C5D4E-AF69-4189-8E9C-E33E4FB5EC83}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2C15230B-E103-4579-946D-4275E549B6C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{2E2D577C-F7BB-4943-B44B-40B9582EFCAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{2F981986-0B08-48FE-826D-358B30CF36B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2FD6963F-6C85-497B-B506-76CD71084A38}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{30941C05-8983-4B68-BE7D-39780A772700}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "{35BAEDE2-517B-4A37-BCF0-9746514F5B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{3612C5B1-F970-42E8-BA89-C7AE4C2540D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{362F2FDF-0F9C-4F15-A2ED-043741692467}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | "{3654F1D9-44FC-4A00-87A7-56BB2523AD96}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{3796B015-FC06-4470-A978-497538411AEE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{37BA126B-8B87-4FF3-8D2D-23365DADB5E2}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{3AC1FAAA-9310-47AB-9E4F-F3B16A91789F}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{3C20A7AE-B615-4DE9-8499-8CCD587115EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{3E02779D-3041-4618-8F74-A3DBA5DC5514}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{3FC699A1-C37B-411B-91EF-FD9E6E1FB3D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3FDF4361-6232-4325-9DF5-413BDB905437}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4000A869-75A3-499F-B28E-BF63703D97BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{407CFF3F-0E22-485C-8BA3-B1B0025BC1AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4222DFA5-7DA7-4E2A-A6B3-6A3F3A35DDC6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{425C99B7-ACE7-4AA2-BA22-3A42D982144D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{4264D043-3516-4FE1-B168-3611263CD9D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{447D350B-6E30-40B0-8D26-367E85EF6E97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{456AB36E-8C31-4561-8EF4-7034E4955E4E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{467932E1-6EF8-4AFC-B8AD-442B4331B672}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "{47A87AA7-217D-46C9-B2A3-05C8CF349225}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{47D2E5E2-A85A-4C40-8D75-8967FD24F393}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4A83657A-9DD2-45F9-824C-63BF05EF7D97}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{4B4A326A-4184-4DD9-9020-AC13F253832F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4C5C0E8A-C634-48CB-AECE-88717ECF218E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{4CFCD7E8-BA3B-4D36-8EB0-E50269734CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe | "{5007F3E1-2060-48ED-BB07-29FEC6BC05CB}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{51253277-A019-494A-8606-4CF3A8903A00}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{54211E11-A053-4942-9826-05AEEDD6296E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{567E40FC-7C8C-4E75-8384-28299924E3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5BDE5558-3649-4C13-942F-4602FFB48D75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe | "{5CCBA6A8-FDB6-480C-9280-8095CC633BCC}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{6002DFF0-355E-4F55-9FE0-E3F581E25A85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe | "{600D9673-5D71-4E15-B026-A6CC5F20F40F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{6210823C-5CAB-4C33-9902-B20C5D559210}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{6407B39B-DC1A-4697-983F-9ACB45FFDDF2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{65488676-58D1-4682-9BD7-0152FFE4DB80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{68D4C3A6-84FC-48AD-BDAB-134AA5BD5185}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{69212E99-2B68-4027-85DC-080CD10C726C}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{6A35B954-CAF0-4FED-8515-DBF63C05EA29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe | "{6D02E8F7-B68E-472F-A725-336D8A52A58E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6E12E74E-CF26-4389-9FDC-CBB2C3A7F6C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6F549217-A7DE-4478-983D-6A702FEBE32E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{71A8062D-F0E2-423D-B7B1-5AC49DA82575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{74456BAA-FB60-4AF8-A1CA-0053692BC766}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{749D73BC-34C0-4168-9E49-F27EEDD262B7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{77168832-4036-47CB-8C20-84E8CC3A179E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{792B875E-9878-43C5-94EC-C3FD49E34BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{798F9E71-9EAD-43D6-9BC5-6448E5252A23}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steam.exe | "{7A97164A-F6DE-48CF-8E43-CF053D77AEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7B2A6FFA-4CDE-44D7-8618-F49AF0E937CB}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "{7E90BD7D-0DE4-45E4-AF41-7FA6689B855D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{8430E235-A6AA-433F-9BC4-994FB5A8A591}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{844BA6E9-B1E2-418D-9F4A-A9B86B4A0DFC}" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe | "{85895AB1-0EDA-40A3-9856-CA643253FA32}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{85F435D1-F274-4724-A3DD-481697EAD579}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{86118848-F7C1-4080-993A-86C463B3BDBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe | "{89CD63EE-07AE-4A2F-AE6F-867E9906AEF9}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8AA91295-2FAB-4323-A0D1-E047F8B3F5BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{8D34FFBD-BE20-4A04-BAE2-8C292E1B2EC1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{8D368669-2ECE-4991-A6BF-614FC1A74C44}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steam.exe | "{8E3710FD-94E6-491A-8283-DFFB0C91CEB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8E43032E-23F9-48C1-B141-99502B347EBA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{8E6A0C52-8CA3-48EF-A929-A327DE5C7B1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9135CD43-A4CA-47BD-BD73-F3C6580CAAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{93D02334-A8C1-425D-AC3B-8237A0ECAE82}" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\google\google talk plugin\googletalkplugin.exe | "{94292D91-7DA3-4FDC-BBD8-662C148DB4EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{94B3188D-DC87-4381-9D6E-DDA7236887AC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{95C7EB0E-FFBD-41BE-98C3-10DE7D81FB45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{99515387-A7F5-401C-BB57-3B014979DD7D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{9AEAF9F7-EE0A-4920-9BD4-D2503D907A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{9B51C8D3-97E8-453E-AF78-C0F37246DBDA}" = dir=out | app=%systemroot%\syswow64\winflservice.exe | "{A6B06FFF-DAC5-4C0D-9E00-63F42719DD18}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{A763870D-03C7-4F81-A14B-361AC80DF495}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A796CF65-C357-4D48-A810-F91F47A5F7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{A85A4971-A88C-4E3E-81A9-58B6F13A4478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A99D0A58-C882-4ECE-93D3-24539EEBBDB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AABC709D-93CC-4F24-A169-40188A159324}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{AB4C0819-D195-4237-BE14-9084A4819CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{AD0380AB-6BE3-4C60-96F0-803B480046AC}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{ADBB7113-57D7-4A05-81D4-673B4D947E8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{ADF6E848-C6C8-4DFA-8E6D-653D99490780}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AEB5EF1B-18AB-47C3-9D41-E4286BACD9D8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{B804A7C5-EE4C-48ED-9D53-F8681E8507FF}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{B9CED2AC-311F-4335-9B11-BEC03B02001B}" = dir=out | app=%systemroot%\syswow64\winflmsgservice.exe | "{BC22F425-3B0A-414F-A7DD-1054E41A2DEB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BC841860-9D4B-45D2-A91B-746CFBF07FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BCBEC383-62A9-48F8-BBD9-E6445F7E299D}" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\apps\2.0\620hohyo.wap\74rjzvnx.mtd\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\curseclient.exe | "{C14B73B4-49A7-4ABB-80B8-5652234226F7}" = protocol=58 | dir=in | app=system | "{C154E153-BEF5-4380-BAC8-0E1FBC0A9ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{C20A04BC-7E11-42EE-B312-8CB0E479B9C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{C2E33376-8A6F-4832-AB73-F00AB6E01F89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe | "{C2F764FF-63CF-45C4-BB5A-30565F395024}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C3C05766-1479-4ED6-A50E-0A471323A73F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C486C68C-E634-46AB-BEDB-B416C60F37FC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{C493119C-BD2C-496B-A12B-A3EB23267094}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe | "{C4EEDBED-9F3B-4303-B1C1-D5B8135B0F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe | "{C5A594E1-618D-4A59-AB9C-CE2F915B90BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{C72B4CAB-76DD-41DB-9B2D-C50914B8B54D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{C7786C0C-0873-461D-AFFE-06FC681F4F21}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C9291B2A-8A37-4BF5-A9AD-F8698B25AB70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{CAF50383-54B1-4B41-B72E-55628CAE2AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{D064FB3E-8157-4017-A44D-CFFB1D53DAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D261DCBA-6DE4-40BD-87D8-E0FEE920CD31}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{D4CE6EB9-A584-4214-A3A2-B8BF00C68B22}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{D5F334FC-8ED6-4B67-AAEC-5FDD07085BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe | "{D6EF0D23-1F8A-485F-B1FF-A24962C92718}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | "{D9BCF801-4B98-4E22-A531-43201C537DD4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{DA05962A-A244-47E2-B359-BB76B8CDAFB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe | "{DACE10D7-351E-4FB0-A357-1B78A5647262}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{DD7DB2AF-BB60-49AA-ABEE-B91AF983E9E5}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2\arma2.exe | "{DEA4F087-3088-4BFC-BF59-0411EAA6617D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{E0373812-D8E3-433B-8948-21C10B0407C6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E1E205BF-EC7D-4ED9-90E8-BB2271464961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EA141209-8EFF-474E-B000-066F4D92D7F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{EA8331C2-AB81-410D-9194-C94983013130}" = dir=out | app=%systemroot%\syswow64\winfltray.exe | "{EC04A8C4-D1BD-4B12-8408-08CDE8F4D603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{EC5D545F-29B4-40FC-AEE6-F495738F63B4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{EF69F213-5D58-4704-95BB-24B5682E19AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{EF9F6578-E3EC-4AF1-9966-BDF3D2174542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F2A9AC41-8823-47E3-9F5D-AB83C14863DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F3833E4F-C738-4B68-BD3A-93BBA2661857}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F56039CC-1183-4286-A35F-01684C8070B9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{F57870A3-8F8B-4613-BE10-EC5BC31C81B3}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "{F68D02B8-625B-4652-966F-45C6CAA7D699}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F83C3D6A-36A7-4609-B6A3-E84D5B9EE326}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F8D3BEDC-5313-4D30-8023-E13FCCFB7041}" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\apps\2.0\620hohyo.wap\74rjzvnx.mtd\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\curseclient.exe | "{F925D95E-7D88-4F48-9254-6E45C65986F5}" = protocol=6 | dir=out | app=system | "{F9647595-1A13-4C85-8D80-582A687E2ABC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F99578C7-EF2E-4B90-BAA5-23FB56F48A5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{FBC1DEFB-217F-46F6-BFA1-60F56D5E21CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{FC095908-76CA-4441-8058-8216183B1EA5}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2\arma2.exe | "{FE366548-E372-46A6-AFAA-DB532D8D210A}" = dir=out | app=%systemroot%\syswow64\winfltrayshred.exe | "{FF6505FF-255B-4F63-8B68-84D70FBA6F58}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{FFAA0933-4C46-4F3E-BEDF-9F60EDDFEAC1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "TCP Query User{01BD2C2E-56DA-46E8-99CA-699C6A3AAF8C}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe | "TCP Query User{07B0F7C0-617D-4E21-BF2D-A303222B98E9}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "TCP Query User{1011D357-C743-4BE7-B2EE-DBCB66D6C874}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{11C6BC33-172C-4B65-84A1-6CB8ADE7B23F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{2158F28F-2122-49DB-A990-A921CB794CFD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{21594557-C918-4B2C-8143-9213205A9473}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{2C06EDD3-C733-476B-A9A9-9F6A6A85E06F}C:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=6 | dir=in | app=c:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe | "TCP Query User{3AFEA53A-53BC-4850-95C4-5F1BCC28FEBE}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{3D0EECAC-4126-4C5D-B5D8-D1465087E794}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{3F66B78E-36A8-4C8E-8D18-D29A9FC17A07}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{4814C958-0525-4472-BFF5-DE8D31B59F99}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{5628C68A-4C81-4990-B79A-CA0CDFDBE610}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{59F516CC-B3EB-45D6-842D-9EB7C999A778}C:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe | "TCP Query User{5D14B456-9833-4F09-A950-BBE9559991AC}C:\users\gabe\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{5EB65F59-119F-44B4-94AF-71908D217368}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "TCP Query User{67D5C9A4-0625-4FE9-81C9-A75F862C9287}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{8A6FF8C9-0F4C-4A40-8FDE-1B3D9D18BB10}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "TCP Query User{A5F117E9-8907-4B60-9960-8D641C5F3951}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "TCP Query User{A9E7C889-F1D5-4985-9B9F-22E36F8B439C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{B03093A6-03FE-44BC-B497-7930B50C7888}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe | "TCP Query User{BA12181A-A869-4B1F-9863-8B783BDE114D}C:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe | "TCP Query User{BC5EC2A8-7BB1-4F0F-B2C2-E524B2C4C7B1}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | "TCP Query User{BD39D98E-6572-4BA8-B4FF-5B4B1EE039F3}C:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe | "TCP Query User{C5E76E77-20AC-4EC8-B8D2-33BDF90DEB1C}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{CD5ED0D8-1EFC-4CE2-A7FA-F247B9B65D6B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{E129A982-AC50-4051-873F-1F91F0D7754B}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe | "TCP Query User{E6ACD6CC-18C8-4BA5-B713-C2C1E456F031}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe | "TCP Query User{EA9A3966-F195-4746-B028-202683B761C2}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "TCP Query User{ED305143-DADD-4F44-B133-05492777E93F}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe | "TCP Query User{FC2BCB84-991F-48D0-9C23-5742FDBC544C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "TCP Query User{FF250840-FA96-4327-B37F-852E16350088}C:\users\gabe\desktop\gaming\cataclysm\launcher.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe | "UDP Query User{003B434D-4200-4144-8958-F6630D747A98}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "UDP Query User{025F146F-EFAD-40DE-9D69-EB827F4DF941}C:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe | "UDP Query User{03A805D7-DD6E-45CE-AFD3-83776ABB0FC5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{0CA0BE7B-7DE3-4A0F-ABC8-A059B30BB453}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "UDP Query User{14ED6303-667A-4BF3-96A4-02F031698D84}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "UDP Query User{1CAA8084-3C08-4F16-BD10-36972350F4D9}C:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe | "UDP Query User{1DA45922-6FB6-40F2-A463-A94E384E8571}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{202D8FC6-B9A4-4E09-A245-9FACF4429BDA}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe | "UDP Query User{2A2675F1-DC80-4EC7-8F9F-11BFA9331C7D}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe | "UDP Query User{2BCB18B8-DC0A-4A37-BC35-2E862CED28B0}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe | "UDP Query User{3E1A67A0-8117-4C2E-9345-E94EFE57FF1F}C:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe | "UDP Query User{44C93AB9-E22C-4425-8E85-7FFDDA224DD2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{4AC8EB03-8876-4022-A8D7-D5932D276838}C:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=17 | dir=in | app=c:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe | "UDP Query User{66087288-85E8-4CEB-8129-FDD8AB0BCD0A}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{69F64547-B1C5-4804-BC7F-F8E6F3AAB7A0}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{6BEB3D0E-E3A0-42DD-8DBC-AF91622D6512}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "UDP Query User{772C1125-DB6A-4B24-A930-DAC8A217CCA3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7BB284D8-9ED4-4079-B869-ADA604046FAF}C:\users\gabe\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{89DFB941-7711-4378-B89D-F8F4C90EF0C9}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{A008CC2D-005E-4381-9C14-336DCB0EB565}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{AB9D87BA-BB49-4D8D-9E47-843920395630}C:\users\gabe\desktop\gaming\cataclysm\launcher.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe | "UDP Query User{B539D029-E071-42C4-B4BE-A038DABC4429}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{B5446DB0-5D06-43E2-9F5D-0BB6EECF8176}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | "UDP Query User{B8A9F289-01BC-4928-A0E0-68AD4139024C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{BCFB21FC-8AB5-44A4-9B06-9C33F6898AD1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{C5F9E4E9-2881-4923-B371-9D3795330FA4}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe | "UDP Query User{D579376E-4039-4604-9D7B-8A12BEB1F921}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "UDP Query User{E2A10C4F-7DF2-4E51-8565-FB0AF2105E90}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{E753F8A1-3D48-4B6B-8C43-E2CAA1D56C39}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe | "UDP Query User{F95A1733-4FE3-4979-AF6A-5DCA2576F49B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit)"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel® Network Connections 16.7.166.0"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer"CCleaner" = CCleaner"lvdrivers_12.10" = Logitech Webcam Software Driver Package"Microsoft Security Client" = Microsoft Security Essentials"PROSetDX" = Intel® Network Connections 16.7.166.0"TeamSpeak 3 Client" = TeamSpeak 3 Client"UDK-ffdd5697-b106-4728-8506-cb5096730e1e" = Unreal Development Kit: 2011-10[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{05891AC5-DC7A-4B6D-B144-FE0DB96B180A}" = DriverUpdate"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool"{15C49338-59E5-472E-94F7-D5AE15EE23C9}" = XSplit"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 35"{28507DEF-A8E9-4615-81C9-CBEEDD7623B5}" = GMI"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{63B07463-2E1B-4B7F-AF79-4D4D3E98F03B}" = Sound Blaster X-Fi MB"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{8543A572-5993-4101-BACC-C83884E183A4}" = One Touch Video Capture"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86"{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}" = TouchCopy 11"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C8378408-72C8-4223-BE7E-9B461AEDF6B1}" = S4 League_EU"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F4D34EBA-83D6-49E3-A6D6-6889C4A639A3}" = DayZ Commander"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"7-Zip" = 7-Zip 9.20"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"Akamai" = Akamai NetSession Interface Service"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)"AudibleDownloadManager" = Audible Download Manager"Battlelog Web Plugins" = Battlelog Web Plugins"BattlEye for A2" = BattlEye Uninstall"BattlEye for OA" = BattlEye for OA Uninstall"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual"CanonMyPrinter" = Canon My Printer"CanonSolutionMenuEX" = Canon Solution Menu EX"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"Cities XL 2011" = Cities XL 2011"DivX Setup" = DivX Setup"DynUpdater" = Dyn Updater"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX"Easy-WebPrint EX" = Canon Easy-WebPrint EX"ESN Sonar-0.70.0" = ESN Sonar"ESN Sonar-0.70.4" = ESN Sonar"Folder Lock" = Folder Lock"Gateway InfoCentre" = Gateway InfoCentre"Gateway Registration" = Gateway Registration"Gateway Screensaver" = Gateway ScreenSaver"Gateway Welcome Center" = Welcome Center"GOM Player" = GOM Player"HOMESTUDENTR" = Microsoft Office Home and Student 2007"HyperCam 3" = HyperCam 3"Identity Card" = Identity Card"Impulse" = Impulse"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup"JPG to PDF Converter" = JPG to PDF Converter 1.0"KeePass Password Safe_is1" = KeePass Password Safe 1.18"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0"Logitech Vid" = Logitech Vid HD"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Origin" = Origin"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser"Picasa 3" = Picasa 3"PunkBusterSvc" = PunkBuster Services"RaidCall" = Raidcall"SpywareBlaster_is1" = SpywareBlaster 4.5"StarCraft II" = StarCraft II"Steam App 33900" = ARMA 2"Steam App 33930" = ARMA 2: Operation Arrowhead"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server"TeamViewer 7" = TeamViewer 7"Wakfu" = Wakfu"WinLiveSuite" = Windows Live Essentials"World of Warcraft" = World of Warcraft"World of Warcraft Beta" = World of Warcraft Beta"Xvid Video Codec 1.3.2" = Xvid Video Codec========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"101a9f93b8f0bb6f" = Curse Client"Akamai" = Akamai NetSession Interface"Amazon Kindle For PC" = Amazon Kindle For PC v1.1"Google Chrome" = Google Chrome"Move Media Player" = Move Media Player"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player"UnityWebPlayer" = Unity Web Player========== Last 20 Event Log Errors ==========[ Application Events ]Error - 10/11/2011 9:14:23 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 276216Error - 10/11/2011 9:14:23 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 276216Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 277214Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 277214Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 278213Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 278213Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 279211Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 279211[ Media Center Events ]Error - 5/19/2012 11:36:47 AM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:36:45 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/19/2012 11:01:19 PM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:01:19 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/20/2012 11:18:55 