Jump to content

CLR Error 80004005 won't go away


boombaby16
 Share

Recommended Posts

Hello boombaby16.

You must first uninstall uTorrent along with any other peer-to-peer app. That is forum policy and I need for you to confirm you have done that before we get going further.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-prams:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Reply back when that is done.

NEXT

Step 1

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 4

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by Maurice Naggar
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03

Ran by SYSTEM at 16-09-2012 10:30:31

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)

HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2779024 2011-03-14] (CANON INC.)

HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-08-12] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-07-07] (Creative Technology Ltd)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)

HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1611160 2011-03-28] (CANON INC.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()

HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()

HKU\Gabe\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKU\Gabe\...\Run: [Akamai NetSession Interface] "C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)

HKU\Gabe\...\Run: [Google Update] "C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-26] (Google Inc.)

HKU\Gabe\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKU\Gabe\...\Run: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe [321736 2012-08-14] ( New Softwares.net)

HKU\Gabe\...\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2012-08-14] (New Softwares.net)

HKU\Gabe\...\Run: [steam] "C:\Program Files (x86)\newsteam\steam.exe" -silent [1353080 2012-09-13] (Valve Corporation)

HKU\Gabe\...\Policies\system: [LogonHoursAction] 2

HKU\Gabe\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mcx1-AUSTIN\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)

HKU\UpdatusUser\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()

Tcpip\Parameters: [DhcpNameServer] 69.169.190.211 208.72.160.67

Tcpip\..\Interfaces\{6BC084C6-73F6-4A18-AC61-EB4D9553E781}: [NameServer]192.168.1.1

Startup: C:\Users\Gabe\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Gabe\Start Menu\Programs\Startup\ts3server_win64.exe (TeamSpeak Systems GmbH)

==================== Services (Whitelisted) ===================

2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)

4 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)

2 FLService; C:\Windows\SysWow64\WinFLService.exe [91336 2012-08-14] (New Softwares.net)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-15] ()

==================== Drivers (Whitelisted) =====================

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-01-19] (Ralink Technology Corp.)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)

2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2012-08-13] ()

3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)

3 U6000ALL; C:\Windows\System32\DRIVERS\dmdcap.sys [276480 2007-06-08] ()

1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2012-08-14] ()

2 WinVDEDrv; \??\C:\Windows\SysWow64\WinVDEdrv.sys [225680 2012-08-13] (NewSoftwares.net, Inc.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 dump_wmimmc; \??\C:\Program Files (x86)\CABAL Online (NA - Global)\GameGuard\dump_wmimmc.sys [x]

3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

1 pilzjtxd; \??\C:\Windows\system32\drivers\pilzjtxd.sys [x]

3 X6va003; \??\C:\Users\Gabe\AppData\Local\Temp\0036C13.tmp [x]

1 xylmutwv; \??\C:\Windows\system32\drivers\xylmutwv.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-16 08:16 - 2012-09-16 08:16 - 00000470 ____A C:\Users\Gabe\Desktop\defogger_disable.log

2012-09-16 08:16 - 2012-09-16 08:16 - 00000000 ____A C:\Users\Gabe\defogger_reenable

2012-09-16 08:13 - 2012-09-16 08:15 - 00000000 ____D C:\Users\Gabe\Desktop\ERUNT

2012-09-16 08:10 - 2012-09-16 08:10 - 00050477 ____A C:\Users\Gabe\Desktop\Defogger.exe

2012-09-15 14:46 - 2012-09-15 14:46 - 00302219 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

2012-09-15 06:22 - 2012-09-15 06:23 - 00000000 ____D C:\Users\Gabe\Documents\Battlefield 3

2012-09-15 06:19 - 2012-09-15 06:19 - 03878360 ____A C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

2012-09-15 06:07 - 2012-09-15 06:07 - 00001141 ____A C:\Users\Public\Desktop\Battlefield 3.lnk

2012-09-15 06:06 - 2012-09-15 16:03 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-09-15 06:06 - 2012-09-15 06:30 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-09-15 05:37 - 2012-09-15 06:17 - 00000000 ____D C:\Users\Gabe\AppData\Local\Origin

2012-09-15 05:37 - 2012-09-15 05:37 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Origin

2012-09-15 05:35 - 2012-09-15 05:39 - 00000000 ____D C:\Users\All Users\Origin

2012-09-15 05:35 - 2012-09-15 05:37 - 00000000 ____D C:\Program Files (x86)\Origin

2012-09-15 05:35 - 2012-09-15 05:35 - 00000950 ____A C:\Users\Public\Desktop\Origin.lnk

2012-09-15 05:35 - 2012-09-15 05:35 - 00000537 ____A C:\Windows\KB893803v2.log

2012-09-15 05:33 - 2012-09-15 05:34 - 16910992 ____A (Electronic Arts, Inc.) C:\Users\Gabe\Desktop\OriginThinSetup.exe

2012-09-15 05:32 - 2012-09-15 05:32 - 00000000 ____D C:\Users\Gabe\Desktop\Battlefield 3- Premium Edition

2012-09-14 17:43 - 2012-09-14 17:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\dotNetFx40_Full_setup.exe

2012-09-14 17:30 - 2012-08-30 22:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-09-14 17:29 - 2012-09-14 17:29 - 16868888 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\Windows-KB890830-V4.12.exe

2012-09-14 13:27 - 2012-09-14 16:41 - 00000038 ___RH C:\Users\Gabe\Desktop\stinger.opt

2012-09-14 13:26 - 2012-09-14 16:41 - 00000000 ____D C:\Program Files (x86)\stinger

2012-09-14 13:26 - 2012-09-14 13:26 - 09994856 ____A (McAfee Inc.) C:\Users\Gabe\Desktop\stinger.exe

2012-09-14 06:23 - 2012-09-14 17:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\ArmA 2

2012-09-13 20:38 - 2012-09-13 20:38 - 00032037 ____A C:\Users\Gabe\Desktop\DDS.txt

2012-09-13 20:38 - 2012-09-13 20:38 - 00009748 ____A C:\Users\Gabe\Desktop\Attach.txt

2012-09-13 20:34 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Desktop\Result.txt

2012-09-13 20:18 - 2012-09-13 20:18 - 00607260 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com

2012-09-13 20:17 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Downloads\Result.txt

2012-09-13 20:16 - 2012-09-13 20:16 - 00751391 ____A (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe

2012-09-13 19:22 - 2012-09-13 19:22 - 00001750 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-09-13 19:22 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Program Files\iTunes

2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-09-13 19:21 - 2012-09-13 19:21 - 00000000 ____D C:\Program Files\iPod

2012-09-13 19:10 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-09-13 19:10 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-09-13 19:10 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-09-13 19:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys

2012-09-13 19:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-09-13 19:06 - 2012-09-13 19:06 - 00000000 ____D C:\f1367e126a89152dbd33

2012-09-13 18:31 - 2012-09-14 17:25 - 00000000 ____D C:\Users\Gabe\Documents\ArmA 2

2012-09-13 18:31 - 2012-09-13 18:33 - 00000000 ____D C:\Users\Gabe\AppData\Local\ArmA 2 OA

2012-09-13 18:30 - 2012-09-15 06:06 - 00073702 ____A C:\Windows\DirectX.log

2012-09-13 18:21 - 2012-09-13 18:21 - 00001301 ____A C:\Users\Public\Desktop\DayZ Commander.lnk

2012-09-13 18:21 - 2012-09-13 18:21 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios

2012-09-13 16:58 - 2012-09-13 16:58 - 00000224 ____A C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

2012-09-12 12:01 - 2012-09-12 12:01 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab

2012-09-12 12:01 - 2012-09-12 12:01 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab

2012-09-11 22:54 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-09-11 22:54 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-09-11 22:54 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-09-02 23:53 - 2012-09-02 23:53 - 00000000 ____D C:\Users\Gabe\Documents\Amazon MP3

2012-09-01 22:50 - 2012-09-01 22:50 - 00000000 ___DC C:\Users\All Users\{3FC66E2C-85B6-4398-82FB-C13C51DE9DD8}

2012-09-01 22:42 - 2012-09-01 22:50 - 1519417223 ____A C:\Users\Gabe\Downloads\LOLPBE.zip

2012-09-01 01:11 - 1999-12-31 16:00 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-09-01 01:11 - 1999-12-31 16:00 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2012-09-01 00:40 - 2012-09-01 00:40 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\InstallShield

2012-09-01 00:40 - 2012-09-01 00:40 - 00000000 ____D C:\Users\All Users\InstallShield

2012-09-01 00:40 - 2011-02-18 06:11 - 00439320 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys

2012-09-01 00:38 - 2012-09-01 00:38 - 00000000 ____D C:\Windows\SysWOW64\sda

2012-09-01 00:36 - 1999-12-31 16:00 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll

2012-09-01 00:36 - 1999-12-31 16:00 - 00422504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStor.dll

2012-09-01 00:36 - 1999-12-31 16:00 - 00250984 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys

2012-09-01 00:33 - 2012-09-01 00:33 - 00000000 ____D C:\Program Files\Intel

2012-09-01 00:33 - 2011-09-26 15:15 - 00178344 ____A (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

2012-09-01 00:32 - 2011-09-06 13:33 - 00355016 ____A (Intel Corporation) C:\Windows\System32\PROUnstl.exe

2012-09-01 00:32 - 2006-01-12 12:52 - 00001904 ____N C:\Windows\System32\SetupBD.din

2012-09-01 00:19 - 2011-07-20 06:58 - 00342704 ____A (Intel Corporation) C:\Windows\System32\Drivers\e1k62x64.sys

2012-09-01 00:19 - 2011-06-29 21:55 - 00068264 ____A (Intel Corporation) C:\Windows\System32\e1kmsg.dll

2012-09-01 00:19 - 2011-06-15 22:14 - 00098496 ____A (Intel Corporation) C:\Windows\System32\NicInstK.dll

2012-09-01 00:19 - 2009-10-09 08:43 - 00003143 ____A C:\Windows\System32\e1k62x64.din

2012-09-01 00:04 - 2012-09-01 00:04 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk

2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Users\Gabe\AppData\Local\SlimWare Utilities Inc

2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Program Files (x86)\DriverUpdate

2012-08-31 20:19 - 2012-08-31 20:19 - 00002885 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log

2012-08-31 20:19 - 2012-08-28 18:10 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-31 20:19 - 2012-08-28 18:10 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-31 20:19 - 2012-08-28 18:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-29 20:05 - 2012-08-29 20:05 - 00000318 ____A C:\Users\Gabe\Desktop\Curse Client.appref-ms

2012-08-29 20:05 - 2012-08-29 20:05 - 00000000 ____D C:\Users\Gabe\Documents\My Curse

2012-08-29 19:46 - 2012-08-29 20:04 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.0

2012-08-29 19:46 - 2012-08-29 19:46 - 00000965 ____A C:\Users\Gabe\Gabe - Shortcut.lnk

2012-08-28 08:52 - 2012-08-28 08:52 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

2012-08-28 08:25 - 2012-08-28 08:59 - 00000984 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-08-24 13:39 - 2012-08-24 13:39 - 00000000 ____D C:\Users\Gabe\AppData\Local\{2E299EFB-46B7-442A-845F-11E4B795ED59}

2012-08-19 18:27 - 2012-08-19 18:27 - 00000030 ____A C:\Users\Gabe\AppData\Local\HackLogs.dat

2012-08-19 18:24 - 2012-08-28 18:24 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-19 18:23 - 2012-08-19 18:23 - 00000000 ____D C:\Users\All Users\McAfee

==================== 3 Months Modified Files ==================

2012-09-16 08:26 - 2012-07-26 15:27 - 00024776 ____A C:\Windows\PFRO.log

2012-09-16 08:26 - 2012-07-26 14:56 - 00015166 ____A C:\Windows\setupact.log

2012-09-16 08:26 - 2010-02-02 06:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-16 08:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-16 08:25 - 2009-10-17 02:53 - 01186162 ____A C:\Windows\WindowsUpdate.log

2012-09-16 08:25 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-16 08:25 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-16 08:17 - 2009-07-13 21:13 - 00852118 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-16 08:16 - 2012-09-16 08:16 - 00000470 ____A C:\Users\Gabe\Desktop\defogger_disable.log

2012-09-16 08:16 - 2012-09-16 08:16 - 00000000 ____A C:\Users\Gabe\defogger_reenable

2012-09-16 08:11 - 2012-04-07 21:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-16 08:10 - 2012-09-16 08:10 - 00050477 ____A C:\Users\Gabe\Desktop\Defogger.exe

2012-09-16 07:51 - 2009-12-26 20:18 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000UA.job

2012-09-16 06:54 - 2010-02-02 06:07 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-15 16:03 - 2012-09-15 06:06 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-09-15 16:03 - 2011-08-31 09:12 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-09-15 16:03 - 2011-08-31 09:10 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-09-15 14:46 - 2012-09-15 14:46 - 00302219 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

2012-09-15 13:50 - 2009-12-26 20:18 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000Core.job

2012-09-15 06:30 - 2012-09-15 06:06 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-09-15 06:19 - 2012-09-15 06:19 - 03878360 ____A C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

2012-09-15 06:07 - 2012-09-15 06:07 - 00001141 ____A C:\Users\Public\Desktop\Battlefield 3.lnk

2012-09-15 06:06 - 2012-09-13 18:30 - 00073702 ____A C:\Windows\DirectX.log

2012-09-15 05:35 - 2012-09-15 05:35 - 00000950 ____A C:\Users\Public\Desktop\Origin.lnk

2012-09-15 05:35 - 2012-09-15 05:35 - 00000537 ____A C:\Windows\KB893803v2.log

2012-09-15 05:35 - 2010-01-26 11:38 - 00003000 ____A C:\Windows\wininit.ini

2012-09-15 05:34 - 2012-09-15 05:33 - 16910992 ____A (Electronic Arts, Inc.) C:\Users\Gabe\Desktop\OriginThinSetup.exe

2012-09-14 17:43 - 2012-09-14 17:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\dotNetFx40_Full_setup.exe

2012-09-14 17:29 - 2012-09-14 17:29 - 16868888 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\Windows-KB890830-V4.12.exe

2012-09-14 16:41 - 2012-09-14 13:27 - 00000038 ___RH C:\Users\Gabe\Desktop\stinger.opt

2012-09-14 13:26 - 2012-09-14 13:26 - 09994856 ____A (McAfee Inc.) C:\Users\Gabe\Desktop\stinger.exe

2012-09-13 20:38 - 2012-09-13 20:38 - 00032037 ____A C:\Users\Gabe\Desktop\DDS.txt

2012-09-13 20:38 - 2012-09-13 20:38 - 00009748 ____A C:\Users\Gabe\Desktop\Attach.txt

2012-09-13 20:34 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Desktop\Result.txt

2012-09-13 20:34 - 2012-09-13 20:17 - 00034177 ____A C:\Users\Gabe\Downloads\Result.txt

2012-09-13 20:18 - 2012-09-13 20:18 - 00607260 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com

2012-09-13 20:16 - 2012-09-13 20:16 - 00751391 ____A (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe

2012-09-13 20:04 - 2012-01-01 03:40 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-13 19:25 - 2010-12-23 11:30 - 00868104 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-09-13 19:22 - 2012-09-13 19:22 - 00001750 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-09-13 19:04 - 2012-04-07 21:30 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-09-13 19:04 - 2011-11-20 23:33 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-09-13 18:21 - 2012-09-13 18:21 - 00001301 ____A C:\Users\Public\Desktop\DayZ Commander.lnk

2012-09-13 16:58 - 2012-09-13 16:58 - 00000224 ____A C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

2012-09-12 01:00 - 2009-11-26 14:54 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-09-07 15:04 - 2011-10-09 21:14 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-04 09:46 - 2011-11-01 13:56 - 00002455 ____A C:\Users\Gabe\Desktop\Google Chrome.lnk

2012-09-01 22:50 - 2012-09-01 22:42 - 1519417223 ____A C:\Users\Gabe\Downloads\LOLPBE.zip

