CLR Error 80004005 won't go away

boombaby16 · September 14, 2012

I started getting help in PC Help but turns out my computer is infected here is the link to the other forum-

http://forums.malwarebytes.org/index.php?showtopic=115818

Maurice Naggar · September 16, 2012

Hello boombaby16.

You must first uninstall uTorrent along with any other peer-to-peer app. That is forum policy and I need for you to confirm you have done that before we get going further.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-prams:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Reply back when that is done.

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 4

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited September 16, 2012 by Maurice Naggar

boombaby16 · September 16, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03

Ran by SYSTEM at 16-09-2012 10:30:31

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)

HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2779024 2011-03-14] (CANON INC.)

HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-08-12] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-07-07] (Creative Technology Ltd)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)

HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1611160 2011-03-28] (CANON INC.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()

HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()

HKU\Gabe\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKU\Gabe\...\Run: [Akamai NetSession Interface] "C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)

HKU\Gabe\...\Run: [Google Update] "C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-26] (Google Inc.)

HKU\Gabe\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKU\Gabe\...\Run: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe [321736 2012-08-14] ( New Softwares.net)

HKU\Gabe\...\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2012-08-14] (New Softwares.net)

HKU\Gabe\...\Run: [steam] "C:\Program Files (x86)\newsteam\steam.exe" -silent [1353080 2012-09-13] (Valve Corporation)

HKU\Gabe\...\Policies\system: [LogonHoursAction] 2

HKU\Gabe\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mcx1-AUSTIN\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)

HKU\UpdatusUser\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()

Tcpip\Parameters: [DhcpNameServer] 69.169.190.211 208.72.160.67

Tcpip\..\Interfaces\{6BC084C6-73F6-4A18-AC61-EB4D9553E781}: [NameServer]192.168.1.1

Startup: C:\Users\Gabe\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Gabe\Start Menu\Programs\Startup\ts3server_win64.exe (TeamSpeak Systems GmbH)

==================== Services (Whitelisted) ===================

2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)

4 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)

2 FLService; C:\Windows\SysWow64\WinFLService.exe [91336 2012-08-14] (New Softwares.net)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-15] ()

==================== Drivers (Whitelisted) =====================

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-01-19] (Ralink Technology Corp.)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)

2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2012-08-13] ()

3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)

3 U6000ALL; C:\Windows\System32\DRIVERS\dmdcap.sys [276480 2007-06-08] ()

1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2012-08-14] ()

2 WinVDEDrv; \??\C:\Windows\SysWow64\WinVDEdrv.sys [225680 2012-08-13] (NewSoftwares.net, Inc.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 dump_wmimmc; \??\C:\Program Files (x86)\CABAL Online (NA - Global)\GameGuard\dump_wmimmc.sys [x]

3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

1 pilzjtxd; \??\C:\Windows\system32\drivers\pilzjtxd.sys [x]

3 X6va003; \??\C:\Users\Gabe\AppData\Local\Temp\0036C13.tmp [x]

1 xylmutwv; \??\C:\Windows\system32\drivers\xylmutwv.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-16 08:16 - 2012-09-16 08:16 - 00000470 ____A C:\Users\Gabe\Desktop\defogger_disable.log

2012-09-16 08:16 - 2012-09-16 08:16 - 00000000 ____A C:\Users\Gabe\defogger_reenable

2012-09-16 08:13 - 2012-09-16 08:15 - 00000000 ____D C:\Users\Gabe\Desktop\ERUNT

2012-09-16 08:10 - 2012-09-16 08:10 - 00050477 ____A C:\Users\Gabe\Desktop\Defogger.exe

2012-09-15 14:46 - 2012-09-15 14:46 - 00302219 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

2012-09-15 06:22 - 2012-09-15 06:23 - 00000000 ____D C:\Users\Gabe\Documents\Battlefield 3

2012-09-15 06:19 - 2012-09-15 06:19 - 03878360 ____A C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

2012-09-15 06:07 - 2012-09-15 06:07 - 00001141 ____A C:\Users\Public\Desktop\Battlefield 3.lnk

2012-09-15 06:06 - 2012-09-15 16:03 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-09-15 06:06 - 2012-09-15 06:30 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-09-15 05:37 - 2012-09-15 06:17 - 00000000 ____D C:\Users\Gabe\AppData\Local\Origin