AM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:18:50 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/20/2012 11:47:22 PM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:47:22 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/21/2012 11:22:33 AM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:22:29 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/21/2012 11:47:18 PM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:47:18 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 6:53:11 AM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 3:53:11 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 11:21:17 AM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:21:16 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 11:31:16 PM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:31:16 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/23/2012 11:41:35 AM | Computer Name = Austin | Source = MCUpdate | ID = 0Description = 8:41:32 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) [ System Events ]Error - 9/16/2012 11:41:57 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V10 service to connect.Error - 9/16/2012 11:43:43 AM | Computer Name = Austin | Source = EventLog | ID = 6008Description = The previous system shutdown at 9:42:19 AM on ?9/?16/?2012 was unexpected.Error - 9/16/2012 11:46:41 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V10 service to connect.Error - 9/16/2012 11:48:44 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7022Description = The Background Intelligent Transfer Service service hung on starting.Error - 9/16/2012 11:51:08 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v2.0.50727_X86 service to connect.Error - 9/16/2012 11:52:04 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v2.0.50727_X64 service to connect.Error - 9/16/2012 12:00:51 PM | Computer Name = Austin | Source = EventLog | ID = 6008Description = The previous system shutdown at 9:52:36 AM on ?9/?16/?2012 was unexpected.Error - 9/16/2012 12:15:04 PM | Computer Name = Austin | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR1.Error - 9/16/2012 12:15:05 PM | Computer Name = Austin | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR1.Error - 9/16/2012 12:15:06 PM | Computer Name = Austin | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR1.< End of report > Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597913 Share Posted September 16, 2012 Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.5 Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 35 Java version out of Date! Adobe Flash Player 11.4.402.265 Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2012 ID:597916 Share Posted September 16, 2012 Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Accept the EULA & Download the latest version of >> Windows Offline << from here or >> from here <<and save it to your desktop.Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating systemClose any programs you may have running - especially your web browser(s).Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files WindowSmall tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:Click Advanced Tab. Expand the Miscellaneous item.UN-check the line Java quick starterPress Apply then OK. Close the applet when done.Let me know after this is done. There's more to do (much more) to follow. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2012 ID:597927 Share Posted September 16, 2012 After you have got the latest Java Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************:otlIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.O4 - HKLM..\Run: [] O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED:filesC:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.comC:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\conduitengine.xpiC:\Users\Gabe\AppData\Roaming\uTorrentC:\Program Files (x86)\uTorrentrecycler /alldrives:Commands[purity][resethosts][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][emptyjava][Reboot]*****************************************************************Return to OTL. Right click in the window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open.Using your mouse, click on the red-lettered button .Once you see a message box "Fix complete! Click OK to open the fix log."Click the OK buttonThe log will open in Notepad (your default text editor).Save the log. Post a copy of that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.2Have you used Uniblu or 'any' sort of registry "cleaner / tweaker / optimizer / or "whats'it" ??Let me know which.Registry "cleaners" can & do very often cause more trouble than they are worth.3Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLIF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html4Please follow my guidance. Ask if you have questions.I am going to ask you to read very carefully. I am asking you to download to unique folder !!Step 1. Close and save any open documents, and exit programs that you started.Step 2. Download TDSSKiller.exe and SAVE it to a special folderhttp://support.kaspe.../tdsskiller.exeand be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\ChameleonStep 3. Install the Chameleon driver by doing the following:Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon" /oA black DOS prompt will appear with a prompt to press any key to continue, please do.Step 4Please read carefully and follow these steps.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIt may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Please Copy & Paste that log in reply.5Download >> Farbar's Service Scanner utility << and Save to your Desktop.If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.If using XP, double-click to start.Answer Yes to ok when prompted.If your firewall then puts out a prompt, again, allow it to run.Once FSS is on-screen, be sure the following items are checkmarked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderClick on "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Copy & Paste contents of FSS.txt into your reply. Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597946 Share Posted September 16, 2012 All processes killed========== OTL ==========Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturlRegistry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.File not found.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.File "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED not found.========== FILES ==========C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\searchplugin folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\META-INF folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\lib folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\DualPackage folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\defaults folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\components folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\chrome folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com folder moved successfully.C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\conduitengine.xpi moved successfully.C:\Users\Gabe\AppData\Roaming\uTorrent\ie folder moved successfully.C:\Users\Gabe\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.C:\Users\Gabe\AppData\Roaming\uTorrent\apps folder moved successfully.C:\Users\Gabe\AppData\Roaming\uTorrent folder moved successfully.File\Folder C:\Program Files (x86)\uTorrent not found.recycler not found in C:\========== COMMANDS ==========C:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Gabe->Temp folder emptied: 317333305 bytes->Temporary Internet Files folder emptied: 13390097 bytes->Java cache emptied: 1 bytes->FireFox cache emptied: 587760082 bytes->Google Chrome cache emptied: 392171175 bytes->Flash cache emptied: 14919 bytesUser: Mcx1-AUSTIN->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Public->Temp folder emptied: 0 bytesUser: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 136675011 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytesRecycleBin emptied: 311981062 bytesTotal Files Cleaned = 1,678.00 mbRestore point Set: OTL Restore Point[EMPTYFLASH]User: All UsersUser: Default->Flash cache emptied: 0 bytesUser: Default User->Flash cache emptied: 0 bytesUser: Gabe->Flash cache emptied: 0 bytesUser: Mcx1-AUSTIN->Flash cache emptied: 0 bytesUser: PublicUser: UpdatusUserTotal Flash Files Cleaned = 0.00 mb[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: Gabe->Java cache emptied: 0 bytesUser: Mcx1-AUSTINUser: PublicUser: UpdatusUserTotal Java Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.61.5 log created on 09162012_130704Files\Folders moved on Reboot...C:\Users\Gabe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\AdDisplayTrackerServletCA4K0J2U.htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\AdDisplayTrackerServletCACEJOZW.htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\dppix[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\d[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\hbpix[1].gif moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\meta[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\pixel[2].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\Pug[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\Pug[2].gif moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\Pug[3].gif moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\rt=ifr[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\syncuppixels[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\tap[2].gif moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\tpid=E0[1].gif moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\300x250iframeusav2[2].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\adtag[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\freq[3].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\pixel[1].gif moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\AdDisplayTrackerServlet[10].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\AdDisplayTrackerServlet[11].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\addons-v4[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\emily[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\freq[6].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\pd[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\addons-tracker-v4[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\Artemis[1].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\Artemis[2].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\ddc[3].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\dppix[2].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\pd[3].htm moved successfully.C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\syncuppixels[2].htm moved successfully.File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597948 Share Posted September 16, 2012 I have used a registry tool but i don't remember which one Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597952 Share Posted September 16, 2012 Rkill 2.3.15 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 09/16/2012 01:21:43 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * C:\Users\Gabe\AppData\Local\Apps\2.0\620HOHYO.WAP\74RJZVNX.MTD\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe (PID: 4608) [uP-HEUR] * C:\Windows\system32\AMBSpiE.exe (PID: 4240) [WD-HEUR]2 proccesses terminated!Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000Checking Windows Service Integrity: * No issues found.Searching for Missing Digital Signatures: * No issues found.Program finished at: 09/16/2012 01:21:59 PMExecution time: 0 hours(s), 0 minute(s), and 15 seconds(s) Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597956 Share Posted September 16, 2012 13:27:07.0543 6600 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:4813:27:07.0855 6600 ============================================================13:27:07.0855 6600 Current date / time: 2012/09/16 13:27:07.085513:27:07.0855 6600 SystemInfo:13:27:07.0855 6600 13:27:07.0855 6600 OS Version: 6.1.7601 ServicePack: 1.013:27:07.0855 6600 Product type: Workstation13:27:07.0855 6600 ComputerName: AUSTIN13:27:07.0855 6600 UserName: Gabe13:27:07.0855 6600 Windows directory: C:\Windows13:27:07.0855 6600 System windows directory: C:\Windows13:27:07.0855 6600 Running under WOW6413:27:07.0855 6600 Processor architecture: Intel x6413:27:07.0855 6600 Number of processors: 413:27:07.0855 6600 Page size: 0x100013:27:07.0855 6600 Boot type: Normal boot13:27:07.0855 6600 ============================================================13:27:08.0185 6600 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004013:27:08.0187 6600 ============================================================13:27:08.0187 6600 \Device\Harddisk0\DR0:13:27:08.0187 6600 MBR partitions:13:27:08.0188 6600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x3200013:27:08.0188 6600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x728D380013:27:08.0188 6600 ============================================================13:27:08.0205 6600 C: <-> \Device\Harddisk0\DR0\Partition213:27:08.0206 6600 ============================================================13:27:08.0206 6600 Initialize success13:27:08.0206 6600 ============================================================13:27:09.0293 5948 ============================================================13:27:09.0293 5948 Scan started13:27:09.0293 5948 Mode: Manual; 13:27:09.0293 5948 ============================================================13:27:09.0814 5948 ================ Scan system memory ========================13:27:09.0814 5948 System memory - ok13:27:09.0816 5948 ================ Scan services =============================13:27:09.0978 5948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys13:27:09.0981 5948 1394ohci - ok13:27:10.0007 5948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys13:27:10.0010 5948 ACPI - ok13:27:10.0038 5948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys13:27:10.0038 5948 AcpiPmi - ok13:27:10.0138 5948 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe13:27:10.0141 5948 AdobeActiveFileMonitor10.0 - ok13:27:10.0204 5948 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe13:27:10.0205 5948 AdobeARMservice - ok13:27:10.0269 5948 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe13:27:10.0271 5948 AdobeFlashPlayerUpdateSvc - ok13:27:10.0297 5948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys13:27:10.0302 5948 adp94xx - ok13:27:10.0324 5948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys13:27:10.0327 5948 adpahci - ok13:27:10.0351 5948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys13:27:10.0353 5948 adpu320 - ok13:27:10.0402 5948 [ E005682AE8F8EC4EB05F2A70A16EA1C5 ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys13:27:10.0412 5948 AE1000 - ok13:27:10.0424 5948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll13:27:10.0425 5948 AeLookupSvc - ok13:27:10.0462 5948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys13:27:10.0467 5948 AFD - ok13:27:10.0495 5948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys13:27:10.0496 5948 agp440 - ok13:27:10.0628 5948 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll13:27:10.0628 5948 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E7613:27:10.0632 5948 Akamai ( HiddenFile.Multi.Generic ) - warning13:27:10.0632 5948 Akamai - detected HiddenFile.Multi.Generic (1)13:27:10.0639 5948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe13:27:10.0640 5948 ALG - ok13:27:10.0655 5948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys13:27:10.0656 5948 aliide - ok13:27:10.0663 5948 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys13:27:10.0663 5948 amdide - ok13:27:10.0677 5948 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys13:27:10.0678 5948 AmdK8 - ok13:27:10.0686 5948 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys13:27:10.0686 5948 AmdPPM - ok13:27:10.0713 5948 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys13:27:10.0714 5948 amdsata - ok13:27:10.0729 5948 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys13:27:10.0731 5948 amdsbs - ok13:27:10.0746 5948 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys13:27:10.0747 5948 amdxata - ok13:27:10.0778 5948 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys13:27:10.0779 5948 AppID - ok13:27:10.0793 5948 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll13:27:10.0794 5948 AppIDSvc - ok13:27:10.0824 5948 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll13:27:10.0825 5948 Appinfo - ok13:27:10.0883 5948 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe13:27:10.0884 5948 Apple Mobile Device - ok13:27:10.0921 5948 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys13:27:10.0922 5948 arc - ok13:27:10.0932 5948 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys13:27:10.0934 5948 arcsas - ok13:27:10.0962 5948 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys13:27:10.0963 5948 AsyncMac - ok13:27:10.0979 5948 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys13:27:10.0980 5948 atapi - ok13:27:11.0019 5948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll13:27:11.0025 5948 AudioEndpointBuilder - ok13:27:11.0038 5948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll13:27:11.0043 5948 AudioSrv - ok13:27:11.0084 5948 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll13:27:11.0086 5948 AxInstSV - ok13:27:11.0106 5948 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys13:27:11.0110 5948 b06bdrv - ok13:27:11.0128 5948 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys13:27:11.0131 5948 b57nd60a - ok13:27:11.0153 5948 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll13:27:11.0155 5948 BDESVC - ok13:27:11.0176 5948 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys13:27:11.0176 5948 Beep - ok13:27:11.0223 5948 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll13:27:11.0230 5948 BFE - ok13:27:11.0263 5948 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll13:27:11.0278 5948 BITS - ok13:27:11.0300 5948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys13:27:11.0301 5948 blbdrive - ok13:27:11.0366 5948 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe13:27:11.0370 5948 Bonjour Service - ok13:27:11.0405 5948 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys13:27:11.0406 5948 bowser - ok13:27:11.0423 5948 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys13:27:11.0423 5948 BrFiltLo - ok13:27:11.0437 5948 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys13:27:11.0437 5948 BrFiltUp - ok13:27:11.0459 5948 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll13:27:11.0461 5948 Browser - ok13:27:11.0480 5948 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys13:27:11.0482 5948 Brserid - ok13:27:11.0498 5948 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys13:27:11.0499 5948 BrSerWdm - ok13:27:11.0515 5948 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys13:27:11.0515 5948 BrUsbMdm - ok13:27:11.0527 5948 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys13:27:11.0528 5948 BrUsbSer - ok13:27:11.0543 5948 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys13:27:11.0544 5948 BTHMODEM - ok13:27:11.0574 5948 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll13:27:11.0575 5948 bthserv - ok13:27:11.0584 5948 catchme - ok13:27:11.0603 5948 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys13:27:11.0605 5948 cdfs - ok13:27:11.0647 5948 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys13:27:11.0649 5948 cdrom - ok13:27:11.0686 5948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll13:27:11.0688 5948 CertPropSvc - ok13:27:11.0705 5948 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys13:27:11.0706 5948 circlass - ok13:27:11.0727 5948 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys13:27:11.0731 5948 CLFS - ok13:27:11.0782 5948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe13:27:11.0783 5948 clr_optimization_v2.0.50727_32 - ok13:27:11.0813 5948 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe13:27:11.0815 5948 clr_optimization_v2.0.50727_64 - ok13:27:11.0853 5948 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys13:27:11.0854 5948 clwvd - ok13:27:11.0866 5948 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys13:27:11.0866 5948 CmBatt - ok13:27:11.0880 5948 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys13:27:11.0881 5948 cmdide - ok13:27:11.0923 5948 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys13:27:11.0928 5948 CNG - ok13:27:11.0953 5948 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys13:27:11.0953 5948 Compbatt - ok13:27:11.0969 5948 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys13:27:11.0970 5948 CompositeBus - ok13:27:11.0988 5948 COMSysApp - ok13:27:12.0007 5948 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys13:27:12.0008 5948 crcdisk - ok13:27:12.0048 5948 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe13:27:12.0049 5948 Creative ALchemy AL6 Licensing Service - ok13:27:12.0064 5948 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe13:27:12.0065 5948 Creative Audio Engine Licensing Service - ok13:27:12.0100 5948 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll13:27:12.0104 5948 CryptSvc - ok13:27:12.0145 5948 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe13:27:12.0148 5948 CTAudSvcService - ok13:27:12.0192 5948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll13:27:12.0205 5948 DcomLaunch - ok13:27:12.0227 5948 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll13:27:12.0232 5948 defragsvc - ok13:27:12.0267 5948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys13:27:12.0269 5948 DfsC - ok13:27:12.0334 5948 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys13:27:12.0335 5948 dg_ssudbus - ok13:27:12.0369 5948 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll13:27:12.0372 5948 Dhcp - ok13:27:12.0390 5948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys13:27:12.0390 5948 discache - ok13:27:12.0408 5948 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys13:27:12.0409 5948 Disk - ok13:27:12.0443 5948 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll13:27:12.0445 5948 Dnscache - ok13:27:12.0479 5948 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll13:27:12.0484 5948 dot3svc - ok13:27:12.0523 5948 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys13:27:12.0525 5948 Dot4 - ok13:27:12.0568 5948 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys13:27:12.0569 5948 Dot4Print - ok13:27:12.0589 5948 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys13:27:12.0590 5948 dot4usb - ok13:27:12.0606 5948 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll13:27:12.0610 5948 DPS - ok13:27:12.0633 5948 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys13:27:12.0634 5948 drmkaud - ok13:27:12.0637 5948 dump_wmimmc - ok13:27:12.0680 5948 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys13:27:12.0689 5948 DXGKrnl - ok13:27:12.0727 5948 [ C3CDC19B715514200F5CEC8BE5B9C9A8 ] Dyn Updater C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe13:27:12.0728 5948 Dyn Updater - ok13:27:12.0772 5948 [ BF3AF22106627DFF3EF7BAB133C969EA ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys13:27:12.0774 5948 e1kexpress - ok13:27:12.0793 5948 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll13:27:12.0795 5948 EapHost - ok13:27:12.0853 5948 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys13:27:12.0871 5948 ebdrv - ok13:27:12.0918 5948 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe13:27:12.0923 5948 EFS - ok13:27:12.0960 5948 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe13:27:12.0964 5948 ehRecvr - ok13:27:12.0981 5948 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe13:27:12.0982 5948 ehSched - ok13:27:13.0021 5948 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys13:27:13.0024 5948 elxstor - ok13:27:13.0047 5948 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys13:27:13.0048 5948 ErrDev - ok13:27:13.0080 5948 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll13:27:13.0085 