2012-09-01 00:04 - 2012-09-01 00:04 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk

2012-08-31 20:19 - 2012-08-31 20:19 - 00002885 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log

2012-08-30 22:12 - 2012-09-14 17:30 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-08-29 20:05 - 2012-08-29 20:05 - 00000318 ____A C:\Users\Gabe\Desktop\Curse Client.appref-ms

2012-08-29 20:01 - 2012-08-14 17:19 - 00003465 __ASH C:\Windows\SysWOW64\win_stlthdb_sys.dat

2012-08-29 20:01 - 2012-08-13 19:06 - 00003465 __ASH C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat

2012-08-29 20:01 - 2012-08-13 19:06 - 00000700 __ASH C:\Users\Gabe\AppData\Local\systemFL7.dat

2012-08-29 19:46 - 2012-08-29 19:46 - 00000965 ____A C:\Users\Gabe\Gabe - Shortcut.lnk

2012-08-28 18:24 - 2012-08-19 18:24 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-28 18:24 - 2010-09-03 11:41 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-08-28 18:10 - 2012-08-31 20:19 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-28 18:10 - 2012-08-31 20:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-28 18:09 - 2012-08-31 20:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-28 08:59 - 2012-08-28 08:25 - 00000984 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-08-28 08:52 - 2012-08-28 08:52 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

2012-08-27 17:26 - 2012-08-13 19:12 - 00001906 __ASH C:\Users\Gabe\AppData\Local\win_fldb_sys.dat

2012-08-27 17:26 - 2012-08-13 19:12 - 00001386 __ASH C:\Windows\SysWOW64\win_fldb_sys.dat

2012-08-22 10:12 - 2012-09-13 19:10 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-11 22:54 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-11 22:54 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-11 22:54 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 11:01 - 2012-09-13 19:22 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-08-21 11:01 - 2009-11-27 11:46 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll

2012-08-21 11:01 - 2009-11-27 11:46 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll

2012-08-19 18:27 - 2012-08-19 18:27 - 00000030 ____A C:\Users\Gabe\AppData\Local\HackLogs.dat

2012-08-16 12:51 - 2012-08-16 12:47 - 00049512 ____A C:\Users\Gabe\Documents\(Unknown) - Clip 001.avi.sfk

2012-08-16 12:51 - 2012-08-16 12:47 - 00001024 ____A C:\Users\Gabe\Documents\Default.sfvidcap

2012-08-16 12:46 - 2012-08-16 12:45 - 967345152 ____A C:\Users\Gabe\Documents\(Unknown) - Clip 001.avi

2012-08-16 01:28 - 2009-07-13 20:45 - 04909576 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-14 17:24 - 2012-08-14 17:24 - 00000620 __ASH C:\Users\Gabe\AppData\Local\settingsFL.dat

2012-08-14 17:18 - 2012-08-13 19:05 - 00321736 ____A ( New Softwares.net) C:\Windows\SysWOW64\WinFLTrayShred.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00321736 ____A ( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00091336 ____A (New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00040960 ____A C:\Windows\SysWOW64\nwsftUninstall.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00034816 ____A C:\Windows\SysWOW64\WinFLAdrv.sys

2012-08-14 17:18 - 2012-08-13 19:05 - 00014024 ____A C:\Windows\SysWOW64\WinFLMsgService.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00001106 ____A C:\Users\Gabe\Desktop\Folder Lock.lnk

2012-08-14 17:17 - 2012-08-14 17:16 - 00001328 ____A C:\Users\Public\Desktop\World of Warcraft Beta.lnk

2012-08-14 17:11 - 2012-08-14 17:11 - 31727744 ____A (Blizzard Entertainment) C:\Users\Gabe\Desktop\World of Warcraft Beta Setup.exe

2012-08-13 19:06 - 2012-08-13 19:06 - 00002568 __ASH C:\Users\All Users\win_mpwd_sys.dat

2012-08-13 19:05 - 2012-08-13 19:05 - 00225680 ____A (NewSoftwares.net, Inc.) C:\Windows\SysWOW64\WinVDEdrv.sys

2012-08-13 19:05 - 2012-08-13 19:05 - 00197648 ____A C:\Windows\SysWOW64\WinVDEdrv6.sys

2012-08-06 21:05 - 2012-08-06 21:05 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-06 23_05_03.581740.dmp

2012-08-05 17:25 - 2012-03-14 10:40 - 00001156 ____A C:\Users\Public\Desktop\GOM Player.lnk

2012-08-02 09:58 - 2012-09-13 19:10 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-13 19:10 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-08-01 21:12 - 2012-08-01 21:12 - 00007603 ____A C:\Users\Gabe\AppData\Local\Resmon.ResmonCfg

2012-08-01 16:31 - 2012-08-01 16:31 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-01 18_31_09.895452.dmp

2012-07-31 20:33 - 2012-07-31 20:33 - 00002533 ____A C:\Users\Gabe\Desktop\Skype.lnk

2012-07-31 20:11 - 2011-10-03 22:26 - 00021352 ____A C:\Windows\System32\lvcoinst.log

2012-07-30 11:32 - 2012-07-30 11:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-07-30 11:32 - 2012-07-30 11:32 - 00102240 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-07-29 17:03 - 2011-10-30 23:14 - 00036864 ____A C:\Users\Gabe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-29 09:52 - 2012-07-29 09:52 - 00001047 ____A C:\Users\Public\Desktop\Vegas Pro 11.0.lnk

2012-07-28 17:20 - 2011-10-04 11:13 - 00083984 ____A C:\Users\Gabe\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-28 17:19 - 2010-01-11 12:13 - 00007756 ____A C:\Users\All Users\hpzinstall.log

2012-07-26 14:56 - 2012-07-26 14:56 - 00000000 ____A C:\Windows\setuperr.log

2012-07-25 14:01 - 2012-07-25 11:19 - 00002046 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk

2012-07-25 14:00 - 2012-07-25 11:17 - 00002329 ____A C:\Users\Public\Desktop\Canon MG2100 series On-screen Manual.lnk

2012-07-18 10:15 - 2012-08-15 02:27 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-16 17:16 - 2012-07-16 17:16 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1342421813-2012-07-16 19_16_09.766721.dmp

2012-07-12 06:37 - 2012-07-12 06:37 - 00041174 ____A C:\Users\Gabe\Documents\cc_20120712_083703.reg

2012-07-12 06:33 - 2012-06-08 16:58 - 00000829 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-09 11:42 - 2012-07-09 11:42 - 04547984 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll

2012-07-09 11:42 - 2012-07-09 11:42 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys

2012-07-04 14:16 - 2012-08-15 02:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-15 02:27 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-15 02:27 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-15 02:27 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-15 02:27 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-04 12:26 - 2012-09-13 19:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys

2012-07-04 12:26 - 2012-09-13 19:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-06-28 20:55 - 2012-08-16 01:08 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 20:09 - 2012-08-16 01:08 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 19:56 - 2012-08-16 01:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 19:49 - 2012-08-16 01:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 19:49 - 2012-08-16 01:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 19:48 - 2012-08-16 01:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 19:47 - 2012-08-16 01:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 19:45 - 2012-08-16 01:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 19:44 - 2012-08-16 01:08 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 19:43 - 2012-08-16 01:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 19:42 - 2012-08-16 01:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 19:40 - 2012-08-16 01:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 19:39 - 2012-08-16 01:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 19:35 - 2012-08-16 01:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 16:52 - 2012-08-16 01:08 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 16:27 - 2012-08-16 01:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 16:16 - 2012-08-16 01:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 16:09 - 2012-08-16 01:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 16:09 - 2012-08-16 01:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 16:08 - 2012-08-16 01:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 16:07 - 2012-08-16 01:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 16:06 - 2012-08-16 01:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 16:04 - 2012-08-16 01:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 16:04 - 2012-08-16 01:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 16:01 - 2012-08-16 01:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 16:01 - 2012-08-16 01:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 16:00 - 2012-08-16 01:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 15:57 - 2012-08-16 01:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-25 13:22 - 2012-04-28 18:36 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-14 17:23:35

Restore point made on: 2012-09-15 06:04:52

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8183.11 MB

Available physical RAM: 7355.73 MB

Total Pagefile: 8181.26 MB

Available Pagefile: 7356.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:916.41 GB) (Free:418.75 GB) NTFS

2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.68 GB) NTFS

4 Drive g: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 3824 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 15 GB 1024 KB

Partition 2 Primary 100 MB 15 GB

Partition 3 Primary 916 GB 15 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Gateway NTFS Partition 916 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3823 MB 564 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB20FD FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-09-06 04:59

==================== End Of Log =============================

Link to post
Share on other sites

Return back to normal Windows. {Restart your system}

IF you have a previous copy of OTL.exe then delete it.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

OTL logfile created on: 9/16/2012 11:43:16 AM - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Gabe\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.54% Memory free

15.98 Gb Paging File | 14.01 Gb Available in Paging File | 87.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 418.74 Gb Free Space | 45.69% Space Free | Partition Type: NTFS

Computer Name: AUSTIN | User Name: Gabe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/16 11:34:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe

PRC - [2012/09/15 08:30:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/08/24 05:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/08/14 19:18:16 | 000,275,656 | ---- | M] (New Softwares.net) -- C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe

PRC - [2012/08/14 19:18:11 | 001,238,216 | ---- | M] ( New Softwares.net) -- C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe

PRC - [2012/08/14 19:18:07 | 000,091,336 | ---- | M] (New Softwares.net) -- C:\Windows\SysWOW64\WinFLService.exe

PRC - [2012/08/14 19:18:04 | 000,321,736 | ---- | M] ( New Softwares.net) -- C:\Windows\SysWOW64\WinFLTray.exe

PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/11/16 22:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2011/03/28 11:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2011/03/07 13:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

PRC - [2009/07/07 14:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe

PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2009/02/23 13:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [1999/12/31 18:00:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

MOD - [2009/08/13 17:00:46 | 000,169,984 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 19:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 19:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/09/26 17:15:38 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV - [2012/09/15 08:30:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/09/13 21:04:13 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/13 18:52:02 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/09/10 13:27:04 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)

SRV - [2012/09/09 19:56:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/24 05:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/08/14 19:18:07 | 000,091,336 | ---- | M] (New Softwares.net) [Auto | Running] -- C:\Windows\SysWOW64\WinFLService.exe -- (FLService)

SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/11/15 11:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)

SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2010/10/21 14:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2009/10/17 04:59:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009/10/17 04:58:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/23 13:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [1999/12/31 18:00:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/20 21:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/11/15 11:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)

DRV:64bit: - [2011/07/20 08:58:22 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2011/04/13 21:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/18 08:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/01/19 12:50:23 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)

DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/04/30 16:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2009/04/30 16:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007/06/08 08:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL)

DRV:64bit: - [1999/12/31 18:00:00 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2012/08/13 21:05:42 | 000,197,648 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysWOW64\WinVDEdrv6.sys -- (NEWDRIVER)

DRV - [2012/08/13 21:05:41 | 000,225,680 | ---- | M] (NewSoftwares.net, Inc.) [File_System | Auto | Running] -- C:\Windows\SysWOW64\WinVDEdrv.sys -- (WinVDEDrv)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/12/31 09:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6830&r=173611095216p0325v1k5k48926241

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6830&r=173611095216p0325v1k5k48926241

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={D7F9B83F-2513-4C25-8580-245EC3C2841A}&mid=d57939cbbc8547d0804fd1482a8b5da6-5f0d3d0792bd5478ce8e5957931ac5ca75832844〈=en&ds=gm011&pr=sa&d=2012-04-19 17:20:43&v=11.0.0.9&sap=hp

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS355US355

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D7F9B83F-2513-4C25-8580-245EC3C2841A}&mid=d57939cbbc8547d0804fd1482a8b5da6-5f0d3d0792bd5478ce8e5957931ac5ca75832844〈=en&ds=gm011&pr=sa&d=2012-04-19 17:20:43&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [string data over 1000 bytes]

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: " "

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"'>http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110621

FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0

FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Gabe\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gabe\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gabe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gabe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2012/09/09 19:56:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2012/08/19 20:24:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Gabe\AppData\Roaming\Move Networks [2009/12/22 21:22:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2012/09/09 19:56:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2012/08/19 20:24:19 | 000,000,000 | ---D | M]

[2009/12/26 22:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Extensions

[2012/09/07 22:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions

[2011/01/30 00:59:27 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2012/09/07 22:10:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012/08/26 10:15:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/04/21 20:32:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com

[2012/02/21 18:23:30 | 000,166,900 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}.xpi

[2012/08/27 19:29:41 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2011/01/23 18:21:38 | 000,919,575 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\conduitengine.xpi

[2011/01/23 18:21:38 | 000,917,835 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\xfirexo_tb.xpi

[2011/05/04 15:08:19 | 000,001,832 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\bing.xml

[2011/10/02 13:57:40 | 000,000,863 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\conduit.xml

[2010/03/27 09:26:19 | 000,010,017 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\mywebsearch.xml

[2012/08/31 22:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 3.6 BETA 5\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npijjiFFPlugin1.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Gabe\AppData\LocalLow\raidcall\plugins\webplugin_en.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Gabe\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Prezi = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\

CHR - Extension: Angry Birds = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: YouTube Downloader = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\baghcaokjpiflfgfddiobkomaaklphhg\12.0_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Add to Amazon Wish List = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\

CHR - Extension: Japanese Kana = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign\2.0.3_0\

CHR - Extension: Picnik = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\

CHR - Extension: StumbleUpon = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.7.12.1_0\

CHR - Extension: Easy YouTube Downloader = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\linimbofbhfiebblpncbhgefaolagapd\73_0\

CHR - Extension: Google Mail Checker = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.4_0\

CHR - Extension: Xbox LIVE Dashboard = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobdmiffgnobnpagcjjmpcajhdaoighg\0.9.9.5_0\

O1 HOSTS File: ([2011/10/28 17:55:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe (New Softwares.net)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\newsteam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKCU..\Run: [WinFLTray] C:\Windows\SysWOW64\WinFLTray.exe ( New Softwares.net)

O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ts3server_win64.exe (TeamSpeak Systems GmbH)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.169.190.211 208.72.160.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9045E3-1B5D-42FD-ACCF-147F1A58918A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC53C46-B7D6-4384-9DB9-6F11CE9EF5FF}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC084C6-73F6-4A18-AC61-EB4D9553E781}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EC38F95-65F6-43C4-87D8-F3D8D6914123}: DhcpNameServer = 69.169.190.211 208.72.160.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99934CF4-7A22-40A0-899A-D684F507105A}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB09BEB4-0DB7-45B4-8312-2F60BED851D6}: DhcpNameServer = 208.67.222.222 208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9D5DC4-3F91-4CB2-93DF-F380073CF7D6}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE598C3D-2A0E-4B49-94AF-BC91032D5B2B}: DhcpNameServer = 208.67.222.222 208.67.220.220

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 12:30:21 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/16 11:34:05 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe

[2012/09/16 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Desktop\ERUNT

[2012/09/15 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\Battlefield 3

[2012/09/15 08:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012/09/15 07:37:32 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Origin

[2012/09/15 07:37:31 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\Origin

[2012/09/15 07:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2012/09/15 07:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

[2012/09/15 07:33:57 | 016,910,992 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\Gabe\Desktop\OriginThinSetup.exe

[2012/09/15 07:32:30 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Desktop\Battlefield 3- Premium Edition

[2012/09/14 19:30:11 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[2012/09/14 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/09/14 15:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012/09/14 15:26:19 | 009,994,856 | ---- | C] (McAfee Inc.) -- C:\Users\Gabe\Desktop\stinger.exe

[2012/09/14 08:23:18 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\ArmA 2

[2012/09/13 21:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/09/13 21:22:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/09/13 21:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/09/13 21:10:40 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/09/13 21:10:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rndismpx.sys

[2012/09/13 21:10:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012/09/13 21:06:02 | 000,000,000 | ---D | C] -- C:\f1367e126a89152dbd33