5948 EventSystem - ok13:27:13.0104 5948 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys13:27:13.0106 5948 exfat - ok13:27:13.0125 5948 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys13:27:13.0127 5948 fastfat - ok13:27:13.0162 5948 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe13:27:13.0168 5948 Fax - ok13:27:13.0179 5948 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys13:27:13.0180 5948 fdc - ok13:27:13.0197 5948 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll13:27:13.0199 5948 fdPHost - ok13:27:13.0208 5948 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll13:27:13.0210 5948 FDResPub - ok13:27:13.0234 5948 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys13:27:13.0235 5948 FileInfo - ok13:27:13.0249 5948 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys13:27:13.0249 5948 Filetrace - ok13:27:13.0265 5948 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys13:27:13.0266 5948 flpydisk - ok13:27:13.0313 5948 [ 258152071B78B9FDB8E24156B0140C80 ] FLService C:\Windows\SysWow64\WinFLService.exe13:27:13.0322 5948 FLService - ok13:27:13.0338 5948 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys13:27:13.0341 5948 FltMgr - ok13:27:13.0398 5948 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll13:27:13.0411 5948 FontCache - ok13:27:13.0449 5948 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe13:27:13.0450 5948 FontCache3.0.0.0 - ok13:27:13.0468 5948 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys13:27:13.0470 5948 FsDepends - ok13:27:13.0496 5948 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys13:27:13.0497 5948 Fs_Rec - ok13:27:13.0520 5948 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys13:27:13.0522 5948 fvevol - ok13:27:13.0539 5948 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys13:27:13.0540 5948 gagp30kx - ok13:27:13.0586 5948 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys13:27:13.0587 5948 GEARAspiWDM - ok13:27:13.0635 5948 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll13:27:13.0645 5948 gpsvc - ok13:27:13.0707 5948 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe13:27:13.0717 5948 Greg_Service - ok13:27:13.0799 5948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe13:27:13.0800 5948 gupdate - ok13:27:13.0827 5948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe13:27:13.0828 5948 gupdatem - ok13:27:13.0853 5948 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe13:27:13.0855 5948 gusvc - ok13:27:13.0886 5948 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys13:27:13.0887 5948 hamachi - ok13:27:13.0901 5948 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys13:27:13.0902 5948 hcw85cir - ok13:27:13.0936 5948 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys13:27:13.0940 5948 HdAudAddService - ok13:27:13.0967 5948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys13:27:13.0968 5948 HDAudBus - ok13:27:13.0985 5948 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys13:27:13.0986 5948 HidBatt - ok13:27:13.0999 5948 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys13:27:14.0001 5948 HidBth - ok13:27:14.0019 5948 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys13:27:14.0020 5948 HidIr - ok13:27:14.0047 5948 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll13:27:14.0051 5948 hidserv - ok13:27:14.0063 5948 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys13:27:14.0064 5948 HidUsb - ok13:27:14.0093 5948 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll13:27:14.0098 5948 hkmsvc - ok13:27:14.0126 5948 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll13:27:14.0132 5948 HomeGroupListener - ok13:27:14.0148 5948 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll13:27:14.0157 5948 HomeGroupProvider - ok13:27:14.0170 5948 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys13:27:14.0172 5948 HpSAMD - ok13:27:14.0224 5948 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys13:27:14.0231 5948 HTTP - ok13:27:14.0259 5948 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys13:27:14.0260 5948 hwpolicy - ok13:27:14.0298 5948 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys13:27:14.0299 5948 i8042prt - ok13:27:14.0338 5948 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys13:27:14.0342 5948 iaStor - ok13:27:14.0375 5948 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys13:27:14.0379 5948 iaStorV - ok13:27:14.0425 5948 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe13:27:14.0432 5948 idsvc - ok13:27:14.0472 5948 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys13:27:14.0473 5948 iirsp - ok13:27:14.0498 5948 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll13:27:14.0509 5948 IKEEXT - ok13:27:14.0580 5948 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys13:27:14.0599 5948 IntcAzAudAddService - ok13:27:14.0647 5948 [ 2925C4051881E3308C53208836985479 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe13:27:14.0653 5948 Intel® PROSet Monitoring Service - ok13:27:14.0669 5948 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys13:27:14.0670 5948 intelide - ok13:27:14.0691 5948 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys13:27:14.0693 5948 intelppm - ok13:27:14.0723 5948 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll13:27:14.0728 5948 IPBusEnum - ok13:27:14.0742 5948 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys13:27:14.0744 5948 IpFilterDriver - ok13:27:14.0765 5948 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll13:27:14.0773 5948 iphlpsvc - ok13:27:14.0792 5948 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys13:27:14.0794 5948 IPMIDRV - ok13:27:14.0822 5948 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys13:27:14.0824 5948 IPNAT - ok13:27:14.0911 5948 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe13:27:14.0919 5948 iPod Service - ok13:27:14.0943 5948 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys13:27:14.0944 5948 IRENUM - ok13:27:14.0959 5948 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys13:27:14.0960 5948 isapnp - ok13:27:14.0977 5948 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys13:27:14.0980 5948 iScsiPrt - ok13:27:15.0007 5948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys13:27:15.0008 5948 kbdclass - ok13:27:15.0020 5948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys13:27:15.0021 5948 kbdhid - ok13:27:15.0032 5948 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe13:27:15.0037 5948 KeyIso - ok13:27:15.0071 5948 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys13:27:15.0072 5948 KSecDD - ok13:27:15.0084 5948 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys13:27:15.0086 5948 KSecPkg - ok13:27:15.0094 5948 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys13:27:15.0095 5948 ksthunk - ok13:27:15.0124 5948 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll13:27:15.0132 5948 KtmRm - ok13:27:15.0167 5948 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll13:27:15.0177 5948 LanmanServer - ok13:27:15.0217 5948 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll13:27:15.0228 5948 LanmanWorkstation - ok13:27:15.0276 5948 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys13:27:15.0277 5948 lltdio - ok13:27:15.0300 5948 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll13:27:15.0307 5948 lltdsvc - ok13:27:15.0321 5948 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll13:27:15.0327 5948 lmhosts - ok13:27:15.0347 5948 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys13:27:15.0349 5948 LSI_FC - ok13:27:15.0366 5948 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys13:27:15.0368 5948 LSI_SAS - ok13:27:15.0387 5948 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys13:27:15.0388 5948 LSI_SAS2 - ok13:27:15.0404 5948 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys13:27:15.0406 5948 LSI_SCSI - ok13:27:15.0419 5948 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys13:27:15.0421 5948 luafv - ok13:27:15.0450 5948 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys13:27:15.0451 5948 lvpepf64 - ok13:27:15.0488 5948 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys13:27:15.0490 5948 LVPr2M64 - ok13:27:15.0497 5948 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys13:27:15.0499 5948 LVPr2Mon - ok13:27:15.0571 5948 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe13:27:15.0573 5948 LVPrcS64 - ok13:27:15.0613 5948 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys13:27:15.0616 5948 LVRS64 - ok13:27:15.0717 5948 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys13:27:15.0754 5948 LVUVC64 - ok13:27:15.0786 5948 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys13:27:15.0787 5948 MBAMProtector - ok13:27:15.0841 5948 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe13:27:15.0844 5948 MBAMScheduler - ok13:27:15.0884 5948 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe13:27:15.0891 5948 MBAMService - ok13:27:15.0929 5948 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll13:27:15.0933 5948 Mcx2Svc - ok13:27:15.0949 5948 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys13:27:15.0950 5948 megasas - ok13:27:15.0964 5948 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys13:27:15.0966 5948 MegaSR - ok13:27:15.0991 5948 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll13:27:15.0995 5948 MMCSS - ok13:27:16.0001 5948 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys13:27:16.0002 5948 Modem - ok13:27:16.0021 5948 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys13:27:16.0022 5948 monitor - ok13:27:16.0043 5948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys13:27:16.0044 5948 mouclass - ok13:27:16.0059 5948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys13:27:16.0060 5948 mouhid - ok13:27:16.0100 5948 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys13:27:16.0102 5948 mountmgr - ok13:27:16.0145 5948 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe13:27:16.0146 5948 MozillaMaintenance - ok13:27:16.0182 5948 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys13:27:16.0184 5948 MpFilter - ok13:27:16.0210 5948 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys13:27:16.0212 5948 mpio - ok13:27:16.0231 5948 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys13:27:16.0232 5948 mpsdrv - ok13:27:16.0282 5948 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll13:27:16.0295 5948 MpsSvc - ok13:27:16.0333 5948 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys13:27:16.0335 5948 MRxDAV - ok13:27:16.0363 5948 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys13:27:16.0366 5948 mrxsmb - ok13:27:16.0398 5948 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys13:27:16.0402 5948 mrxsmb10 - ok13:27:16.0414 5948 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys13:27:16.0416 5948 mrxsmb20 - ok13:27:16.0442 5948 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys13:27:16.0443 5948 msahci - ok13:27:16.0470 5948 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys13:27:16.0472 5948 msdsm - ok13:27:16.0486 5948 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe13:27:16.0493 5948 MSDTC - ok13:27:16.0506 5948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys13:27:16.0507 5948 Msfs - ok13:27:16.0516 5948 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys13:27:16.0517 5948 mshidkmdf - ok13:27:16.0526 5948 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys13:27:16.0527 5948 msisadrv - ok13:27:16.0554 5948 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll13:27:16.0557 5948 MSiSCSI - ok13:27:16.0560 5948 msiserver - ok13:27:16.0583 5948 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys13:27:16.0584 5948 MSKSSRV - ok13:27:16.0643 5948 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe13:27:16.0644 5948 MsMpSvc - ok13:27:16.0663 5948 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys13:27:16.0664 5948 MSPCLOCK - ok13:27:16.0670 5948 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys13:27:16.0671 5948 MSPQM - ok13:27:16.0701 5948 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys13:27:16.0704 