[2012/09/13 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/09/13 20:31:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\ArmA 2 OA

[2012/09/13 20:31:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\ArmA 2

[2012/09/13 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios

[2012/09/12 14:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2012/09/12 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab

[2012/09/12 00:54:40 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/09/12 00:54:39 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/09/03 01:53:02 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\Amazon MP3

[2012/09/02 00:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{3FC66E2C-85B6-4398-82FB-C13C51DE9DD8}

[2012/09/01 03:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/09/01 03:11:39 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2012/09/01 03:11:39 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2012/09/01 03:11:39 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2012/09/01 03:11:39 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2012/09/01 03:11:39 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2012/09/01 03:11:39 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2012/09/01 03:11:39 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2012/09/01 03:11:39 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2012/09/01 03:11:39 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2012/09/01 03:11:39 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2012/09/01 03:11:38 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2012/09/01 03:11:38 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2012/09/01 03:11:38 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2012/09/01 02:40:58 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys

[2012/09/01 02:40:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\InstallShield

[2012/09/01 02:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2012/09/01 02:38:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda

[2012/09/01 02:36:17 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll

[2012/09/01 02:36:17 | 000,250,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys

[2012/09/01 02:36:16 | 000,422,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll

[2012/09/01 02:33:14 | 000,178,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IPROSetMonitor.exe

[2012/09/01 02:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2012/09/01 02:32:56 | 000,355,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe

[2012/09/01 02:19:15 | 000,342,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1k62x64.sys

[2012/09/01 02:19:15 | 000,098,496 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstK.dll

[2012/09/01 02:19:15 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1kmsg.dll

[2012/09/01 02:04:29 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\SlimWare Utilities Inc

[2012/09/01 02:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate

[2012/09/01 02:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate

[2012/09/01 02:04:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers

[2012/08/31 22:19:30 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/08/31 22:19:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/08/31 22:19:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/08/29 22:05:34 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\My Curse

[2012/08/29 22:05:28 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

[2012/08/28 10:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2012/08/24 15:39:12 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\{2E299EFB-46B7-442A-845F-11E4B795ED59}

[2012/08/19 20:24:19 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/08/19 20:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2010/01/17 00:24:36 | 1648,462,032 | ---- | C] (Macrovision Corporation ) -- C:\Program Files\MSSetupv80.exe

========== Files - Modified Within 30 Days ==========

[2012/09/16 11:50:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000UA.job

[2012/09/16 11:36:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/16 11:36:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/16 11:34:36 | 000,852,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/16 11:34:36 | 000,709,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/16 11:34:36 | 000,145,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/16 11:34:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe

[2012/09/16 11:29:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/16 11:28:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/16 11:28:48 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/16 10:16:00 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\defogger_reenable

[2012/09/16 10:11:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/16 10:10:50 | 000,050,477 | ---- | M] () -- C:\Users\Gabe\Desktop\Defogger.exe

[2012/09/16 08:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/15 18:03:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/09/15 18:03:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/15 18:03:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/09/15 16:46:36 | 000,302,219 | ---- | M] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

[2012/09/15 16:44:41 | 000,063,803 | ---- | M] () -- C:\Users\Gabe\Desktop\35058358.jpg

[2012/09/15 16:44:37 | 000,044,604 | ---- | M] () -- C:\Users\Gabe\Desktop\35058353.jpg

[2012/09/15 16:44:32 | 000,086,068 | ---- | M] () -- C:\Users\Gabe\Desktop\35058347.jpg

[2012/09/15 16:44:28 | 000,065,308 | ---- | M] () -- C:\Users\Gabe\Desktop\35058336.jpg

[2012/09/15 15:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000Core.job

[2012/09/15 08:30:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/09/15 08:19:23 | 003,878,360 | ---- | M] () -- C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

[2012/09/15 08:07:12 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012/09/15 07:35:16 | 000,003,000 | ---- | M] () -- C:\Windows\wininit.ini

[2012/09/15 07:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2012/09/15 07:34:35 | 016,910,992 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Gabe\Desktop\OriginThinSetup.exe

[2012/09/14 18:41:07 | 000,000,038 | RH-- | M] () -- C:\Users\Gabe\Desktop\stinger.opt

[2012/09/14 15:26:23 | 009,994,856 | ---- | M] (McAfee Inc.) -- C:\Users\Gabe\Desktop\stinger.exe

[2012/09/13 22:04:09 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/13 21:25:22 | 000,868,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/09/13 21:22:48 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/13 21:04:12 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/09/13 21:04:12 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/09/13 20:21:09 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk

[2012/09/13 18:58:02 | 000,000,224 | ---- | M] () -- C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

[2012/09/09 19:56:38 | 000,002,118 | ---- | M] () -- C:\Users\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.6 Beta 5.lnk

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/04 11:46:36 | 000,002,455 | ---- | M] () -- C:\Users\Gabe\Desktop\Google Chrome.lnk

[2012/09/01 02:04:24 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk

[2012/08/31 00:12:46 | 062,164,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[2012/08/30 08:52:25 | 002,441,049 | ---- | M] () -- C:\Users\Gabe\Desktop\2012BTS_PrintAd_6x9_M1.pdf

[2012/08/29 22:05:34 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2012/08/29 22:05:28 | 000,000,318 | ---- | M] () -- C:\Users\Gabe\Desktop\Curse Client.appref-ms

[2012/08/29 22:01:51 | 000,003,465 | -HS- | M] () -- C:\Windows\SysWow64\win_stlthdb_sys.dat

[2012/08/29 22:01:50 | 000,003,465 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat

[2012/08/29 22:01:46 | 000,000,700 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\systemFL7.dat

[2012/08/29 21:46:49 | 000,000,965 | ---- | M] () -- C:\Users\Gabe\Gabe - Shortcut.lnk

[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/08/28 10:59:23 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/08/28 10:52:52 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

[2012/08/27 19:26:50 | 000,001,906 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\win_fldb_sys.dat

[2012/08/27 19:26:50 | 000,001,386 | -HS- | M] () -- C:\Windows\SysWow64\win_fldb_sys.dat

[2012/08/22 12:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/08/22 12:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/08/21 13:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll

[2012/08/21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll

[2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/08/19 20:27:53 | 000,000,030 | ---- | M] () -- C:\Users\Gabe\AppData\Local\HackLogs.dat

========== Files Created - No Company Name ==========

[2012/09/16 10:16:00 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\defogger_reenable

[2012/09/16 10:10:52 | 000,050,477 | ---- | C] () -- C:\Users\Gabe\Desktop\Defogger.exe

[2012/09/15 16:46:36 | 000,302,219 | ---- | C] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

[2012/09/15 16:44:43 | 000,063,803 | ---- | C] () -- C:\Users\Gabe\Desktop\35058358.jpg

[2012/09/15 16:44:38 | 000,044,604 | ---- | C] () -- C:\Users\Gabe\Desktop\35058353.jpg

[2012/09/15 16:44:34 | 000,086,068 | ---- | C] () -- C:\Users\Gabe\Desktop\35058347.jpg

[2012/09/15 16:44:30 | 000,065,308 | ---- | C] () -- C:\Users\Gabe\Desktop\35058336.jpg

[2012/09/15 08:19:26 | 003,878,360 | ---- | C] () -- C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

[2012/09/15 08:07:12 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012/09/15 08:06:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/15 08:06:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/09/15 07:35:15 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2012/09/14 15:27:09 | 000,000,038 | RH-- | C] () -- C:\Users\Gabe\Desktop\stinger.opt

[2012/09/13 21:22:48 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/13 20:21:09 | 000,001,301 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk

[2012/09/13 18:58:02 | 000,000,224 | ---- | C] () -- C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

[2012/09/01 02:32:57 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din

[2012/09/01 02:19:15 | 000,003,143 | ---- | C] () -- C:\Windows\SysNative\e1k62x64.din

[2012/09/01 02:04:24 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk

[2012/08/30 08:52:24 | 002,441,049 | ---- | C] () -- C:\Users\Gabe\Desktop\2012BTS_PrintAd_6x9_M1.pdf

[2012/08/29 22:05:34 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2012/08/29 22:05:28 | 000,000,318 | ---- | C] () -- C:\Users\Gabe\Desktop\Curse Client.appref-ms

[2012/08/29 21:46:49 | 000,000,965 | ---- | C] () -- C:\Users\Gabe\Gabe - Shortcut.lnk

[2012/08/28 10:52:52 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

[2012/08/28 10:25:38 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/08/19 20:27:53 | 000,000,030 | ---- | C] () -- C:\Users\Gabe\AppData\Local\HackLogs.dat

[2012/08/14 19:24:27 | 000,000,620 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\settingsFL.dat

[2012/08/14 19:19:17 | 000,003,465 | -HS- | C] () -- C:\Windows\SysWow64\win_stlthdb_sys.dat

[2012/08/13 21:12:59 | 000,001,906 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\win_fldb_sys.dat

[2012/08/13 21:12:59 | 000,001,386 | -HS- | C] () -- C:\Windows\SysWow64\win_fldb_sys.dat

[2012/08/13 21:06:38 | 000,002,568 | -HS- | C] () -- C:\ProgramData\win_mpwd_sys.dat

[2012/08/13 21:06:03 | 000,003,465 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat

[2012/08/13 21:06:03 | 000,000,700 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\systemFL7.dat

[2012/08/13 21:05:43 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\WinFLAdrv.sys

[2012/08/13 21:05:42 | 000,197,648 | ---- | C] () -- C:\Windows\SysWow64\WinVDEdrv6.sys

[2012/08/13 21:05:18 | 000,014,024 | ---- | C] () -- C:\Windows\SysWow64\WinFLMsgService.exe

[2012/08/13 21:05:17 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nwsftUninstall.exe

[2012/08/01 23:12:30 | 000,007,603 | ---- | C] () -- C:\Users\Gabe\AppData\Local\Resmon.ResmonCfg

[2012/06/08 23:54:55 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini

[2012/06/08 19:01:28 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe

[2012/06/08 19:01:28 | 000,001,066 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/04/21 00:54:37 | 000,000,040 | ---- | C] () -- C:\Users\Gabe\jagex_cl_runescape_LIVE.dat

[2012/04/09 01:52:25 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll

[2012/04/09 01:52:25 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll

[2012/04/09 01:52:24 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2012/02/21 19:30:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/11/01 23:27:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/11/01 23:27:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/10/31 01:14:26 | 000,036,864 | ---- | C] () -- C:\Users\Gabe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/07 01:45:14 | 000,000,042 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\iPod Access Photo Prefs

[2011/10/07 01:44:02 | 000,000,011 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\iPodAccessPhoto_Time

[2011/09/26 19:07:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2011/09/01 20:17:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011/08/31 11:10:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010/12/23 13:30:39 | 000,868,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/11/21 09:05:57 | 000,000,219 | ---- | C] () -- C:\Windows\iepreview.ini

[2010/03/04 19:19:14 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\jagex__preferences3.dat

[2009/12/15 09:02:40 | 000,000,650 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\wklnhst.dat

[2009/12/03 08:34:02 | 000,000,632 | RHS- | C] () -- C:\Users\Gabe\ntuser.pol

[2009/11/28 19:46:12 | 000,000,117 | ---- | C] () -- C:\Users\Gabe\jagex_runescape_preferences2.dat

[2009/11/28 19:43:57 | 000,000,041 | ---- | C] () -- C:\Users\Gabe\jagex_runescape_preferences.dat

========== LOP Check ==========

[2012/09/09 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\.minecraft

[2012/09/13 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Amazon

[2012/09/02 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Audacity

[2011/10/07 01:14:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\BSD

[2012/08/20 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Canon

[2012/07/12 08:36:16 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\DAEMON Tools Lite

[2011/01/17 03:42:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\DriverCure

[2010/03/14 09:04:31 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\eMusic

[2011/01/30 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ijjigame

[2010/10/13 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\KeePass

[2011/10/04 00:27:15 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Leadertech

[2011/01/06 14:24:00 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\LolClient

[2012/06/14 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\LolClient2

[2010/02/14 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Opera

[2012/09/15 07:37:58 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Origin

[2011/01/17 03:42:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ParetoLogic

[2012/07/29 11:57:21 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Publish Providers

[2010/12/25 12:17:28 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\runic games

[2011/01/19 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\School Zone Preferences

[2011/10/31 01:14:26 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Solveig Multimedia

[2012/07/29 11:57:17 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Sony

[2012/06/28 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\SplitMediaLabs

[2009/12/05 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Stardock

[2012/09/12 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab

[2012/08/01 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TeamViewer

[2009/12/15 09:03:55 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Template

[2011/07/08 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico 3

[2011/06/29 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico 3 Demo

[2011/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico3

[2012/07/26 04:18:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TS3Client

[2012/02/12 05:36:02 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TuneUp Software

[2009/12/07 20:41:53 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tutor

[2010/12/23 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Uniblue

[2010/03/11 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Unity

[2012/09/13 22:01:05 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\uTorrent

[2010/11/23 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Windows Live Writer

[2011/06/02 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ZiggyTV

[2012/05/23 17:32:51 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 9/16/2012 11:43:16 AM - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Gabe\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.54% Memory free

15.98 Gb Paging File | 14.01 Gb Available in Paging File | 87.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 418.74 Gb Free Space | 45.69% Space Free | Partition Type: NTFS

Computer Name: AUSTIN | User Name: Gabe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

https [open] -- "C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe" -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04C040A3-6155-49B4-BEE5-B162F4CFAEB8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |

"{0969BD7E-D03C-4426-A9FD-A2AC7A2CC017}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{143317E5-0C0B-4786-96FF-DF14366621B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1E14B04A-1362-4FBD-9030-DED87035CEA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2106C174-DC53-4F22-A1EE-5A7CE086863B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{238315D8-5CCA-40A1-9EFA-A63C48104431}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{2A233DCC-CFDD-4DBB-BE38-FF889314DDB1}" = lport=139 | protocol=6 | dir=in | app=system |

"{2BA7741A-19D7-4EBB-A7F1-68C9E8906252}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{2ECD5ADD-B272-4D98-98B2-7DDC9FDB1EF4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{2EE92A94-6FBD-4614-9869-452D298DC6CC}" = lport=3390 | protocol=6 | dir=in | app=system |

"{2FE00AF6-E7E1-4D0B-8F48-1296FC67BA01}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{335A9CB4-6D2B-492F-B835-8E895FFE3204}" = rport=2869 | protocol=6 | dir=out | app=system |

"{3A442E4B-24C7-4631-B399-1AB2AA848817}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3C7D539D-CB23-4E73-ABD1-F5A7371AD74E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3EF0CBC0-3002-42F5-8334-1D5B4D0DC31A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{40A9325A-7E3F-4F8D-928F-FBC6153BDD05}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4DEB35B9-4CD3-44EB-8A94-EAD0B9236F77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{4ED49A28-5F64-443E-A8FD-F8A237617586}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{500A63A7-4190-42CF-9B3E-2CB3B8E6173D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{506A6BEB-AE57-4B07-8E1F-A5ADD16285AA}" = rport=445 | protocol=6 | dir=out | app=system |

"{52A29A33-AC6A-4A54-B38A-0FCD6E60CFB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{56C0D160-AD5A-4DB6-A1A4-4D04F7DC587F}" = lport=137 | protocol=17 | dir=in | app=system |

"{58126FA2-EF82-4489-969A-45D1D0202231}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{5A86BD9B-446B-4C41-8CA1-D036353837F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5BF3D399-5629-4FFC-9816-7FDD77B3A087}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{5D77FC71-C5AC-4A67-AFCC-4C64B668FA81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{60099793-3549-4200-93C5-96A7B3E068C8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{64DDAF5C-48A1-4FF6-9B4D-16DEB6B5D5E9}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |

"{66A4BDFD-9654-4EFB-BCFB-D83D0E55F3CB}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6C6A18FA-3EAC-4327-A4F2-66D7AEFEC128}" = rport=137 | protocol=17 | dir=out | app=system |

"{6CA57AB4-E7FB-48E4-9DAA-3062FA66F20D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6CE851B1-33DD-424E-85B7-273017E79375}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6EEE1E37-ABB4-43E3-BCC7-3EF5E818AF1E}" = lport=10244 | protocol=6 | dir=in | app=system |

"{7042382A-7EEC-43DF-9F60-8B952046598B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{719484F6-6178-44A8-BB3F-FADEB87C0C84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7920D849-AF6D-4DB7-B8AB-456745B5C047}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7D1BD266-08BB-42B7-8B35-7822921B3763}" = rport=10243 | protocol=6 | dir=out | app=system |

"{818EFD75-25A8-42E9-9388-1044A2E8916A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8640AB5C-704B-4B10-B4F4-DD995B739B4A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{87297657-74B5-49B2-A3C0-CBB54E9A94C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{88823938-F57D-450B-A9E1-E9E6CB81B03B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{9819B9AE-7C23-452C-86E4-E268FA4AD63F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{996AB946-E670-4DE6-B6EC-97F876DC839E}" = lport=53 | protocol=6 | dir=in | name=xbox |

"{9A4FF8D5-7259-40EF-A826-20DCC60A1CDF}" = lport=445 | protocol=6 | dir=in | app=system |

"{9D40C250-0F7F-4395-A2CF-F55B7708053D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{A54AE23C-1C01-4820-B914-DA45313653DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A746A6D5-3D8E-4E9C-8ADE-45A6FEEF77DB}" = lport=3390 | protocol=6 | dir=in | app=system |

"{AB71F573-8431-4A45-81A4-D71ADDAF404F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B032458E-FE53-4AE9-B20D-A15CC8FB5C53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B3EAF040-68B9-4DAB-90CC-EC50A2A6B9DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B60612CB-9DFC-417B-8A02-3D808170E791}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{B834C371-7F91-43FC-94C6-C31DFA710F1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B9821534-BEEC-424D-B8A9-7CFE9C4BA661}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BC753A0C-56BA-4299-9738-CC3CD25F4B98}" = lport=88 | protocol=17 | dir=in | name=xbox |

"{C30CD350-A799-46C7-BC34-2694A5A097F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C5A862BE-26BF-4CBC-BA20-5106514BC228}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CB8AD1BA-8116-4466-AFD7-B109E8950FF4}" = lport=80 | protocol=6 | dir=in | name=xbox |

"{D1B88A36-1A3C-4469-B0D0-B2EAE96D7DB9}" = lport=138 | protocol=17 | dir=in | app=system |

"{D1CC3E2A-CECD-41C0-8049-8FD26B5D3529}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D2CF3071-4ABB-42B5-A1DF-C5322EBF4C5F}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

"{D33A831A-682C-4091-9726-9D5983F7D13C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{D595E61A-6CA5-4527-80D7-FF20178C1C11}" = lport=53 | protocol=17 | dir=in | name=xbox |

"{D6A3D4C2-56FD-48D3-9BAD-5AA977D365BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D7B999DF-E15D-4F94-B871-CCF4454C2329}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D9606CD2-402A-4C11-9F3A-5242CDAB8643}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{E4AC2093-151C-4AA1-9C81-5C7B9B1A8973}" = rport=138 | protocol=17 | dir=out | app=system |

"{E56B1AEE-09A0-4AA9-A462-FEC4A4E6FD41}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{E848CF91-F0B3-49F0-A0C2-652328EE7A16}" = lport=3074 | protocol=6 | dir=in | name=xbox |

"{EE0F3F28-31E5-4594-8FFF-EA2E02997E2C}" = rport=139 | protocol=6 | dir=out | app=system |

"{EE242A3B-934B-45DC-AB7B-3923BD1ED6CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F2A66BD1-8329-44FC-AA76-4C2C06C014BA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{F7E26640-543C-4A5F-A3E8-C0CB1669983D}" = lport=49194 | protocol=6 | dir=in | name=akamai netsession interface |

"{F84DB62E-7411-415A-94DA-BC5D80F34EDC}" = lport=3074 | protocol=17 | dir=in | name=xbox |

"{F912922B-61CC-473F-B37D-B8996E11C8F9}" = lport=10244 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00BC28E7-85C9-41A2-BB67-18B4A7BE0963}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{00E7F2F9-7756-43CA-917A-3BCF218D2715}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{030CFC1B-9641-4C4B-82D2-15A7BC5E3004}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{056FD8BA-7CA9-4391-92CF-777DBDE809F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{06A0C1CB-05D2-4D36-B18A-B370DC6C175B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{07166C9A-0A83-48ED-BE31-19D9D0887BC2}" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"{07855779-D91F-46DC-99D4-BDA55CF34EFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{091A4580-EBBC-4DF9-B6EF-235D2A96E824}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{0A8A3B82-B669-40F5-AB22-303AF58E73A3}" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{0AB1B4BB-1077-407E-966C-0DDF70288350}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{0BD1B5BE-2887-49EE-B1D9-E9EB75FC2271}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{12B4EF22-A976-47D7-8978-2AFADEEE826F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1554A731-F9FE-4526-A020-A433C28FCABE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{15D60749-804D-47DC-BB89-A978085DCEA7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{1ADEE01A-A2B5-4B6A-9782-CB7E75D3C3CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |

"{1B6C01C6-132A-4002-A7E0-24E38BC85EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{1CE24A00-2FD1-49A0-B047-818BE64D8578}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{1ECC0E6B-6FF8-414A-A033-CBFA0DD75B52}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{1FD0014D-88E6-4BDB-B8C7-1325273A0D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |

"{202F609A-207F-4493-A6F4-310E9D5A1F55}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{20E59715-E916-4706-9A52-C4D5F9C13F3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{21B86A8F-DB77-451F-902C-148BAE57DC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{24B6F2BA-DB10-4F4A-8ABD-E693DD568622}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{258B8DAC-2674-470F-A9E0-C0927C4E07CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{261B9352-820A-4CCA-B840-F0AE2061AE71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |

"{27028A6C-D2C6-479C-89A9-CA6922C466A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |

"{2817AA6F-6F85-4BE8-BD8B-E3B533CF8E49}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{28F8C773-1978-4918-A4AB-000F0C9A25D2}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{2A0C5D4E-AF69-4189-8E9C-E33E4FB5EC83}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{2C15230B-E103-4579-946D-4275E549B6C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{2E2D577C-F7BB-4943-B44B-40B9582EFCAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{2F981986-0B08-48FE-826D-358B30CF36B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2FD6963F-6C85-497B-B506-76CD71084A38}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{30941C05-8983-4B68-BE7D-39780A772700}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"{35BAEDE2-517B-4A37-BCF0-9746514F5B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |

"{3612C5B1-F970-42E8-BA89-C7AE4C2540D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{362F2FDF-0F9C-4F15-A2ED-043741692467}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |

"{3654F1D9-44FC-4A00-87A7-56BB2523AD96}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{3796B015-FC06-4470-A978-497538411AEE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{37BA126B-8B87-4FF3-8D2D-23365DADB5E2}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{3AC1FAAA-9310-47AB-9E4F-F3B16A91789F}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |

"{3C20A7AE-B615-4DE9-8499-8CCD587115EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{3E02779D-3041-4618-8F74-A3DBA5DC5514}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{3FC699A1-C37B-411B-91EF-FD9E6E1FB3D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{3FDF4361-6232-4325-9DF5-413BDB905437}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{4000A869-75A3-499F-B28E-BF63703D97BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{407CFF3F-0E22-485C-8BA3-B1B0025BC1AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{4222DFA5-7DA7-4E2A-A6B3-6A3F3A35DDC6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |

"{425C99B7-ACE7-4AA2-BA22-3A42D982144D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |

"{4264D043-3516-4FE1-B168-3611263CD9D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{447D350B-6E30-40B0-8D26-367E85EF6E97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{456AB36E-8C31-4561-8EF4-7034E4955E4E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{467932E1-6EF8-4AFC-B8AD-442B4331B672}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"{47A87AA7-217D-46C9-B2A3-05C8CF349225}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{47D2E5E2-A85A-4C40-8D75-8967FD24F393}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{4A83657A-9DD2-45F9-824C-63BF05EF7D97}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{4B4A326A-4184-4DD9-9020-AC13F253832F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{4C5C0E8A-C634-48CB-AECE-88717ECF218E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{4CFCD7E8-BA3B-4D36-8EB0-E50269734CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |

"{5007F3E1-2060-48ED-BB07-29FEC6BC05CB}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{51253277-A019-494A-8606-4CF3A8903A00}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |

"{54211E11-A053-4942-9826-05AEEDD6296E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{567E40FC-7C8C-4E75-8384-28299924E3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5BDE5558-3649-4C13-942F-4602FFB48D75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe |

"{5CCBA6A8-FDB6-480C-9280-8095CC633BCC}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{6002DFF0-355E-4F55-9FE0-E3F581E25A85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |

"{600D9673-5D71-4E15-B026-A6CC5F20F40F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |

"{6210823C-5CAB-4C33-9902-B20C5D559210}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{6407B39B-DC1A-4697-983F-9ACB45FFDDF2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{65488676-58D1-4682-9BD7-0152FFE4DB80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{68D4C3A6-84FC-48AD-BDAB-134AA5BD5185}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{69212E99-2B68-4027-85DC-080CD10C726C}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{6A35B954-CAF0-4FED-8515-DBF63C05EA29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |

"{6D02E8F7-B68E-472F-A725-336D8A52A58E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{6E12E74E-CF26-4389-9FDC-CBB2C3A7F6C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6F549217-A7DE-4478-983D-6A702FEBE32E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{71A8062D-F0E2-423D-B7B1-5AC49DA82575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{74456BAA-FB60-4AF8-A1CA-0053692BC766}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{749D73BC-34C0-4168-9E49-F27EEDD262B7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{77168832-4036-47CB-8C20-84E8CC3A179E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{792B875E-9878-43C5-94EC-C3FD49E34BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |

"{798F9E71-9EAD-43D6-9BC5-6448E5252A23}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steam.exe |

"{7A97164A-F6DE-48CF-8E43-CF053D77AEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7B2A6FFA-4CDE-44D7-8618-F49AF0E937CB}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"{7E90BD7D-0DE4-45E4-AF41-7FA6689B855D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{8430E235-A6AA-433F-9BC4-994FB5A8A591}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{844BA6E9-B1E2-418D-9F4A-A9B86B4A0DFC}" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"{85895AB1-0EDA-40A3-9856-CA643253FA32}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{85F435D1-F274-4724-A3DD-481697EAD579}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{86118848-F7C1-4080-993A-86C463B3BDBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |

"{89CD63EE-07AE-4A2F-AE6F-867E9906AEF9}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{8AA91295-2FAB-4323-A0D1-E047F8B3F5BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{8D34FFBD-BE20-4A04-BAE2-8C292E1B2EC1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{8D368669-2ECE-4991-A6BF-614FC1A74C44}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steam.exe |

"{8E3710FD-94E6-491A-8283-DFFB0C91CEB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{8E43032E-23F9-48C1-B141-99502B347EBA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{8E6A0C52-8CA3-48EF-A929-A327DE5C7B1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9135CD43-A4CA-47BD-BD73-F3C6580CAAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{93D02334-A8C1-425D-AC3B-8237A0ECAE82}" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{94292D91-7DA3-4FDC-BBD8-662C148DB4EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{94B3188D-DC87-4381-9D6E-DDA7236887AC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{95C7EB0E-FFBD-41BE-98C3-10DE7D81FB45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{99515387-A7F5-401C-BB57-3B014979DD7D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{9AEAF9F7-EE0A-4920-9BD4-D2503D907A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{9B51C8D3-97E8-453E-AF78-C0F37246DBDA}" = dir=out | app=%systemroot%\syswow64\winflservice.exe |

"{A6B06FFF-DAC5-4C0D-9E00-63F42719DD18}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{A763870D-03C7-4F81-A14B-361AC80DF495}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A796CF65-C357-4D48-A810-F91F47A5F7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{A85A4971-A88C-4E3E-81A9-58B6F13A4478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A99D0A58-C882-4ECE-93D3-24539EEBBDB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{AABC709D-93CC-4F24-A169-40188A159324}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{AB4C0819-D195-4237-BE14-9084A4819CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{AD0380AB-6BE3-4C60-96F0-803B480046AC}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{ADBB7113-57D7-4A05-81D4-673B4D947E8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{ADF6E848-C6C8-4DFA-8E6D-653D99490780}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{AEB5EF1B-18AB-47C3-9D41-E4286BACD9D8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{B804A7C5-EE4C-48ED-9D53-F8681E8507FF}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{B9CED2AC-311F-4335-9B11-BEC03B02001B}" = dir=out | app=%systemroot%\syswow64\winflmsgservice.exe |

"{BC22F425-3B0A-414F-A7DD-1054E41A2DEB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{BC841860-9D4B-45D2-A91B-746CFBF07FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BCBEC383-62A9-48F8-BBD9-E6445F7E299D}" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\apps\2.0\620hohyo.wap\74rjzvnx.mtd\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\curseclient.exe |

"{C14B73B4-49A7-4ABB-80B8-5652234226F7}" = protocol=58 | dir=in | app=system |

"{C154E153-BEF5-4380-BAC8-0E1FBC0A9ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{C20A04BC-7E11-42EE-B312-8CB0E479B9C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{C2E33376-8A6F-4832-AB73-F00AB6E01F89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |

"{C2F764FF-63CF-45C4-BB5A-30565F395024}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C3C05766-1479-4ED6-A50E-0A471323A73F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C486C68C-E634-46AB-BEDB-B416C60F37FC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{C493119C-BD2C-496B-A12B-A3EB23267094}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe |

"{C4EEDBED-9F3B-4303-B1C1-D5B8135B0F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe |

"{C5A594E1-618D-4A59-AB9C-CE2F915B90BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{C72B4CAB-76DD-41DB-9B2D-C50914B8B54D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{C7786C0C-0873-461D-AFFE-06FC681F4F21}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{C9291B2A-8A37-4BF5-A9AD-F8698B25AB70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |

"{CAF50383-54B1-4B41-B72E-55628CAE2AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{D064FB3E-8157-4017-A44D-CFFB1D53DAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{D261DCBA-6DE4-40BD-87D8-E0FEE920CD31}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{D4CE6EB9-A584-4214-A3A2-B8BF00C68B22}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{D5F334FC-8ED6-4B67-AAEC-5FDD07085BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |

"{D6EF0D23-1F8A-485F-B1FF-A24962C92718}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |

"{D9BCF801-4B98-4E22-A531-43201C537DD4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{DA05962A-A244-47E2-B359-BB76B8CDAFB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe |

"{DACE10D7-351E-4FB0-A357-1B78A5647262}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{DD7DB2AF-BB60-49AA-ABEE-B91AF983E9E5}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2\arma2.exe |

"{DEA4F087-3088-4BFC-BF59-0411EAA6617D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{E0373812-D8E3-433B-8948-21C10B0407C6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{E1E205BF-EC7D-4ED9-90E8-BB2271464961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EA141209-8EFF-474E-B000-066F4D92D7F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{EA8331C2-AB81-410D-9194-C94983013130}" = dir=out | app=%systemroot%\syswow64\winfltray.exe |

"{EC04A8C4-D1BD-4B12-8408-08CDE8F4D603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{EC5D545F-29B4-40FC-AEE6-F495738F63B4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{EF69F213-5D58-4704-95BB-24B5682E19AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{EF9F6578-E3EC-4AF1-9966-BDF3D2174542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F2A9AC41-8823-47E3-9F5D-AB83C14863DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F3833E4F-C738-4B68-BD3A-93BBA2661857}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{F56039CC-1183-4286-A35F-01684C8070B9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{F57870A3-8F8B-4613-BE10-EC5BC31C81B3}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"{F68D02B8-625B-4652-966F-45C6CAA7D699}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F83C3D6A-36A7-4609-B6A3-E84D5B9EE326}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F8D3BEDC-5313-4D30-8023-E13FCCFB7041}" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\apps\2.0\620hohyo.wap\74rjzvnx.mtd\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\curseclient.exe |