5948 MsRPC - ok13:27:16.0714 5948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys13:27:16.0715 5948 mssmbios - ok13:27:16.0727 5948 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys13:27:16.0728 5948 MSTEE - ok13:27:16.0740 5948 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys13:27:16.0741 5948 MTConfig - ok13:27:16.0756 5948 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys13:27:16.0757 5948 Mup - ok13:27:16.0772 5948 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll13:27:16.0780 5948 napagent - ok13:27:16.0793 5948 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys13:27:16.0796 5948 NativeWifiP - ok13:27:16.0848 5948 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys13:27:16.0857 5948 NDIS - ok13:27:16.0889 5948 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys13:27:16.0890 5948 NdisCap - ok13:27:16.0908 5948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys13:27:16.0909 5948 NdisTapi - ok13:27:16.0958 5948 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys13:27:16.0959 5948 Ndisuio - ok13:27:16.0992 5948 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys13:27:16.0995 5948 NdisWan - ok13:27:17.0005 5948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys13:27:17.0006 5948 NDProxy - ok13:27:17.0044 5948 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll13:27:17.0048 5948 Net Driver HPZ12 - ok13:27:17.0062 5948 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys13:27:17.0063 5948 NetBIOS - ok13:27:17.0077 5948 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys13:27:17.0080 5948 NetBT - ok13:27:17.0085 5948 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe13:27:17.0091 5948 Netlogon - ok13:27:17.0121 5948 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll13:27:17.0127 5948 Netman - ok13:27:17.0165 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe13:27:17.0167 5948 NetMsmqActivator - ok13:27:17.0173 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe13:27:17.0174 5948 NetPipeActivator - ok13:27:17.0198 5948 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll13:27:17.0208 5948 netprofm - ok13:27:17.0214 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe13:27:17.0215 5948 NetTcpActivator - ok13:27:17.0222 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe13:27:17.0223 5948 NetTcpPortSharing - ok13:27:17.0241 5948 [ 2D446F342467128EA389CF44EC79C2BA ] NEWDRIVER C:\Windows\SysWow64\WinVDEdrv6.sys13:27:17.0247 5948 NEWDRIVER - ok13:27:17.0262 5948 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys13:27:17.0262 5948 nfrd960 - ok13:27:17.0283 5948 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys13:27:17.0285 5948 NisDrv - ok13:27:17.0330 5948 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe13:27:17.0334 5948 NisSrv - ok13:27:17.0361 5948 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll13:27:17.0367 5948 NlaSvc - ok13:27:17.0372 5948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys13:27:17.0373 5948 Npfs - ok13:27:17.0376 5948 npggsvc - ok13:27:17.0380 5948 NPPTNT2 - ok13:27:17.0388 5948 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll13:27:17.0392 5948 nsi - ok13:27:17.0403 5948 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys13:27:17.0403 5948 nsiproxy - ok13:27:17.0454 5948 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys13:27:17.0464 5948 Ntfs - ok13:27:17.0514 5948 [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe13:27:17.0515 5948 NTI IScheduleSvc - ok13:27:17.0526 5948 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys13:27:17.0527 5948 NTIDrvr - ok13:27:17.0539 5948 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys13:27:17.0540 5948 Null - ok13:27:17.0809 5948 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys13:27:17.0866 5948 nvlddmkm - ok13:27:17.0936 5948 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys13:27:17.0939 5948 nvraid - ok13:27:17.0957 5948 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys13:27:17.0959 5948 nvstor - ok13:27:18.0010 5948 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe13:27:18.0025 5948 nvsvc - ok13:27:18.0089 5948 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe13:27:18.0100 5948 nvUpdatusService - ok13:27:18.0133 5948 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys13:27:18.0135 5948 nv_agp - ok13:27:18.0204 5948 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE13:27:18.0208 5948 odserv - ok13:27:18.0223 5948 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys13:27:18.0224 5948 ohci1394 - ok13:27:18.0269 5948 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE13:27:18.0271 5948 ose - ok13:27:18.0302 5948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll13:27:18.0312 5948 p2pimsvc - ok13:27:18.0334 5948 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll13:27:18.0344 5948 p2psvc - ok13:27:18.0369 5948 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys13:27:18.0371 5948 Parport - ok13:27:18.0401 5948 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys13:27:18.0403 5948 partmgr - ok13:27:18.0417 5948 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll13:27:18.0426 5948 PcaSvc - ok13:27:18.0439 5948 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys13:27:18.0442 5948 pci - ok13:27:18.0452 5948 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys13:27:18.0454 5948 pciide - ok13:27:18.0470 5948 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys13:27:18.0473 5948 pcmcia - ok13:27:18.0491 5948 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys13:27:18.0492 5948 pcw - ok13:27:18.0514 5948 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys13:27:18.0521 5948 PEAUTH - ok13:27:18.0542 5948 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe13:27:18.0549 5948 PerfHost - ok13:27:18.0639 5948 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS13:27:18.0663 5948 PID_PEPI - ok13:27:18.0677 5948 pilzjtxd - ok13:27:18.0718 5948 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll13:27:18.0728 5948 pla - ok13:27:18.0766 5948 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll13:27:18.0774 5948 PlugPlay - ok13:27:18.0806 5948 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll13:27:18.0809 5948 Pml Driver HPZ12 - ok13:27:18.0838 5948 PnkBstrA - ok13:27:18.0847 5948 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll13:27:18.0853 5948 PNRPAutoReg - ok13:27:18.0867 5948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll13:27:18.0875 5948 PNRPsvc - ok13:27:18.0893 5948 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll13:27:18.0900 5948 PolicyAgent - ok13:27:18.0925 5948 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll13:27:18.0934 5948 Power - ok13:27:18.0977 5948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys13:27:18.0978 5948 PptpMiniport - ok13:27:19.0014 5948 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys13:27:19.0016 5948 Processor - ok13:27:19.0044 5948 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll13:27:19.0054 5948 ProfSvc - ok13:27:19.0061 5948 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe13:27:19.0066 5948 ProtectedStorage - ok13:27:19.0101 5948 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys13:27:19.0103 5948 Psched - ok13:27:19.0132 5948 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys13:27:19.0133 5948 PxHlpa64 - ok13:27:19.0174 5948 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys13:27:19.0189 5948 ql2300 - ok13:27:19.0195 5948 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys13:27:19.0198 5948 ql40xx - ok13:27:19.0214 5948 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll13:27:19.0221 5948 QWAVE - ok13:27:19.0234 5948 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys13:27:19.0235 5948 QWAVEdrv - ok13:27:19.0288 5948 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll13:27:19.0290 5948 RapiMgr - ok13:27:19.0301 5948 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys13:27:19.0302 5948 RasAcd - ok13:27:19.0321 5948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys13:27:19.0322 5948 RasAgileVpn - ok13:27:19.0341 5948 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll13:27:19.0349 5948 RasAuto - ok13:27:19.0360 5948 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys13:27:19.0362 5948 Rasl2tp - ok13:27:19.0374 5948 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll13:27:19.0384 5948 RasMan - ok13:27:19.0397 5948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys13:27:19.0399 5948 RasPppoe - ok13:27:19.0406 5948 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys13:27:19.0408 5948 RasSstp - ok13:27:19.0423 5948 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys13:27:19.0426 5948 rdbss - ok13:27:19.0443 5948 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys13:27:19.0444 5948 rdpbus - ok13:27:19.0461 5948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys13:27:19.0463 5948 RDPCDD - ok13:27:19.0475 5948 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys13:27:19.0476 5948 RDPENCDD - ok13:27:19.0483 5948 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys13:27:19.0484 5948 RDPREFMP - ok13:27:19.0513 5948 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys13:27:19.0516 5948 RDPWD - ok13:27:19.0554 5948 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys13:27:19.0557 5948 rdyboost - ok13:27:19.0584 5948 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll13:27:19.0590 5948 RemoteAccess - ok13:27:19.0605 5948 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll13:27:19.0613 5948 RemoteRegistry - ok13:27:19.0622 5948 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll13:27:19.0630 5948 RpcEptMapper - ok13:27:19.0640 5948 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe13:27:19.0645 5948 RpcLocator - ok13:27:19.0674 5948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll13:27:19.0681 5948 RpcSs - ok13:27:19.0691 5948 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys13:27:19.0692 5948 rspndr - ok13:27:19.0737 5948 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys13:27:19.0739 5948 RSUSBSTOR - ok13:27:19.0784 5948 [ 24510C4A77ABA3B07AEFA840DB888637 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys13:27:19.0786 5948 RzSynapse - ok13:27:19.0794 5948 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe13:27:19.0799 5948 SamSs - ok13:27:19.0836 5948 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys13:27:19.0838 5948 sbp2port - ok13:27:19.0857 5948 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll13:27:19.0867 5948 SCardSvr - ok13:27:19.0890 5948 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys13:27:19.0892 5948 scfilter - ok13:27:19.0936 5948 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll13:27:19.0952 5948 Schedule - ok13:27:19.0985 5948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll13:27:19.0987 5948 SCPolicySvc - ok13:27:20.0000 5948 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll13:27:20.0010 5948 SDRSVC - ok13:27:20.0018 5948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys13:27:20.0019 5948 secdrv - ok13:27:20.0024 5948 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll13:27:20.0032 5948 seclogon - ok13:27:20.0057 5948 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll13:27:20.0066 5948 SENS - ok13:27:20.0075 5948 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll13:27:20.0083 5948 SensrSvc - ok13:27:20.0108 5948 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys13:27:20.0109 5948 Serenum - ok13:27:20.0126 5948 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys13:27:20.0128 5948 Serial - ok13:27:20.0144 5948 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys13:27:20.0146 5948 sermouse - ok13:27:20.0182 5948 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll13:27:20.0191 5948 SessionEnv - ok13:27:20.0222 5948 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys13:27:20.0223 5948 sffdisk - ok13:27:20.0238 5948 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys13:27:20.0239 5948 sffp_mmc - ok13:27:20.0254 5948 