"{F925D95E-7D88-4F48-9254-6E45C65986F5}" = protocol=6 | dir=out | app=system |

"{F9647595-1A13-4C85-8D80-582A687E2ABC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F99578C7-EF2E-4B90-BAA5-23FB56F48A5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{FBC1DEFB-217F-46F6-BFA1-60F56D5E21CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{FC095908-76CA-4441-8058-8216183B1EA5}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2\arma2.exe |

"{FE366548-E372-46A6-AFAA-DB532D8D210A}" = dir=out | app=%systemroot%\syswow64\winfltrayshred.exe |

"{FF6505FF-255B-4F63-8B68-84D70FBA6F58}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{FFAA0933-4C46-4F3E-BEDF-9F60EDDFEAC1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"TCP Query User{01BD2C2E-56DA-46E8-99CA-699C6A3AAF8C}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe |

"TCP Query User{07B0F7C0-617D-4E21-BF2D-A303222B98E9}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"TCP Query User{1011D357-C743-4BE7-B2EE-DBCB66D6C874}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{11C6BC33-172C-4B65-84A1-6CB8ADE7B23F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{2158F28F-2122-49DB-A990-A921CB794CFD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{21594557-C918-4B2C-8143-9213205A9473}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{2C06EDD3-C733-476B-A9A9-9F6A6A85E06F}C:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=6 | dir=in | app=c:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe |

"TCP Query User{3AFEA53A-53BC-4850-95C4-5F1BCC28FEBE}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{3D0EECAC-4126-4C5D-B5D8-D1465087E794}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{3F66B78E-36A8-4C8E-8D18-D29A9FC17A07}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"TCP Query User{4814C958-0525-4472-BFF5-DE8D31B59F99}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{5628C68A-4C81-4990-B79A-CA0CDFDBE610}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{59F516CC-B3EB-45D6-842D-9EB7C999A778}C:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe |

"TCP Query User{5D14B456-9833-4F09-A950-BBE9559991AC}C:\users\gabe\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{5EB65F59-119F-44B4-94AF-71908D217368}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"TCP Query User{67D5C9A4-0625-4FE9-81C9-A75F862C9287}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"TCP Query User{8A6FF8C9-0F4C-4A40-8FDE-1B3D9D18BB10}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"TCP Query User{A5F117E9-8907-4B60-9960-8D641C5F3951}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"TCP Query User{A9E7C889-F1D5-4985-9B9F-22E36F8B439C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{B03093A6-03FE-44BC-B497-7930B50C7888}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"TCP Query User{BA12181A-A869-4B1F-9863-8B783BDE114D}C:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe |

"TCP Query User{BC5EC2A8-7BB1-4F0F-B2C2-E524B2C4C7B1}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |

"TCP Query User{BD39D98E-6572-4BA8-B4FF-5B4B1EE039F3}C:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe |

"TCP Query User{C5E76E77-20AC-4EC8-B8D2-33BDF90DEB1C}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |

"TCP Query User{CD5ED0D8-1EFC-4CE2-A7FA-F247B9B65D6B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"TCP Query User{E129A982-AC50-4051-873F-1F91F0D7754B}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"TCP Query User{E6ACD6CC-18C8-4BA5-B713-C2C1E456F031}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"TCP Query User{EA9A3966-F195-4746-B028-202683B761C2}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"TCP Query User{ED305143-DADD-4F44-B133-05492777E93F}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe |

"TCP Query User{FC2BCB84-991F-48D0-9C23-5742FDBC544C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"TCP Query User{FF250840-FA96-4327-B37F-852E16350088}C:\users\gabe\desktop\gaming\cataclysm\launcher.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"UDP Query User{003B434D-4200-4144-8958-F6630D747A98}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"UDP Query User{025F146F-EFAD-40DE-9D69-EB827F4DF941}C:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe |

"UDP Query User{03A805D7-DD6E-45CE-AFD3-83776ABB0FC5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{0CA0BE7B-7DE3-4A0F-ABC8-A059B30BB453}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"UDP Query User{14ED6303-667A-4BF3-96A4-02F031698D84}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"UDP Query User{1CAA8084-3C08-4F16-BD10-36972350F4D9}C:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe |

"UDP Query User{1DA45922-6FB6-40F2-A463-A94E384E8571}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"UDP Query User{202D8FC6-B9A4-4E09-A245-9FACF4429BDA}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe |

"UDP Query User{2A2675F1-DC80-4EC7-8F9F-11BFA9331C7D}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"UDP Query User{2BCB18B8-DC0A-4A37-BC35-2E862CED28B0}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"UDP Query User{3E1A67A0-8117-4C2E-9345-E94EFE57FF1F}C:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe |

"UDP Query User{44C93AB9-E22C-4425-8E85-7FFDDA224DD2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{4AC8EB03-8876-4022-A8D7-D5932D276838}C:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=17 | dir=in | app=c:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe |

"UDP Query User{66087288-85E8-4CEB-8129-FDD8AB0BCD0A}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"UDP Query User{69F64547-B1C5-4804-BC7F-F8E6F3AAB7A0}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{6BEB3D0E-E3A0-42DD-8DBC-AF91622D6512}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"UDP Query User{772C1125-DB6A-4B24-A930-DAC8A217CCA3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{7BB284D8-9ED4-4079-B869-ADA604046FAF}C:\users\gabe\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{89DFB941-7711-4378-B89D-F8F4C90EF0C9}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"UDP Query User{A008CC2D-005E-4381-9C14-336DCB0EB565}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{AB9D87BA-BB49-4D8D-9E47-843920395630}C:\users\gabe\desktop\gaming\cataclysm\launcher.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"UDP Query User{B539D029-E071-42C4-B4BE-A038DABC4429}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{B5446DB0-5D06-43E2-9F5D-0BB6EECF8176}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |

"UDP Query User{B8A9F289-01BC-4928-A0E0-68AD4139024C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{BCFB21FC-8AB5-44A4-9B06-9C33F6898AD1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{C5F9E4E9-2881-4923-B371-9D3795330FA4}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe |

"UDP Query User{D579376E-4039-4604-9D7B-8A12BEB1F921}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"UDP Query User{E2A10C4F-7DF2-4E51-8565-FB0AF2105E90}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |

"UDP Query User{E753F8A1-3D48-4B6B-8C43-E2CAA1D56C39}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"UDP Query User{F95A1733-4FE3-4979-AF6A-5DCA2576F49B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit)

"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel® Network Connections 16.7.166.0

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"CCleaner" = CCleaner

"lvdrivers_12.10" = Logitech Webcam Software Driver Package

"Microsoft Security Client" = Microsoft Security Essentials

"PROSetDX" = Intel® Network Connections 16.7.166.0

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"UDK-ffdd5697-b106-4728-8506-cb5096730e1e" = Unreal Development Kit: 2011-10

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05891AC5-DC7A-4B6D-B144-FE0DB96B180A}" = DriverUpdate

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer

"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool

"{15C49338-59E5-472E-94F7-D5AE15EE23C9}" = XSplit

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 35

"{28507DEF-A8E9-4615-81C9-CBEEDD7623B5}" = GMI

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63B07463-2E1B-4B7F-AF79-4D4D3E98F03B}" = Sound Blaster X-Fi MB

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8543A572-5993-4101-BACC-C83884E183A4}" = One Touch Video Capture

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}" = TouchCopy 11

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8378408-72C8-4223-BE7E-9B461AEDF6B1}" = S4 League_EU

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser

"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4D34EBA-83D6-49E3-A6D6-6889C4A639A3}" = DayZ Commander

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Akamai" = Akamai NetSession Interface Service

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)

"AudibleDownloadManager" = Audible Download Manager

"Battlelog Web Plugins" = Battlelog Web Plugins

"BattlEye for A2" = BattlEye Uninstall

"BattlEye for OA" = BattlEye for OA Uninstall

"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4

"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cities XL 2011" = Cities XL 2011

"DivX Setup" = DivX Setup

"DynUpdater" = Dyn Updater

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ESN Sonar-0.70.0" = ESN Sonar

"ESN Sonar-0.70.4" = ESN Sonar

"Folder Lock" = Folder Lock

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"GOM Player" = GOM Player

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HyperCam 3" = HyperCam 3

"Identity Card" = Identity Card

"Impulse" = Impulse

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup

"JPG to PDF Converter" = JPG to PDF Converter 1.0

"KeePass Password Safe_is1" = KeePass Password Safe 1.18

"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"Picasa 3" = Picasa 3

"PunkBusterSvc" = PunkBuster Services

"RaidCall" = Raidcall

"SpywareBlaster_is1" = SpywareBlaster 4.5

"StarCraft II" = StarCraft II

"Steam App 33900" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"TeamViewer 7" = TeamViewer 7

"Wakfu" = Wakfu

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

"World of Warcraft Beta" = World of Warcraft Beta

"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"101a9f93b8f0bb6f" = Curse Client

"Akamai" = Akamai NetSession Interface

"Amazon Kindle For PC" = Amazon Kindle For PC v1.1

"Google Chrome" = Google Chrome

"Move Media Player" = Move Media Player

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/11/2011 9:14:23 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 276216

Error - 10/11/2011 9:14:23 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 276216

Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 277214

Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 277214

Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 278213

Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 278213

Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 279211

Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 279211

[ Media Center Events ]

Error - 5/19/2012 11:36:47 AM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:36:45 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/19/2012 11:01:19 PM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:01:19 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 11:18:55 AM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:18:50 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 11:47:22 PM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:47:22 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/21/2012 11:22:33 AM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:22:29 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/21/2012 11:47:18 PM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:47:18 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:53:11 AM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 3:53:11 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 11:21:17 AM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:21:16 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 11:31:16 PM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:31:16 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/23/2012 11:41:35 AM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:41:32 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

[ System Events ]

Error - 9/16/2012 11:41:57 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe

Active File Monitor V10 service to connect.

Error - 9/16/2012 11:43:43 AM | Computer Name = Austin | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:42:19 AM on ?9/?16/?2012 was unexpected.

Error - 9/16/2012 11:46:41 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe

Active File Monitor V10 service to connect.

Error - 9/16/2012 11:48:44 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7022

Description = The Background Intelligent Transfer Service service hung on starting.

Error - 9/16/2012 11:51:08 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft

.NET Framework NGEN v2.0.50727_X86 service to connect.

Error - 9/16/2012 11:52:04 AM | Computer Name = Austin | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft

.NET Framework NGEN v2.0.50727_X64 service to connect.

Error - 9/16/2012 12:00:51 PM | Computer Name = Austin | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:52:36 AM on ?9/?16/?2012 was unexpected.

Error - 9/16/2012 12:15:04 PM | Computer Name = Austin | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/16/2012 12:15:05 PM | Computer Name = Austin | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/16/2012 12:15:06 PM | Computer Name = Austin | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 4.5

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 35

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here
    or >> from here <<
    and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
    ( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Let me know after this is done. There's more to do (much more) to follow.

Link to post
Share on other sites

After you have got the latest Java :excl:

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :otl
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O4 - HKLM..\Run: []
    O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    :files
    C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com
    C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\conduitengine.xpi
    C:\Users\Gabe\AppData\Roaming\uTorrent
    C:\Program Files (x86)\uTorrent
    recycler /alldrives
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2

Have you used Uniblu or 'any' sort of registry "cleaner / tweaker / optimizer / or "whats'it" ??

Let me know which.

Registry "cleaners" can & do very often cause more trouble than they are worth.

3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

4

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

5

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

File not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

File "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED not found.

========== FILES ==========

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com folder moved successfully.

C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\conduitengine.xpi moved successfully.

C:\Users\Gabe\AppData\Roaming\uTorrent\ie folder moved successfully.

C:\Users\Gabe\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\Gabe\AppData\Roaming\uTorrent\apps folder moved successfully.

C:\Users\Gabe\AppData\Roaming\uTorrent folder moved successfully.

File\Folder C:\Program Files (x86)\uTorrent not found.

recycler not found in C:\

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Gabe

->Temp folder emptied: 317333305 bytes

->Temporary Internet Files folder emptied: 13390097 bytes

->Java cache emptied: 1 bytes

->FireFox cache emptied: 587760082 bytes

->Google Chrome cache emptied: 392171175 bytes

->Flash cache emptied: 14919 bytes

User: Mcx1-AUSTIN

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 136675011 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes

RecycleBin emptied: 311981062 bytes

Total Files Cleaned = 1,678.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Gabe

->Flash cache emptied: 0 bytes

User: Mcx1-AUSTIN

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gabe

->Java cache emptied: 0 bytes

User: Mcx1-AUSTIN

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.61.5 log created on 09162012_130704

Files\Folders moved on Reboot...

C:\Users\Gabe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\AdDisplayTrackerServletCA4K0J2U.htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\AdDisplayTrackerServletCACEJOZW.htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\dppix[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\d[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\hbpix[1].gif moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\meta[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\pixel[2].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\Pug[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\Pug[2].gif moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\Pug[3].gif moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\rt=ifr[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\syncuppixels[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\tap[2].gif moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWD62R4H\tpid=E0[1].gif moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\300x250iframeusav2[2].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\adtag[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\freq[3].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYSZGRS\pixel[1].gif moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\AdDisplayTrackerServlet[10].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\AdDisplayTrackerServlet[11].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\addons-v4[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\emily[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\freq[6].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ODM4VOR\pd[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\addons-tracker-v4[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\Artemis[1].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\Artemis[2].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\ddc[3].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\dppix[2].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\pd[3].htm moved successfully.

C:\Users\Gabe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UWX710F\syncuppixels[2].htm moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Rkill 2.3.15 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 01:21:43 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Gabe\AppData\Local\Apps\2.0\620HOHYO.WAP\74RJZVNX.MTD\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe (PID: 4608) [uP-HEUR]

* C:\Windows\system32\AMBSpiE.exe (PID: 4240) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/16/2012 01:21:59 PM

Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

Link to post
Share on other sites

13:27:07.0543 6600 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

13:27:07.0855 6600 ============================================================

13:27:07.0855 6600 Current date / time: 2012/09/16 13:27:07.0855

13:27:07.0855 6600 SystemInfo:

13:27:07.0855 6600

13:27:07.0855 6600 OS Version: 6.1.7601 ServicePack: 1.0

13:27:07.0855 6600 Product type: Workstation

13:27:07.0855 6600 ComputerName: AUSTIN

13:27:07.0855 6600 UserName: Gabe

13:27:07.0855 6600 Windows directory: C:\Windows

13:27:07.0855 6600 System windows directory: C:\Windows

13:27:07.0855 6600 Running under WOW64

13:27:07.0855 6600 Processor architecture: Intel x64

13:27:07.0855 6600 Number of processors: 4

13:27:07.0855 6600 Page size: 0x1000

13:27:07.0855 6600 Boot type: Normal boot

13:27:07.0855 6600 ============================================================

13:27:08.0185 6600 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:27:08.0187 6600 ============================================================

13:27:08.0187 6600 \Device\Harddisk0\DR0:

13:27:08.0187 6600 MBR partitions:

13:27:08.0188 6600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

13:27:08.0188 6600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x728D3800

13:27:08.0188 6600 ============================================================

13:27:08.0205 6600 C: <-> \Device\Harddisk0\DR0\Partition2

13:27:08.0206 6600 ============================================================

13:27:08.0206 6600 Initialize success

13:27:08.0206 6600 ============================================================

13:27:09.0293 5948 ============================================================

13:27:09.0293 5948 Scan started

13:27:09.0293 5948 Mode: Manual;

13:27:09.0293 5948 ============================================================

13:27:09.0814 5948 ================ Scan system memory ========================

13:27:09.0814 5948 System memory - ok

13:27:09.0816 5948 ================ Scan services =============================

13:27:09.0978 5948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

13:27:09.0981 5948 1394ohci - ok

13:27:10.0007 5948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

13:27:10.0010 5948 ACPI - ok

13:27:10.0038 5948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

13:27:10.0038 5948 AcpiPmi - ok

13:27:10.0138 5948 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

13:27:10.0141 5948 AdobeActiveFileMonitor10.0 - ok

13:27:10.0204 5948 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:27:10.0205 5948 AdobeARMservice - ok

13:27:10.0269 5948 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:27:10.0271 5948 AdobeFlashPlayerUpdateSvc - ok

13:27:10.0297 5948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

13:27:10.0302 5948 adp94xx - ok

13:27:10.0324 5948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

13:27:10.0327 5948 adpahci - ok

13:27:10.0351 5948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

13:27:10.0353 5948 adpu320 - ok

13:27:10.0402 5948 [ E005682AE8F8EC4EB05F2A70A16EA1C5 ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys

13:27:10.0412 5948 AE1000 - ok

13:27:10.0424 5948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:27:10.0425 5948 AeLookupSvc - ok

13:27:10.0462 5948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

13:27:10.0467 5948 AFD - ok

13:27:10.0495 5948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:27:10.0496 5948 agp440 - ok

13:27:10.0628 5948 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll

13:27:10.0628 5948 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76

13:27:10.0632 5948 Akamai ( HiddenFile.Multi.Generic ) - warning

13:27:10.0632 5948 Akamai - detected HiddenFile.Multi.Generic (1)

13:27:10.0639 5948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

13:27:10.0640 5948 ALG - ok

13:27:10.0655 5948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

13:27:10.0656 5948 aliide - ok

13:27:10.0663 5948 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

13:27:10.0663 5948 amdide - ok

13:27:10.0677 5948 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

13:27:10.0678 5948 AmdK8 - ok

13:27:10.0686 5948 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

13:27:10.0686 5948 AmdPPM - ok

13:27:10.0713 5948 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

13:27:10.0714 5948 amdsata - ok

13:27:10.0729 5948 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

13:27:10.0731 5948 amdsbs - ok

13:27:10.0746 5948 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

13:27:10.0747 5948 amdxata - ok

13:27:10.0778 5948 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

13:27:10.0779 5948 AppID - ok

13:27:10.0793 5948 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

13:27:10.0794 5948 AppIDSvc - ok

13:27:10.0824 5948 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

13:27:10.0825 5948 Appinfo - ok

13:27:10.0883 5948 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:27:10.0884 5948 Apple Mobile Device - ok

13:27:10.0921 5948 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

13:27:10.0922 5948 arc - ok

13:27:10.0932 5948 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

13:27:10.0934 5948 arcsas - ok

13:27:10.0962 5948 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:27:10.0963 5948 AsyncMac - ok

13:27:10.0979 5948 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

13:27:10.0980 5948 atapi - ok

13:27:11.0019 5948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:27:11.0025 5948 AudioEndpointBuilder - ok

13:27:11.0038 5948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

13:27:11.0043 5948 AudioSrv - ok

13:27:11.0084 5948 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

13:27:11.0086 5948 AxInstSV - ok

13:27:11.0106 5948 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

13:27:11.0110 5948 b06bdrv - ok

13:27:11.0128 5948 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

13:27:11.0131 5948 b57nd60a - ok

13:27:11.0153 5948 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

13:27:11.0155 5948 BDESVC - ok

13:27:11.0176 5948 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

13:27:11.0176 5948 Beep - ok

13:27:11.0223 5948 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

13:27:11.0230 5948 BFE - ok

13:27:11.0263 5948 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

13:27:11.0278 5948 BITS - ok

13:27:11.0300 5948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

13:27:11.0301 5948 blbdrive - ok

13:27:11.0366 5948 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:27:11.0370 5948 Bonjour Service - ok

13:27:11.0405 5948 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:27:11.0406 5948 bowser - ok

13:27:11.0423 5948 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:27:11.0423 5948 BrFiltLo - ok

13:27:11.0437 5948 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:27:11.0437 5948 BrFiltUp - ok

13:27:11.0459 5948 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

13:27:11.0461 5948 Browser - ok

13:27:11.0480 5948 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

13:27:11.0482 5948 Brserid - ok

13:27:11.0498 5948 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

13:27:11.0499 5948 BrSerWdm - ok

13:27:11.0515 5948 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

13:27:11.0515 5948 BrUsbMdm - ok

13:27:11.0527 5948 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

13:27:11.0528 5948 BrUsbSer - ok

13:27:11.0543 5948 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

13:27:11.0544 5948 BTHMODEM - ok

13:27:11.0574 5948 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

13:27:11.0575 5948 bthserv - ok

13:27:11.0584 5948 catchme - ok

13:27:11.0603 5948 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:27:11.0605 5948 cdfs - ok

13:27:11.0647 5948 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:27:11.0649 5948 cdrom - ok

13:27:11.0686 5948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

13:27:11.0688 5948 CertPropSvc - ok

13:27:11.0705 5948 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

13:27:11.0706 5948 circlass - ok

13:27:11.0727 5948 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

13:27:11.0731 5948 CLFS - ok

13:27:11.0782 5948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:27:11.0783 5948 clr_optimization_v2.0.50727_32 - ok

13:27:11.0813 5948 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:27:11.0815 5948 clr_optimization_v2.0.50727_64 - ok

13:27:11.0853 5948 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

13:27:11.0854 5948 clwvd - ok

13:27:11.0866 5948 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

13:27:11.0866 5948 CmBatt - ok

13:27:11.0880 5948 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:27:11.0881 5948 cmdide - ok

13:27:11.0923 5948 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

13:27:11.0928 5948 CNG - ok

13:27:11.0953 5948 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

13:27:11.0953 5948 Compbatt - ok

13:27:11.0969 5948 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

13:27:11.0970 5948 CompositeBus - ok

13:27:11.0988 5948 COMSysApp - ok

13:27:12.0007 5948 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

13:27:12.0008 5948 crcdisk - ok

13:27:12.0048 5948 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

13:27:12.0049 5948 Creative ALchemy AL6 Licensing Service - ok

13:27:12.0064 5948 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

13:27:12.0065 5948 Creative Audio Engine Licensing Service - ok

13:27:12.0100 5948 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:27:12.0104 5948 CryptSvc - ok

13:27:12.0145 5948 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

13:27:12.0148 5948 CTAudSvcService - ok

13:27:12.0192 5948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:27:12.0205 5948 DcomLaunch - ok

13:27:12.0227 5948 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

13:27:12.0232 5948 defragsvc - ok

13:27:12.0267 5948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:27:12.0269 5948 DfsC - ok

13:27:12.0334 5948 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

13:27:12.0335 5948 dg_ssudbus - ok

13:27:12.0369 5948 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

13:27:12.0372 5948 Dhcp - ok

13:27:12.0390 5948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

13:27:12.0390 5948 discache - ok

13:27:12.0408 5948 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

13:27:12.0409 5948 Disk - ok

13:27:12.0443 5948 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:27:12.0445 5948 Dnscache - ok

13:27:12.0479 5948 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

13:27:12.0484 5948 dot3svc - ok

13:27:12.0523 5948 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

13:27:12.0525 5948 Dot4 - ok

13:27:12.0568 5948 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys

13:27:12.0569 5948 Dot4Print - ok

13:27:12.0589 5948 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

13:27:12.0590 5948 dot4usb - ok

13:27:12.0606 5948 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

13:27:12.0610 5948 DPS - ok

13:27:12.0633 5948 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:27:12.0634 5948 drmkaud - ok

13:27:12.0637 5948 dump_wmimmc - ok

13:27:12.0680 5948 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:27:12.0689 5948 DXGKrnl - ok

13:27:12.0727 5948 [ C3CDC19B715514200F5CEC8BE5B9C9A8 ] Dyn Updater C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe

13:27:12.0728 5948 Dyn Updater - ok

13:27:12.0772 5948 [ BF3AF22106627DFF3EF7BAB133C969EA ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys

13:27:12.0774 5948 e1kexpress - ok

13:27:12.0793 5948 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

13:27:12.0795 5948 EapHost - ok

13:27:12.0853 5948 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

13:27:12.0871 5948 ebdrv - ok

13:27:12.0918 5948 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

13:27:12.0923 5948 EFS - ok

13:27:12.0960 5948 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:27:12.0964 5948 ehRecvr - ok

13:27:12.0981 5948 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

13:27:12.0982 5948 ehSched - ok

13:27:13.0021 5948 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

13:27:13.0024 5948 elxstor - ok

13:27:13.0047 5948 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

13:27:13.0048 5948 ErrDev - ok

13:27:13.0080 5948 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

13:27:13.0085 5948 EventSystem - ok

13:27:13.0104 5948 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

13:27:13.0106 5948 exfat - ok

13:27:13.0125 5948 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:27:13.0127 5948 fastfat - ok

13:27:13.0162 5948 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

13:27:13.0168 5948 Fax - ok

13:27:13.0179 5948 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

13:27:13.0180 5948 fdc - ok

13:27:13.0197 5948 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

13:27:13.0199 5948 fdPHost - ok

13:27:13.0208 5948 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

13:27:13.0210 5948 FDResPub - ok

13:27:13.0234 5948 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:27:13.0235 5948 FileInfo - ok

13:27:13.0249 5948 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:27:13.0249 5948 Filetrace - ok

13:27:13.0265 5948 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

13:27:13.0266 5948 flpydisk - ok

13:27:13.0313 5948 [ 258152071B78B9FDB8E24156B0140C80 ] FLService C:\Windows\SysWow64\WinFLService.exe

13:27:13.0322 5948 FLService - ok

13:27:13.0338 5948 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:27:13.0341 5948 FltMgr - ok

13:27:13.0398 5948 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

13:27:13.0411 5948 FontCache - ok

13:27:13.0449 5948 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:27:13.0450 5948 FontCache3.0.0.0 - ok

13:27:13.0468 5948 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

13:27:13.0470 5948 FsDepends - ok

13:27:13.0496 5948 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:27:13.0497 5948 Fs_Rec - ok

13:27:13.0520 5948 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

13:27:13.0522 5948 fvevol - ok

13:27:13.0539 5948 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

13:27:13.0540 5948 gagp30kx - ok

13:27:13.0586 5948 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:27:13.0587 5948 GEARAspiWDM - ok

13:27:13.0635 5948 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

13:27:13.0645 5948 gpsvc - ok

13:27:13.0707 5948 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

13:27:13.0717 5948 Greg_Service - ok

13:27:13.0799 5948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:27:13.0800 5948 gupdate - ok

13:27:13.0827 5948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:27:13.0828 5948 gupdatem - ok

13:27:13.0853 5948 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

13:27:13.0855 5948 gusvc - ok

13:27:13.0886 5948 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

13:27:13.0887 5948 hamachi - ok

13:27:13.0901 5948 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

13:27:13.0902 5948 hcw85cir - ok

13:27:13.0936 5948 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:27:13.0940 5948 HdAudAddService - ok

13:27:13.0967 5948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

13:27:13.0968 5948 HDAudBus - ok

13:27:13.0985 5948 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

13:27:13.0986 5948 HidBatt - ok

13:27:13.0999 5948 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

13:27:14.0001 5948 HidBth - ok

13:27:14.0019 5948 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

13:27:14.0020 5948 HidIr - ok

13:27:14.0047 5948 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

13:27:14.0051 5948 hidserv - ok

13:27:14.0063 5948 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:27:14.0064 5948 HidUsb - ok

13:27:14.0093 5948 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:27:14.0098 5948 hkmsvc - ok

13:27:14.0126 5948 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:27:14.0132 5948 HomeGroupListener - ok

13:27:14.0148 5948 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:27:14.0157 5948 HomeGroupProvider - ok

13:27:14.0170 5948 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

13:27:14.0172 5948 HpSAMD - ok

13:27:14.0224 5948 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:27:14.0231 5948 HTTP - ok

13:27:14.0259 5948 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

13:27:14.0260 5948 hwpolicy - ok

13:27:14.0298 5948 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

13:27:14.0299 5948 i8042prt - ok

13:27:14.0338 5948 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

13:27:14.0342 5948 iaStor - ok

13:27:14.0375 5948 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

13:27:14.0379 5948 iaStorV - ok

13:27:14.0425 5948 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:27:14.0432 5948 idsvc - ok

13:27:14.0472 5948 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

13:27:14.0473 5948 iirsp - ok

13:27:14.0498 5948 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

13:27:14.0509 5948 IKEEXT - ok

13:27:14.0580 5948 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

13:27:14.0599 5948 IntcAzAudAddService - ok

13:27:14.0647 5948 [ 2925C4051881E3308C53208836985479 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

13:27:14.0653 5948 Intel® PROSet Monitoring Service - ok

13:27:14.0669 5948 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

13:27:14.0670 5948 intelide - ok

13:27:14.0691 5948 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:27:14.0693 5948 intelppm - ok

13:27:14.0723 5948 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:27:14.0728 5948 IPBusEnum - ok

13:27:14.0742 5948 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:27:14.0744 5948 IpFilterDriver - ok

13:27:14.0765 5948 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:27:14.0773 5948 iphlpsvc - ok

13:27:14.0792 5948 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

13:27:14.0794 5948 IPMIDRV - ok

13:27:14.0822 5948 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

13:27:14.0824 5948 IPNAT - ok

13:27:14.0911 5948 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:27:14.0919 5948 iPod Service - ok

13:27:14.0943 5948 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:27:14.0944 5948 IRENUM - ok

13:27:14.0959 5948 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:27:14.0960 5948 isapnp - ok

13:27:14.0977 5948 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

13:27:14.0980 5948 iScsiPrt - ok

13:27:15.0007 5948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:27:15.0008 5948 kbdclass - ok

13:27:15.0020 5948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:27:15.0021 5948 kbdhid - ok

13:27:15.0032 5948 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

13:27:15.0037 5948 KeyIso - ok

13:27:15.0071 5948 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:27:15.0072 5948 KSecDD - ok

13:27:15.0084 5948 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

13:27:15.0086 5948 KSecPkg - ok

13:27:15.0094 5948 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

13:27:15.0095 5948 ksthunk - ok

13:27:15.0124 5948 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

13:27:15.0132 5948 KtmRm - ok

13:27:15.0167 5948 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

13:27:15.0177 5948 LanmanServer - ok

13:27:15.0217 5948 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:27:15.0228 5948 LanmanWorkstation - ok

13:27:15.0276 5948 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:27:15.0277 5948 lltdio - ok

13:27:15.0300 5948 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:27:15.0307 5948 lltdsvc - ok

13:27:15.0321 5948 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:27:15.0327 5948 lmhosts - ok

13:27:15.0347 5948 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

13:27:15.0349 5948 LSI_FC - ok

13:27:15.0366 5948 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

13:27:15.0368 5948 LSI_SAS - ok

13:27:15.0387 5948 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:27:15.0388 5948 LSI_SAS2 - ok

13:27:15.0404 5948 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:27:15.0406 5948 LSI_SCSI - ok

13:27:15.0419 5948 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

13:27:15.0421 5948 luafv - ok

13:27:15.0450 5948 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys

13:27:15.0451 5948 lvpepf64 - ok

13:27:15.0488 5948 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys

13:27:15.0490 5948 LVPr2M64 - ok

13:27:15.0497 5948 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys

13:27:15.0499 5948 LVPr2Mon - ok

13:27:15.0571 5948 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

13:27:15.0573 5948 LVPrcS64 - ok

13:27:15.0613 5948 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

13:27:15.0616 5948 LVRS64 - ok

13:27:15.0717 5948 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

13:27:15.0754 5948 LVUVC64 - ok

13:27:15.0786 5948 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

13:27:15.0787 5948 MBAMProtector - ok

13:27:15.0841 5948 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

13:27:15.0844 5948 MBAMScheduler - ok

13:27:15.0884 5948 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:27:15.0891 5948 MBAMService - ok

13:27:15.0929 5948 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:27:15.0933 5948 Mcx2Svc - ok