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys13:27:20.0255 5948 sffp_sd - ok13:27:20.0266 5948 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys13:27:20.0268 5948 sfloppy - ok13:27:20.0303 5948 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll13:27:20.0309 5948 SharedAccess - ok13:27:20.0326 5948 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll13:27:20.0337 5948 ShellHWDetection - ok13:27:20.0345 5948 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys13:27:20.0346 5948 SiSRaid2 - ok13:27:20.0351 5948 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys13:27:20.0353 5948 SiSRaid4 - ok13:27:20.0417 5948 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe13:27:20.0419 5948 SkypeUpdate - ok13:27:20.0435 5948 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys13:27:20.0437 5948 Smb - ok13:27:20.0453 5948 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe13:27:20.0462 5948 SNMPTRAP - ok13:27:20.0470 5948 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys13:27:20.0472 5948 spldr - ok13:27:20.0511 5948 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe13:27:20.0523 5948 Spooler - ok13:27:20.0607 5948 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe13:27:20.0634 5948 sppsvc - ok13:27:20.0662 5948 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll13:27:20.0666 5948 sppuinotify - ok13:27:20.0708 5948 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys13:27:20.0713 5948 srv - ok13:27:20.0732 5948 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys13:27:20.0735 5948 srv2 - ok13:27:20.0748 5948 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys13:27:20.0750 5948 srvnet - ok13:27:20.0771 5948 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll13:27:20.0779 5948 SSDPSRV - ok13:27:20.0790 5948 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll13:27:20.0797 5948 SstpSvc - ok13:27:20.0827 5948 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys13:27:20.0829 5948 ssudmdm - ok13:27:20.0857 5948 Steam Client Service - ok13:27:20.0916 5948 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe13:27:20.0920 5948 Stereo Service - ok13:27:20.0942 5948 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys13:27:20.0944 5948 stexstor - ok13:27:20.0984 5948 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll13:27:20.0999 5948 stisvc - ok13:27:21.0037 5948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys13:27:21.0039 5948 swenum - ok13:27:21.0060 5948 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll13:27:21.0074 5948 swprv - ok13:27:21.0129 5948 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll13:27:21.0153 5948 SysMain - ok13:27:21.0202 5948 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll13:27:21.0212 5948 TabletInputService - ok13:27:21.0257 5948 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll13:27:21.0269 5948 TapiSrv - ok13:27:21.0282 5948 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll13:27:21.0292 5948 TBS - ok13:27:21.0352 5948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys13:27:21.0366 5948 Tcpip - ok13:27:21.0412 5948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys13:27:21.0421 5948 TCPIP6 - ok13:27:21.0458 5948 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys13:27:21.0459 5948 tcpipreg - ok13:27:21.0478 5948 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys13:27:21.0479 5948 TDPIPE - ok13:27:21.0500 5948 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys13:27:21.0501 5948 TDTCP - ok13:27:21.0515 5948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys13:27:21.0516 5948 tdx - ok13:27:21.0603 5948 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe13:27:21.0618 5948 TeamViewer7 - ok13:27:21.0629 5948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys13:27:21.0630 5948 TermDD - ok13:27:21.0652 5948 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll13:27:21.0659 5948 TermService - ok13:27:21.0673 5948 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll13:27:21.0677 5948 Themes - ok13:27:21.0688 5948 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll13:27:21.0691 5948 THREADORDER - ok13:27:21.0710 5948 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll13:27:21.0715 5948 TrkWks - ok13:27:21.0754 5948 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe13:27:21.0756 5948 TrustedInstaller - ok13:27:21.0788 5948 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys13:27:21.0789 5948 tssecsrv - ok13:27:21.0815 5948 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys13:27:21.0816 5948 TsUsbFlt - ok13:27:21.0866 5948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys13:27:21.0867 5948 tunnel - ok13:27:21.0901 5948 [ 7F8AD76415FB7476096FEF6B92D428CA ] U6000ALL C:\Windows\system32\DRIVERS\dmdcap.sys13:27:21.0904 5948 U6000ALL - ok13:27:21.0918 5948 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys13:27:21.0920 5948 uagp35 - ok13:27:21.0933 5948 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys13:27:21.0934 5948 UBHelper - ok13:27:21.0956 5948 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys13:27:21.0960 5948 udfs - ok13:27:21.0981 5948 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe13:27:21.0990 5948 UI0Detect - ok13:27:22.0032 5948 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys13:27:22.0033 5948 uliagpkx - ok13:27:22.0049 5948 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys13:27:22.0051 5948 umbus - ok13:27:22.0068 5948 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys13:27:22.0069 5948 UmPass - ok13:27:22.0138 5948 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe13:27:22.0141 5948 UMVPFSrv - ok13:27:22.0206 5948 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe13:27:22.0208 5948 Updater Service - ok13:27:22.0226 5948 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll13:27:22.0237 5948 upnphost - ok13:27:22.0277 5948 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys13:27:22.0279 5948 USBAAPL64 - ok13:27:22.0313 5948 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys13:27:22.0315 5948 usbaudio - ok13:27:22.0341 5948 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys13:27:22.0343 5948 usbccgp - ok13:27:22.0358 5948 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys13:27:22.0360 5948 usbcir - ok13:27:22.0374 5948 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys13:27:22.0375 5948 usbehci - ok13:27:22.0393 5948 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys13:27:22.0397 5948 usbhub - ok13:27:22.0409 5948 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys13:27:22.0410 5948 usbohci - ok13:27:22.0447 5948 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys13:27:22.0449 5948 usbprint - ok13:27:22.0481 5948 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys13:27:22.0483 5948 usbscan - ok13:27:22.0491 5948 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS13:27:22.0493 5948 USBSTOR - ok13:27:22.0508 5948 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys13:27:22.0509 5948 usbuhci - ok13:27:22.0546 5948 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys13:27:22.0549 5948 usbvideo - ok13:27:22.0595 5948 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys13:27:22.0597 5948 usb_rndisx - ok13:27:22.0621 5948 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll13:27:22.0631 5948 UxSms - ok13:27:22.0639 5948 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe13:27:22.0645 5948 VaultSvc - ok13:27:22.0667 5948 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys13:27:22.0668 5948 vdrvroot - ok13:27:22.0701 5948 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe13:27:22.0716 5948 vds - ok13:27:22.0745 5948 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys13:27:22.0747 5948 vga - ok13:27:22.0782 5948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys13:27:22.0784 5948 VgaSave - ok13:27:22.0799 5948 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys13:27:22.0802 5948 vhdmp - ok13:27:22.0815 5948 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys13:27:22.0817 5948 viaide - ok13:27:22.0833 5948 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys13:27:22.0835 5948 volmgr - ok13:27:22.0870 5948 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys13:27:22.0875 5948 volmgrx - ok13:27:22.0893 5948 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys13:27:22.0897 5948 volsnap - ok13:27:22.0917 5948 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys13:27:22.0920 5948 vsmraid - ok13:27:22.0979 5948 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe13:27:23.0003 5948 VSS - ok13:27:23.0018 5948 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys13:27:23.0019 5948 vwifibus - ok13:27:23.0040 5948 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys13:27:23.0041 5948 vwififlt - ok13:27:23.0059 5948 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys13:27:23.0061 5948 vwifimp - ok13:27:23.0092 5948 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll13:27:23.0104 5948 W32Time - ok13:27:23.0111 5948 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys13:27:23.0113 5948 WacomPen - ok13:27:23.0135 5948 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys13:27:23.0137 5948 WANARP - ok13:27:23.0142 5948 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys13:27:23.0144 5948 Wanarpv6 - ok13:27:23.0195 5948 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe13:27:23.0205 5948 WatAdminSvc - ok13:27:23.0262 5948 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe13:27:23.0283 5948 wbengine - ok13:27:23.0306 5948 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll13:27:23.0311 5948 WbioSrvc - ok13:27:23.0351 5948 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll13:27:23.0355 5948 WcesComm - ok13:27:23.0372 5948 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll13:27:23.0382 5948 wcncsvc - ok13:27:23.0397 5948 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll13:27:23.0406 5948 WcsPlugInService - ok13:27:23.0410 5948 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys13:27:23.0411 5948 Wd - ok13:27:23.0435 5948 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys13:27:23.0441 5948 Wdf01000 - ok13:27:23.0452 5948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll13:27:23.0460 5948 WdiServiceHost - ok13:27:23.0465 5948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll13:27:23.0474 5948 WdiSystemHost - ok13:27:23.0516 5948 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll13:27:23.0526 5948 WebClient - ok13:27:23.0539 5948 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll13:27:23.0549 5948 Wecsvc - ok13:27:23.0554 5948 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll13:27:23.0559 5948 wercplsupport - ok13:27:23.0566 5948 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll13:27:23.0571 5948 WerSvc - ok13:27:23.0585 5948 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys13:27:23.0586 5948 WfpLwf - ok13:27:23.0600 5948 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys13:27:23.0601 5948 WIMMount - ok13:27:23.0621 5948 WinDefend - ok13:27:23.0719 5948 [ 32140C0E7EE19ABB2ACEA0085B75AFA6 ] WinFLAdrv C:\Windows\syswow64\WinFLAdrv.sys13:27:23.0724 5948 WinFLAdrv - ok13:27:23.0726 5948 WinHttpAutoProxySvc - ok13:27:23.0762 5948 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll13:27:23.0764 5948 Winmgmt - ok13:27:23.0817 5948 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll13:27:23.0831 5948 WinRM - ok13:27:23.0878 5948 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys13:27:23.0879 5948 WinUsb - ok13:27:23.0902 5948 [ 3CC985A4E7D90F5B6D9FF1FD5CD486D7 ] WinVDEDrv C:\Windows\SysWow64\WinVDEdrv.sys13:27:23.0907 5948 WinVDEDrv - ok13:27:23.0924 5948 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll13:27:23.0933 5948 Wlansvc - ok13:27:24.0041 5948 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE13:27:24.0061 5948 wlidsvc - ok13:27:24.0095 5948 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys13:27:24.0097 5948 WmiAcpi - ok13:27:24.0115 5948 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe13:27:24.0118 