13:27:15.0949 5948 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

13:27:15.0950 5948 megasas - ok

13:27:15.0964 5948 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

13:27:15.0966 5948 MegaSR - ok

13:27:15.0991 5948 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

13:27:15.0995 5948 MMCSS - ok

13:27:16.0001 5948 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

13:27:16.0002 5948 Modem - ok

13:27:16.0021 5948 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:27:16.0022 5948 monitor - ok

13:27:16.0043 5948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:27:16.0044 5948 mouclass - ok

13:27:16.0059 5948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:27:16.0060 5948 mouhid - ok

13:27:16.0100 5948 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

13:27:16.0102 5948 mountmgr - ok

13:27:16.0145 5948 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:27:16.0146 5948 MozillaMaintenance - ok

13:27:16.0182 5948 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

13:27:16.0184 5948 MpFilter - ok

13:27:16.0210 5948 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

13:27:16.0212 5948 mpio - ok

13:27:16.0231 5948 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:27:16.0232 5948 mpsdrv - ok

13:27:16.0282 5948 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

13:27:16.0295 5948 MpsSvc - ok

13:27:16.0333 5948 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:27:16.0335 5948 MRxDAV - ok

13:27:16.0363 5948 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:27:16.0366 5948 mrxsmb - ok

13:27:16.0398 5948 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:27:16.0402 5948 mrxsmb10 - ok

13:27:16.0414 5948 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:27:16.0416 5948 mrxsmb20 - ok

13:27:16.0442 5948 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

13:27:16.0443 5948 msahci - ok

13:27:16.0470 5948 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:27:16.0472 5948 msdsm - ok

13:27:16.0486 5948 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

13:27:16.0493 5948 MSDTC - ok

13:27:16.0506 5948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:27:16.0507 5948 Msfs - ok

13:27:16.0516 5948 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

13:27:16.0517 5948 mshidkmdf - ok

13:27:16.0526 5948 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:27:16.0527 5948 msisadrv - ok

13:27:16.0554 5948 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:27:16.0557 5948 MSiSCSI - ok

13:27:16.0560 5948 msiserver - ok

13:27:16.0583 5948 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:27:16.0584 5948 MSKSSRV - ok

13:27:16.0643 5948 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

13:27:16.0644 5948 MsMpSvc - ok

13:27:16.0663 5948 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:27:16.0664 5948 MSPCLOCK - ok

13:27:16.0670 5948 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:27:16.0671 5948 MSPQM - ok

13:27:16.0701 5948 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:27:16.0704 5948 MsRPC - ok

13:27:16.0714 5948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

13:27:16.0715 5948 mssmbios - ok

13:27:16.0727 5948 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:27:16.0728 5948 MSTEE - ok

13:27:16.0740 5948 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

13:27:16.0741 5948 MTConfig - ok

13:27:16.0756 5948 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

13:27:16.0757 5948 Mup - ok

13:27:16.0772 5948 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

13:27:16.0780 5948 napagent - ok

13:27:16.0793 5948 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:27:16.0796 5948 NativeWifiP - ok

13:27:16.0848 5948 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:27:16.0857 5948 NDIS - ok

13:27:16.0889 5948 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

13:27:16.0890 5948 NdisCap - ok

13:27:16.0908 5948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:27:16.0909 5948 NdisTapi - ok

13:27:16.0958 5948 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:27:16.0959 5948 Ndisuio - ok

13:27:16.0992 5948 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:27:16.0995 5948 NdisWan - ok

13:27:17.0005 5948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:27:17.0006 5948 NDProxy - ok

13:27:17.0044 5948 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

13:27:17.0048 5948 Net Driver HPZ12 - ok

13:27:17.0062 5948 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:27:17.0063 5948 NetBIOS - ok

13:27:17.0077 5948 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

13:27:17.0080 5948 NetBT - ok

13:27:17.0085 5948 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

13:27:17.0091 5948 Netlogon - ok

13:27:17.0121 5948 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

13:27:17.0127 5948 Netman - ok

13:27:17.0165 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:27:17.0167 5948 NetMsmqActivator - ok

13:27:17.0173 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:27:17.0174 5948 NetPipeActivator - ok

13:27:17.0198 5948 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

13:27:17.0208 5948 netprofm - ok

13:27:17.0214 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:27:17.0215 5948 NetTcpActivator - ok

13:27:17.0222 5948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:27:17.0223 5948 NetTcpPortSharing - ok

13:27:17.0241 5948 [ 2D446F342467128EA389CF44EC79C2BA ] NEWDRIVER C:\Windows\SysWow64\WinVDEdrv6.sys

13:27:17.0247 5948 NEWDRIVER - ok

13:27:17.0262 5948 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

13:27:17.0262 5948 nfrd960 - ok

13:27:17.0283 5948 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:27:17.0285 5948 NisDrv - ok

13:27:17.0330 5948 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

13:27:17.0334 5948 NisSrv - ok

13:27:17.0361 5948 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:27:17.0367 5948 NlaSvc - ok

13:27:17.0372 5948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:27:17.0373 5948 Npfs - ok

13:27:17.0376 5948 npggsvc - ok

13:27:17.0380 5948 NPPTNT2 - ok

13:27:17.0388 5948 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

13:27:17.0392 5948 nsi - ok

13:27:17.0403 5948 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:27:17.0403 5948 nsiproxy - ok

13:27:17.0454 5948 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:27:17.0464 5948 Ntfs - ok

13:27:17.0514 5948 [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

13:27:17.0515 5948 NTI IScheduleSvc - ok

13:27:17.0526 5948 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys

13:27:17.0527 5948 NTIDrvr - ok

13:27:17.0539 5948 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

13:27:17.0540 5948 Null - ok

13:27:17.0809 5948 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:27:17.0866 5948 nvlddmkm - ok

13:27:17.0936 5948 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:27:17.0939 5948 nvraid - ok

13:27:17.0957 5948 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:27:17.0959 5948 nvstor - ok

13:27:18.0010 5948 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe

13:27:18.0025 5948 nvsvc - ok

13:27:18.0089 5948 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

13:27:18.0100 5948 nvUpdatusService - ok

13:27:18.0133 5948 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:27:18.0135 5948 nv_agp - ok

13:27:18.0204 5948 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:27:18.0208 5948 odserv - ok

13:27:18.0223 5948 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

13:27:18.0224 5948 ohci1394 - ok

13:27:18.0269 5948 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:27:18.0271 5948 ose - ok

13:27:18.0302 5948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

13:27:18.0312 5948 p2pimsvc - ok

13:27:18.0334 5948 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

13:27:18.0344 5948 p2psvc - ok

13:27:18.0369 5948 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

13:27:18.0371 5948 Parport - ok

13:27:18.0401 5948 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:27:18.0403 5948 partmgr - ok

13:27:18.0417 5948 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

13:27:18.0426 5948 PcaSvc - ok

13:27:18.0439 5948 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

13:27:18.0442 5948 pci - ok

13:27:18.0452 5948 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

13:27:18.0454 5948 pciide - ok

13:27:18.0470 5948 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

13:27:18.0473 5948 pcmcia - ok

13:27:18.0491 5948 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

13:27:18.0492 5948 pcw - ok

13:27:18.0514 5948 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:27:18.0521 5948 PEAUTH - ok

13:27:18.0542 5948 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

13:27:18.0549 5948 PerfHost - ok

13:27:18.0639 5948 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS

13:27:18.0663 5948 PID_PEPI - ok

13:27:18.0677 5948 pilzjtxd - ok

13:27:18.0718 5948 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

13:27:18.0728 5948 pla - ok

13:27:18.0766 5948 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:27:18.0774 5948 PlugPlay - ok

13:27:18.0806 5948 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

13:27:18.0809 5948 Pml Driver HPZ12 - ok

13:27:18.0838 5948 PnkBstrA - ok

13:27:18.0847 5948 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

13:27:18.0853 5948 PNRPAutoReg - ok

13:27:18.0867 5948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

13:27:18.0875 5948 PNRPsvc - ok

13:27:18.0893 5948 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:27:18.0900 5948 PolicyAgent - ok

13:27:18.0925 5948 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

13:27:18.0934 5948 Power - ok

13:27:18.0977 5948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:27:18.0978 5948 PptpMiniport - ok

13:27:19.0014 5948 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

13:27:19.0016 5948 Processor - ok

13:27:19.0044 5948 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

13:27:19.0054 5948 ProfSvc - ok

13:27:19.0061 5948 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

13:27:19.0066 5948 ProtectedStorage - ok

13:27:19.0101 5948 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

13:27:19.0103 5948 Psched - ok

13:27:19.0132 5948 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

13:27:19.0133 5948 PxHlpa64 - ok

13:27:19.0174 5948 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

13:27:19.0189 5948 ql2300 - ok

13:27:19.0195 5948 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

13:27:19.0198 5948 ql40xx - ok

13:27:19.0214 5948 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

13:27:19.0221 5948 QWAVE - ok

13:27:19.0234 5948 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:27:19.0235 5948 QWAVEdrv - ok

13:27:19.0288 5948 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll

13:27:19.0290 5948 RapiMgr - ok

13:27:19.0301 5948 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:27:19.0302 5948 RasAcd - ok

13:27:19.0321 5948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

13:27:19.0322 5948 RasAgileVpn - ok

13:27:19.0341 5948 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

13:27:19.0349 5948 RasAuto - ok

13:27:19.0360 5948 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:27:19.0362 5948 Rasl2tp - ok

13:27:19.0374 5948 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

13:27:19.0384 5948 RasMan - ok

13:27:19.0397 5948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:27:19.0399 5948 RasPppoe - ok

13:27:19.0406 5948 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:27:19.0408 5948 RasSstp - ok

13:27:19.0423 5948 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:27:19.0426 5948 rdbss - ok

13:27:19.0443 5948 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

13:27:19.0444 5948 rdpbus - ok

13:27:19.0461 5948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:27:19.0463 5948 RDPCDD - ok

13:27:19.0475 5948 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:27:19.0476 5948 RDPENCDD - ok

13:27:19.0483 5948 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

13:27:19.0484 5948 RDPREFMP - ok

13:27:19.0513 5948 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:27:19.0516 5948 RDPWD - ok

13:27:19.0554 5948 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

13:27:19.0557 5948 rdyboost - ok

13:27:19.0584 5948 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:27:19.0590 5948 RemoteAccess - ok

13:27:19.0605 5948 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:27:19.0613 5948 RemoteRegistry - ok

13:27:19.0622 5948 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

13:27:19.0630 5948 RpcEptMapper - ok

13:27:19.0640 5948 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

13:27:19.0645 5948 RpcLocator - ok

13:27:19.0674 5948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

13:27:19.0681 5948 RpcSs - ok

13:27:19.0691 5948 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:27:19.0692 5948 rspndr - ok

13:27:19.0737 5948 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

13:27:19.0739 5948 RSUSBSTOR - ok

13:27:19.0784 5948 [ 24510C4A77ABA3B07AEFA840DB888637 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys

13:27:19.0786 5948 RzSynapse - ok

13:27:19.0794 5948 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

13:27:19.0799 5948 SamSs - ok

13:27:19.0836 5948 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:27:19.0838 5948 sbp2port - ok

13:27:19.0857 5948 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:27:19.0867 5948 SCardSvr - ok

13:27:19.0890 5948 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

13:27:19.0892 5948 scfilter - ok

13:27:19.0936 5948 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

13:27:19.0952 5948 Schedule - ok

13:27:19.0985 5948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

13:27:19.0987 5948 SCPolicySvc - ok

13:27:20.0000 5948 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:27:20.0010 5948 SDRSVC - ok

13:27:20.0018 5948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:27:20.0019 5948 secdrv - ok

13:27:20.0024 5948 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

13:27:20.0032 5948 seclogon - ok

13:27:20.0057 5948 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

13:27:20.0066 5948 SENS - ok

13:27:20.0075 5948 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

13:27:20.0083 5948 SensrSvc - ok

13:27:20.0108 5948 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

13:27:20.0109 5948 Serenum - ok

13:27:20.0126 5948 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

13:27:20.0128 5948 Serial - ok

13:27:20.0144 5948 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

13:27:20.0146 5948 sermouse - ok

13:27:20.0182 5948 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

13:27:20.0191 5948 SessionEnv - ok

13:27:20.0222 5948 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

13:27:20.0223 5948 sffdisk - ok

13:27:20.0238 5948 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:27:20.0239 5948 sffp_mmc - ok

13:27:20.0254 5948 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

13:27:20.0255 5948 sffp_sd - ok

13:27:20.0266 5948 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

13:27:20.0268 5948 sfloppy - ok

13:27:20.0303 5948 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:27:20.0309 5948 SharedAccess - ok

13:27:20.0326 5948 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:27:20.0337 5948 ShellHWDetection - ok

13:27:20.0345 5948 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:27:20.0346 5948 SiSRaid2 - ok

13:27:20.0351 5948 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

13:27:20.0353 5948 SiSRaid4 - ok

13:27:20.0417 5948 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

13:27:20.0419 5948 SkypeUpdate - ok

13:27:20.0435 5948 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:27:20.0437 5948 Smb - ok

13:27:20.0453 5948 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:27:20.0462 5948 SNMPTRAP - ok

13:27:20.0470 5948 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

13:27:20.0472 5948 spldr - ok

13:27:20.0511 5948 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

13:27:20.0523 5948 Spooler - ok

13:27:20.0607 5948 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

13:27:20.0634 5948 sppsvc - ok

13:27:20.0662 5948 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

13:27:20.0666 5948 sppuinotify - ok

13:27:20.0708 5948 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

13:27:20.0713 5948 srv - ok

13:27:20.0732 5948 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:27:20.0735 5948 srv2 - ok

13:27:20.0748 5948 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:27:20.0750 5948 srvnet - ok

13:27:20.0771 5948 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:27:20.0779 5948 SSDPSRV - ok

13:27:20.0790 5948 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:27:20.0797 5948 SstpSvc - ok

13:27:20.0827 5948 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

13:27:20.0829 5948 ssudmdm - ok

13:27:20.0857 5948 Steam Client Service - ok

13:27:20.0916 5948 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:27:20.0920 5948 Stereo Service - ok

13:27:20.0942 5948 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

13:27:20.0944 5948 stexstor - ok

13:27:20.0984 5948 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

13:27:20.0999 5948 stisvc - ok

13:27:21.0037 5948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

13:27:21.0039 5948 swenum - ok

13:27:21.0060 5948 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

13:27:21.0074 5948 swprv - ok

13:27:21.0129 5948 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

13:27:21.0153 5948 SysMain - ok

13:27:21.0202 5948 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:27:21.0212 5948 TabletInputService - ok

13:27:21.0257 5948 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:27:21.0269 5948 TapiSrv - ok

13:27:21.0282 5948 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

13:27:21.0292 5948 TBS - ok

13:27:21.0352 5948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:27:21.0366 5948 Tcpip - ok

13:27:21.0412 5948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

13:27:21.0421 5948 TCPIP6 - ok

13:27:21.0458 5948 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:27:21.0459 5948 tcpipreg - ok

13:27:21.0478 5948 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:27:21.0479 5948 TDPIPE - ok

13:27:21.0500 5948 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:27:21.0501 5948 TDTCP - ok

13:27:21.0515 5948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:27:21.0516 5948 tdx - ok

13:27:21.0603 5948 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

13:27:21.0618 5948 TeamViewer7 - ok

13:27:21.0629 5948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

13:27:21.0630 5948 TermDD - ok

13:27:21.0652 5948 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

13:27:21.0659 5948 TermService - ok

13:27:21.0673 5948 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

13:27:21.0677 5948 Themes - ok

13:27:21.0688 5948 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

13:27:21.0691 5948 THREADORDER - ok

13:27:21.0710 5948 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

13:27:21.0715 5948 TrkWks - ok

13:27:21.0754 5948 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:27:21.0756 5948 TrustedInstaller - ok

13:27:21.0788 5948 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:27:21.0789 5948 tssecsrv - ok

13:27:21.0815 5948 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

13:27:21.0816 5948 TsUsbFlt - ok

13:27:21.0866 5948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:27:21.0867 5948 tunnel - ok

13:27:21.0901 5948 [ 7F8AD76415FB7476096FEF6B92D428CA ] U6000ALL C:\Windows\system32\DRIVERS\dmdcap.sys

13:27:21.0904 5948 U6000ALL - ok

13:27:21.0918 5948 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

13:27:21.0920 5948 uagp35 - ok

13:27:21.0933 5948 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

13:27:21.0934 5948 UBHelper - ok

13:27:21.0956 5948 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:27:21.0960 5948 udfs - ok

13:27:21.0981 5948 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:27:21.0990 5948 UI0Detect - ok

13:27:22.0032 5948 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:27:22.0033 5948 uliagpkx - ok

13:27:22.0049 5948 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:27:22.0051 5948 umbus - ok

13:27:22.0068 5948 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

13:27:22.0069 5948 UmPass - ok

13:27:22.0138 5948 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

13:27:22.0141 5948 UMVPFSrv - ok

13:27:22.0206 5948 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

13:27:22.0208 5948 Updater Service - ok

13:27:22.0226 5948 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

13:27:22.0237 5948 upnphost - ok

13:27:22.0277 5948 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

13:27:22.0279 5948 USBAAPL64 - ok

13:27:22.0313 5948 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

13:27:22.0315 5948 usbaudio - ok

13:27:22.0341 5948 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:27:22.0343 5948 usbccgp - ok

13:27:22.0358 5948 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:27:22.0360 5948 usbcir - ok

13:27:22.0374 5948 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

13:27:22.0375 5948 usbehci - ok

13:27:22.0393 5948 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:27:22.0397 5948 usbhub - ok

13:27:22.0409 5948 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

13:27:22.0410 5948 usbohci - ok

13:27:22.0447 5948 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:27:22.0449 5948 usbprint - ok

13:27:22.0481 5948 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

13:27:22.0483 5948 usbscan - ok

13:27:22.0491 5948 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:27:22.0493 5948 USBSTOR - ok

13:27:22.0508 5948 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

13:27:22.0509 5948 usbuhci - ok

13:27:22.0546 5948 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

13:27:22.0549 5948 usbvideo - ok

13:27:22.0595 5948 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys

13:27:22.0597 5948 usb_rndisx - ok

13:27:22.0621 5948 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

13:27:22.0631 5948 UxSms - ok

13:27:22.0639 5948 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

13:27:22.0645 5948 VaultSvc - ok

13:27:22.0667 5948 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

13:27:22.0668 5948 vdrvroot - ok

13:27:22.0701 5948 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

13:27:22.0716 5948 vds - ok

13:27:22.0745 5948 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:27:22.0747 5948 vga - ok

13:27:22.0782 5948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

13:27:22.0784 5948 VgaSave - ok

13:27:22.0799 5948 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

13:27:22.0802 5948 vhdmp - ok

13:27:22.0815 5948 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

13:27:22.0817 5948 viaide - ok

13:27:22.0833 5948 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:27:22.0835 5948 volmgr - ok

13:27:22.0870 5948 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:27:22.0875 5948 volmgrx - ok

13:27:22.0893 5948 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:27:22.0897 5948 volsnap - ok

13:27:22.0917 5948 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

13:27:22.0920 5948 vsmraid - ok

13:27:22.0979 5948 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

13:27:23.0003 5948 VSS - ok

13:27:23.0018 5948 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

13:27:23.0019 5948 vwifibus - ok

13:27:23.0040 5948 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

13:27:23.0041 5948 vwififlt - ok

13:27:23.0059 5948 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

13:27:23.0061 5948 vwifimp - ok

13:27:23.0092 5948 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

13:27:23.0104 5948 W32Time - ok

13:27:23.0111 5948 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

13:27:23.0113 5948 WacomPen - ok

13:27:23.0135 5948 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

13:27:23.0137 5948 WANARP - ok

13:27:23.0142 5948 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:27:23.0144 5948 Wanarpv6 - ok

13:27:23.0195 5948 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

13:27:23.0205 5948 WatAdminSvc - ok

13:27:23.0262 5948 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

13:27:23.0283 5948 wbengine - ok

13:27:23.0306 5948 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

13:27:23.0311 5948 WbioSrvc - ok

13:27:23.0351 5948 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll

13:27:23.0355 5948 WcesComm - ok

13:27:23.0372 5948 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:27:23.0382 5948 wcncsvc - ok

13:27:23.0397 5948 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:27:23.0406 5948 WcsPlugInService - ok

13:27:23.0410 5948 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

13:27:23.0411 5948 Wd - ok

13:27:23.0435 5948 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:27:23.0441 5948 Wdf01000 - ok

13:27:23.0452 5948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:27:23.0460 5948 WdiServiceHost - ok

13:27:23.0465 5948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:27:23.0474 5948 WdiSystemHost - ok

13:27:23.0516 5948 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

13:27:23.0526 5948 WebClient - ok

13:27:23.0539 5948 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:27:23.0549 5948 Wecsvc - ok

13:27:23.0554 5948 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:27:23.0559 5948 wercplsupport - ok

13:27:23.0566 5948 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

13:27:23.0571 5948 WerSvc - ok

13:27:23.0585 5948 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

13:27:23.0586 5948 WfpLwf - ok

13:27:23.0600 5948 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

13:27:23.0601 5948 WIMMount - ok

13:27:23.0621 5948 WinDefend - ok

13:27:23.0719 5948 [ 32140C0E7EE19ABB2ACEA0085B75AFA6 ] WinFLAdrv C:\Windows\syswow64\WinFLAdrv.sys

13:27:23.0724 5948 WinFLAdrv - ok

13:27:23.0726 5948 WinHttpAutoProxySvc - ok

13:27:23.0762 5948 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:27:23.0764 5948 Winmgmt - ok

13:27:23.0817 5948 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

13:27:23.0831 5948 WinRM - ok

13:27:23.0878 5948 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

13:27:23.0879 5948 WinUsb - ok

13:27:23.0902 5948 [ 3CC985A4E7D90F5B6D9FF1FD5CD486D7 ] WinVDEDrv C:\Windows\SysWow64\WinVDEdrv.sys

13:27:23.0907 5948 WinVDEDrv - ok

13:27:23.0924 5948 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

13:27:23.0933 5948 Wlansvc - ok

13:27:24.0041 5948 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:27:24.0061 5948 wlidsvc - ok

13:27:24.0095 5948 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

13:27:24.0097 5948 WmiAcpi - ok

13:27:24.0115 5948 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:27:24.0118 5948 wmiApSrv - ok

13:27:24.0141 5948 WMPNetworkSvc - ok

13:27:24.0152 5948 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:27:24.0161 5948 WPCSvc - ok

13:27:24.0186 5948 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:27:24.0195 5948 WPDBusEnum - ok

13:27:24.0216 5948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:27:24.0218 5948 ws2ifsl - ok

13:27:24.0232 5948 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

13:27:24.0241 5948 wscsvc - ok

13:27:24.0245 5948 WSearch - ok

13:27:24.0307 5948 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

13:27:24.0334 5948 wuauserv - ok

13:27:24.0374 5948 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

13:27:24.0376 5948 WudfPf - ok

13:27:24.0392 5948 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:27:24.0395 5948 WUDFRd - ok

13:27:24.0437 5948 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:27:24.0447 5948 wudfsvc - ok

13:27:24.0468 5948 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

13:27:24.0479 5948 WwanSvc - ok

13:27:24.0555 5948 X6va003 - ok

13:27:24.0574 5948 xylmutwv - ok

13:27:24.0628 5948 ================ Scan global ===============================

13:27:24.0642 5948 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

13:27:24.0684 5948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

13:27:24.0692 5948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

13:27:24.0713 5948 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

13:27:24.0734 5948 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

13:27:24.0739 5948 [Global] - ok

13:27:24.0739 5948 ================ Scan MBR ==================================

13:27:24.0750 5948 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

13:27:24.0903 5948 \Device\Harddisk0\DR0 - ok

13:27:24.0903 5948 ================ Scan VBR ==================================

13:27:24.0906 5948 [ DED2A6C0B20A1D81950B4CFF48804D24 ] \Device\Harddisk0\DR0\Partition1

13:27:24.0909 5948 \Device\Harddisk0\DR0\Partition1 - ok

13:27:24.0931 5948 [ 1680E25D52DD18122F9911D5AD3FBD36 ] \Device\Harddisk0\DR0\Partition2

13:27:24.0933 5948 \Device\Harddisk0\DR0\Partition2 - ok

13:27:24.0933 5948 ============================================================

13:27:24.0933 5948 Scan finished

13:27:24.0933 5948 ============================================================

13:27:24.0945 3216 Detected object count: 1

13:27:24.0945 3216 Actual detected object count: 1

13:27:30.0106 3216 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

13:27:30.0106 3216 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Farbar Service Scanner Version: 06-08-2012

Ran by Gabe (administrator) on 16-09-2012 at 13:29:10

Running from "C:\Users\Gabe\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-09-12 00:54] - [2012-08-22 12:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Use your Internet Explorer browser to go here at Virustotal website

Click the Choose File button and then navigate to

C:\Users\Gabe\AppData\Local\Apps\2.0\620HOHYO.WAP\74RJZVNX.MTD\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe,

then click the Scan it button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for C:\Windows\system32\AMBSpiE.exe

Save the results, and post back here in a reply.

==

Use your Internet Explorer browser to go here at VirSCAN.org website

Click the Browse button and then navigate to

C:\Users\Gabe\AppData\Local\Apps\2.0\620HOHYO.WAP\74RJZVNX.MTD\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe, then click the Upload button.

Save the results, and post back here in a reply.

Repeat the same steps for C:\Windows\system32\AMBSpiE.exe

Save the results, and post back here in a reply.

NEXT

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

SHA256: 52f895b540ca266dfc1e415f3c4eaa15c3b6499d5866969ed46524a2af005b9f SHA1: 5c17e6ac9b787965fb41035f8771bfc0283518d6 MD5: 7b07f26ab215a6fbb47d54f49a067e73 File size: 1.8 MB ( 1908736 bytes ) File name: CurseClient.exe File type: Win32 EXE Detection ratio: 0 / 32 Analysis date: 2012-09-16 23:07:24 UTC ( 1 minute ago )

( Is that the right info? ) also the AMBSpiE.exe does not show up on the website

Link to post
Share on other sites

VirSCAN.org Scanned Report :

Scanned time : 2012/09/16 17:31:03 (MDT)

Scanner results: Scanners did not find malware!

File Name : CurseClient.exe

File Size : 1908736 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono

MD5 : 7b07f26ab215a6fbb47d54f49a067e73

SHA1 : 5c17e6ac9b787965fb41035f8771bfc0283518d6

Online report : http://r.virscan.org/82af1a376600083edf570e7c9d632380

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 5.1.0.4 20120917034326 2012-09-17 11.82 -

AhnLab V3 2012.09.17.00 2012.09.17 2012-09-17 3.89 -

AntiVir 8.2.10.150 7.11.41.132 2012-09-01 0.18 -

Antiy 2.0.18 2.0.18. 0002-18-00 0.37 -

Arcavir 2011 201206041805 2012-06-04 1.57 -

Authentium 5.1.1 201209090949 2012-09-09 1.59 -

AVAST! 4.7.4 120914-0 2012-09-14 0.54 -

AVG 12.0.1787 2437/5271 2012-09-16 0.28 -

BitDefender 7.90123.7545672 7.43465 2012-09-17 4.23 -

ClamAV 0.97.5 15363 2012-09-17 0.56 -

Comodo 5.1 13570 2012-09-16 2.29 -

CP Secure 1.3.0.5 2012.09.15 2012-09-15 0.51 -

Dr.Web 7.0.3.7130 2012.09.17 2012-09-17 13.18 -

F-Prot 4.6.2.117 20120916 2012-09-16 1.03 -

F-Secure 7.02.73807 2012.09.16.07 2012-09-16 2.37 -

Fortinet 4.3.392 16.403 2012-09-14 0.14 -

GData 22.6127 20120917 2012-09-17 6.66 -

ViRobot 20120915 2012.09.15 2012-09-15 0.38 -

Ikarus T3.1.32.20.0 2012.09.16.82281 2012-09-16 6.71 -

JiangMin 13.0.900 2012.09.16 2012-09-16 2.37 -

Kaspersky 5.5.10 2012.09.16 2012-09-16 0.30 -

KingSoft 2009.2.5.15 2012.9.16.9 2012-09-16 0.91 -

McAfee 5400.1158 6837 2012-09-16 8.73 -

Microsoft 1.8704 2012.09.16 2012-09-16 3.77 -

NOD32 3.0.21 7484 2012-09-16 0.33 -

Norman 6.8.3 201208311030 2012-08-31 0.00 -

Panda 9.05.01 2012.09.16 2012-09-16 3.15 -

Trend Micro 9.500-1005 9.399.00 2012-09-16 0.20 -

Quick Heal 11.00 2012.09.16 2012-09-16 1.49 -

Rising 20.0 24.27.04.01 2012-09-14 2.71 -

Sophos 3.34.0 4.80 2012-09-17 5.32 -

Sunbelt 3.9.2545.2 13098 2012-09-16 1.02 -

Symantec 1.3.0.24 20120915.008 2012-09-15 0.63 -

nProtect 20120916.01 11985184 2012-09-16 1.39 -

The Hacker 6.8.0.0 v00095 2012-09-14 0.71 -

VBA32 3.12.18.1 20120914.1041 2012-09-14 3.72 -

VirusBuster 5.5.2.13 15.0.191.0/97881902012-09-16 0.19 -

Link to post
Share on other sites

SHA256: 52f895b540ca266dfc1e415f3c4eaa15c3b6499d5866969ed46524a2af005b9f SHA1: 5c17e6ac9b787965fb41035f8771bfc0283518d6 MD5: 7b07f26ab215a6fbb47d54f49a067e73 File size: 1.8 MB ( 1908736 bytes ) File name: CurseClient.exe File type: Win32 EXE Detection ratio: 0 / 32 Analysis date: 2012-09-16 23:07:24 UTC ( 1 minute ago 0

More details

Antivirus Result Update AhnLab-V3 - 20120916 AntiVir - 20120916 Antiy-AVL - 20120911 AVG - 20120916 ByteHero - 20120910 CAT-QuickHeal - 20120916 ClamAV - 20120916 Commtouch - 20120916 DrWeb - 20120917 ESET-NOD32 - 20120916 F-Prot - 20120916 F-Secure - 20120916 Fortinet - 20120830 Ikarus - 20120916 Jiangmin - 20120916 K7AntiVirus - 20120915 Kaspersky - 20120917 McAfee - 20120917 McAfee-GW-Edition - 20120916 Norman - 20120915 Panda - 20120916 PCTools - 20120916 Rising - 20120914 SUPERAntiSpyware - 20120911 TheHacker - 20120915 TotalDefense - 20120916 TrendMicro - 20120917 TrendMicro-HouseCall - 20120916 VBA32 - 20120914 VIPRE - 20120917 ViRobot - 20120916 VirusBuster - 20120916

First site again more info

Link to post
Share on other sites

Download, & save & then run the MS Safety scanner

http://www.microsoft...us/default.aspx

Let me know the result.

2

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

3

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft...&displaylang=en

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Now, then, How is the system now ?

Link to post
Share on other sites

--------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.11, August 2012

Started On Thu Aug 16 03:01:36 2012

->Scan ERROR: resource process://pid:5368 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:5504 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:6688 (code 0x00000490 (1168))

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 03:06:46 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012

Started On Wed Sep 12 03:00:31 2012

->Scan ERROR: resource process://pid:852 (code 0x00000005 (5))

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 03:03:24 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012

Started On Tue Sep 18 06:11:40 2012

->Scan ERROR: resource process://pid:1856 (code 0x00000005 (5))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012

Started On Tue Sep 18 09:18:40 2012

->Scan ERROR: resource process://pid:6200 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:4032 (code 0x00000490 (1168))

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 18 09:52:37 2012

Return code: 0 (0x0)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.