5948 wmiApSrv - ok13:27:24.0141 5948 WMPNetworkSvc - ok13:27:24.0152 5948 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll13:27:24.0161 5948 WPCSvc - ok13:27:24.0186 5948 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll13:27:24.0195 5948 WPDBusEnum - ok13:27:24.0216 5948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys13:27:24.0218 5948 ws2ifsl - ok13:27:24.0232 5948 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll13:27:24.0241 5948 wscsvc - ok13:27:24.0245 5948 WSearch - ok13:27:24.0307 5948 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll13:27:24.0334 5948 wuauserv - ok13:27:24.0374 5948 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys13:27:24.0376 5948 WudfPf - ok13:27:24.0392 5948 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys13:27:24.0395 5948 WUDFRd - ok13:27:24.0437 5948 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll13:27:24.0447 5948 wudfsvc - ok13:27:24.0468 5948 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll13:27:24.0479 5948 WwanSvc - ok13:27:24.0555 5948 X6va003 - ok13:27:24.0574 5948 xylmutwv - ok13:27:24.0628 5948 ================ Scan global ===============================13:27:24.0642 5948 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll13:27:24.0684 5948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll13:27:24.0692 5948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll13:27:24.0713 5948 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll13:27:24.0734 5948 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe13:27:24.0739 5948 [Global] - ok13:27:24.0739 5948 ================ Scan MBR ==================================13:27:24.0750 5948 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR013:27:24.0903 5948 \Device\Harddisk0\DR0 - ok13:27:24.0903 5948 ================ Scan VBR ==================================13:27:24.0906 5948 [ DED2A6C0B20A1D81950B4CFF48804D24 ] \Device\Harddisk0\DR0\Partition113:27:24.0909 5948 \Device\Harddisk0\DR0\Partition1 - ok13:27:24.0931 5948 [ 1680E25D52DD18122F9911D5AD3FBD36 ] \Device\Harddisk0\DR0\Partition213:27:24.0933 5948 \Device\Harddisk0\DR0\Partition2 - ok13:27:24.0933 5948 ============================================================13:27:24.0933 5948 Scan finished13:27:24.0933 5948 ============================================================13:27:24.0945 3216 Detected object count: 113:27:24.0945 3216 Actual detected object count: 113:27:30.0106 3216 Akamai ( HiddenFile.Multi.Generic ) - skipped by user13:27:30.0106 3216 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:597958 Share Posted September 16, 2012 Farbar Service Scanner Version: 06-08-2012Ran by Gabe (administrator) on 16-09-2012 at 13:29:10Running from "C:\Users\Gabe\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy: ==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=DWORD:0System Restore:============System Restore Disabled Policy: ========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy: ============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK.Windows Defender Disabled Policy: ==========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]"DisableAntiSpyware"=DWORD:1Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys[2012-09-12 00:54] - [2012-08-22 12:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDCC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2012 ID:598015 Share Posted September 16, 2012 Use your Internet Explorer browser to go here at Virustotal websiteClick the Choose File button and then navigate toC:\Users\Gabe\AppData\Local\Apps\2.0\620HOHYO.WAP\74RJZVNX.MTD\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe,then click the Scan it button.The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.Repeat the same steps for C:\Windows\system32\AMBSpiE.exeSave the results, and post back here in a reply.==Use your Internet Explorer browser to go here at VirSCAN.org websiteClick the Browse button and then navigate toC:\Users\Gabe\AppData\Local\Apps\2.0\620HOHYO.WAP\74RJZVNX.MTD\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe, then click the Upload button.Save the results, and post back here in a reply.Repeat the same steps for C:\Windows\system32\AMBSpiE.exeSave the results, and post back here in a reply.NEXTDownload Dr.Web CureIt to the desktop.Turn OFF your antivirus program.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDoubleclick the drweb-cureit.exe file, then on Start and allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, chose the Complete Scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look and see if you can click the following icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.Re-Enable your antivirus program when all done. Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:598022 Share Posted September 16, 2012 SHA256: 52f895b540ca266dfc1e415f3c4eaa15c3b6499d5866969ed46524a2af005b9f SHA1: 5c17e6ac9b787965fb41035f8771bfc0283518d6 MD5: 7b07f26ab215a6fbb47d54f49a067e73 File size: 1.8 MB ( 1908736 bytes ) File name: CurseClient.exe File type: Win32 EXE Detection ratio: 0 / 32 Analysis date: 2012-09-16 23:07:24 UTC ( 1 minute ago ) ( Is that the right info? ) also the AMBSpiE.exe does not show up on the website Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:598023 Share Posted September 16, 2012 VirSCAN.org Scanned Report :Scanned time : 2012/09/16 17:31:03 (MDT)Scanner results: Scanners did not find malware!File Name : CurseClient.exeFile Size : 1908736 byteFile Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MonoMD5 : 7b07f26ab215a6fbb47d54f49a067e73SHA1 : 5c17e6ac9b787965fb41035f8771bfc0283518d6Online report : http://r.virscan.org/82af1a376600083edf570e7c9d632380Scanner Engine Ver Sig Ver Sig Date Time Scan resulta-squared 5.1.0.4 20120917034326 2012-09-17 11.82 -AhnLab V3 2012.09.17.00 2012.09.17 2012-09-17 3.89 -AntiVir 8.2.10.150 7.11.41.132 2012-09-01 0.18 -Antiy 2.0.18 2.0.18. 0002-18-00 0.37 -Arcavir 2011 201206041805 2012-06-04 1.57 -Authentium 5.1.1 201209090949 2012-09-09 1.59 -AVAST! 4.7.4 120914-0 2012-09-14 0.54 -AVG 12.0.1787 2437/5271 2012-09-16 0.28 -BitDefender 7.90123.7545672 7.43465 2012-09-17 4.23 -ClamAV 0.97.5 15363 2012-09-17 0.56 -Comodo 5.1 13570 2012-09-16 2.29 -CP Secure 1.3.0.5 2012.09.15 2012-09-15 0.51 -Dr.Web 7.0.3.7130 2012.09.17 2012-09-17 13.18 -F-Prot 4.6.2.117 20120916 2012-09-16 1.03 -F-Secure 7.02.73807 2012.09.16.07 2012-09-16 2.37 -Fortinet 4.3.392 16.403 2012-09-14 0.14 -GData 22.6127 20120917 2012-09-17 6.66 -ViRobot 20120915 2012.09.15 2012-09-15 0.38 -Ikarus T3.1.32.20.0 2012.09.16.82281 2012-09-16 6.71 -JiangMin 13.0.900 2012.09.16 2012-09-16 2.37 -Kaspersky 5.5.10 2012.09.16 2012-09-16 0.30 -KingSoft 2009.2.5.15 2012.9.16.9 2012-09-16 0.91 -McAfee 5400.1158 6837 2012-09-16 8.73 -Microsoft 1.8704 2012.09.16 2012-09-16 3.77 -NOD32 3.0.21 7484 2012-09-16 0.33 -Norman 6.8.3 201208311030 2012-08-31 0.00 -Panda 9.05.01 2012.09.16 2012-09-16 3.15 -Trend Micro 9.500-1005 9.399.00 2012-09-16 0.20 -Quick Heal 11.00 2012.09.16 2012-09-16 1.49 -Rising 20.0 24.27.04.01 2012-09-14 2.71 -Sophos 3.34.0 4.80 2012-09-17 5.32 -Sunbelt 3.9.2545.2 13098 2012-09-16 1.02 -Symantec 1.3.0.24 20120915.008 2012-09-15 0.63 -nProtect 20120916.01 11985184 2012-09-16 1.39 -The Hacker 6.8.0.0 v00095 2012-09-14 0.71 -VBA32 3.12.18.1 20120914.1041 2012-09-14 3.72 -VirusBuster 5.5.2.13 15.0.191.0/97881902012-09-16 0.19 - Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:598024 Share Posted September 16, 2012 same with the second site. AMDSpiE.exe doesn't show up Link to post Share on other sites More sharing options...
boombaby16 Posted September 16, 2012 Author ID:598025 Share Posted September 16, 2012 SHA256: 52f895b540ca266dfc1e415f3c4eaa15c3b6499d5866969ed46524a2af005b9f SHA1: 5c17e6ac9b787965fb41035f8771bfc0283518d6 MD5: 7b07f26ab215a6fbb47d54f49a067e73 File size: 1.8 MB ( 1908736 bytes ) File name: CurseClient.exe File type: Win32 EXE Detection ratio: 0 / 32 Analysis date: 2012-09-16 23:07:24 UTC ( 1 minute ago 0 More details Antivirus Result Update AhnLab-V3 - 20120916 AntiVir - 20120916 Antiy-AVL - 20120911 AVG - 20120916 ByteHero - 20120910 CAT-QuickHeal - 20120916 ClamAV - 20120916 Commtouch - 20120916 DrWeb - 20120917 ESET-NOD32 - 20120916 F-Prot - 20120916 F-Secure - 20120916 Fortinet - 20120830 Ikarus - 20120916 Jiangmin - 20120916 K7AntiVirus - 20120915 Kaspersky - 20120917 McAfee - 20120917 McAfee-GW-Edition - 20120916 Norman - 20120915 Panda - 20120916 PCTools - 20120916 Rising - 20120914 SUPERAntiSpyware - 20120911 TheHacker - 20120915 TotalDefense - 20120916 TrendMicro - 20120917 TrendMicro-HouseCall - 20120916 VBA32 - 20120914 VIPRE - 20120917 ViRobot - 20120916 VirusBuster - 20120916 First site again more info Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 17, 2012 ID:598198 Share Posted September 17, 2012 Looks as if the online submissions did not detect a suspicious indication.Please do and finish the DrWeb Cureit utility and copy/paste the resultant-log. Link to post Share on other sites More sharing options...
boombaby16 Posted September 17, 2012 Author ID:598321 Share Posted September 17, 2012 UnityWebPlayerUpdate.exe;C:\Documents and Settings\Gabe\AppData\LocalLow\Unity\WebPlayer;Trojan.Inject1.9039;Deleted.; Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 18, 2012 ID:598506 Share Posted September 18, 2012 Download, & save & then run the MS Safety scannerhttp://www.microsoft...us/default.aspxLet me know the result.2Download and Save McAfee Stinger to your Desktophttp://www.mcafee.co...ls/stinger.aspxClose all browsers before starting. Disable your antivirus program and anti-malware,if any.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsOn Windows 7 & Vista systems, Right Click and select Run as Administrator.On XP, double-click to start it.The GUI interface will look like thisThe C drive is the default for scanning.Press the Preferences button. In the top right-block "On virus detection", click RenameIn the bottom block "Heuristic network check for suspicious files" select HighClick the Scan Now button.When done, use the File menu and select Save report to fileStinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.RE-Enable your anti-virus program.Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.It is not intended as virus protection.3Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Centerhttp://www.microsoft...&displaylang=enAfter a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.logThe file may be opened and viewed with Notepad or similar text editor.Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830If no infections were found, you will see in your logResults Summary:----------------No infection found.Now, then, How is the system now ? Link to post Share on other sites More sharing options...
boombaby16 Posted September 18, 2012 Author ID:598561 Share Posted September 18, 2012 --------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.11, August 2012Started On Thu Aug 16 03:01:36 2012->Scan ERROR: resource process://pid:5368 (code 0x00000005 (5))->Scan ERROR: resource process://pid:5504 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:6688 (code 0x00000490 (1168))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 03:06:46 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.12, September 2012Started On Wed Sep 12 03:00:31 2012->Scan ERROR: resource process://pid:852 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 03:03:24 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.12, September 2012Started On Tue Sep 18 06:11:40 2012->Scan ERROR: resource process://pid:1856 (code 0x00000005 (5))---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.12, September 2012Started On Tue Sep 18 09:18:40 2012->Scan ERROR: resource process://pid:6200 (code 0x00000005 (5))->Scan ERROR: resource process://pid:4032 (code 0x00000490 (1168))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 18 09:52:37 2012Return code: 0 (0x0) Link to post Share on other sites More sharing options...
Recommended Posts