2012-09-15 05:37 - 2012-09-15 05:37 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Origin

2012-09-15 05:35 - 2012-09-15 05:39 - 00000000 ____D C:\Users\All Users\Origin

2012-09-15 05:35 - 2012-09-15 05:37 - 00000000 ____D C:\Program Files (x86)\Origin

2012-09-15 05:35 - 2012-09-15 05:35 - 00000950 ____A C:\Users\Public\Desktop\Origin.lnk

2012-09-15 05:35 - 2012-09-15 05:35 - 00000537 ____A C:\Windows\KB893803v2.log

2012-09-15 05:33 - 2012-09-15 05:34 - 16910992 ____A (Electronic Arts, Inc.) C:\Users\Gabe\Desktop\OriginThinSetup.exe

2012-09-15 05:32 - 2012-09-15 05:32 - 00000000 ____D C:\Users\Gabe\Desktop\Battlefield 3- Premium Edition

2012-09-14 17:43 - 2012-09-14 17:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\dotNetFx40_Full_setup.exe

2012-09-14 17:30 - 2012-08-30 22:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-09-14 17:29 - 2012-09-14 17:29 - 16868888 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\Windows-KB890830-V4.12.exe

2012-09-14 13:27 - 2012-09-14 16:41 - 00000038 ___RH C:\Users\Gabe\Desktop\stinger.opt

2012-09-14 13:26 - 2012-09-14 16:41 - 00000000 ____D C:\Program Files (x86)\stinger

2012-09-14 13:26 - 2012-09-14 13:26 - 09994856 ____A (McAfee Inc.) C:\Users\Gabe\Desktop\stinger.exe

2012-09-14 06:23 - 2012-09-14 17:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\ArmA 2

2012-09-13 20:38 - 2012-09-13 20:38 - 00032037 ____A C:\Users\Gabe\Desktop\DDS.txt

2012-09-13 20:38 - 2012-09-13 20:38 - 00009748 ____A C:\Users\Gabe\Desktop\Attach.txt

2012-09-13 20:34 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Desktop\Result.txt

2012-09-13 20:18 - 2012-09-13 20:18 - 00607260 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com

2012-09-13 20:17 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Downloads\Result.txt

2012-09-13 20:16 - 2012-09-13 20:16 - 00751391 ____A (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe

2012-09-13 19:22 - 2012-09-13 19:22 - 00001750 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-09-13 19:22 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Program Files\iTunes

2012-09-13 19:21 - 2012-09-13 19:22 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-09-13 19:21 - 2012-09-13 19:21 - 00000000 ____D C:\Program Files\iPod

2012-09-13 19:10 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-09-13 19:10 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-09-13 19:10 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-09-13 19:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys

2012-09-13 19:10 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-09-13 19:06 - 2012-09-13 19:06 - 00000000 ____D C:\f1367e126a89152dbd33

2012-09-13 18:31 - 2012-09-14 17:25 - 00000000 ____D C:\Users\Gabe\Documents\ArmA 2

2012-09-13 18:31 - 2012-09-13 18:33 - 00000000 ____D C:\Users\Gabe\AppData\Local\ArmA 2 OA

2012-09-13 18:30 - 2012-09-15 06:06 - 00073702 ____A C:\Windows\DirectX.log

2012-09-13 18:21 - 2012-09-13 18:21 - 00001301 ____A C:\Users\Public\Desktop\DayZ Commander.lnk

2012-09-13 18:21 - 2012-09-13 18:21 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios

2012-09-13 16:58 - 2012-09-13 16:58 - 00000224 ____A C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

2012-09-12 12:01 - 2012-09-12 12:01 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab

2012-09-12 12:01 - 2012-09-12 12:01 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab

2012-09-11 22:54 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-09-11 22:54 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-09-11 22:54 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-09-02 23:53 - 2012-09-02 23:53 - 00000000 ____D C:\Users\Gabe\Documents\Amazon MP3

2012-09-01 22:50 - 2012-09-01 22:50 - 00000000 ___DC C:\Users\All Users\{3FC66E2C-85B6-4398-82FB-C13C51DE9DD8}

2012-09-01 22:42 - 2012-09-01 22:50 - 1519417223 ____A C:\Users\Gabe\Downloads\LOLPBE.zip

2012-09-01 01:11 - 1999-12-31 16:00 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-09-01 01:11 - 1999-12-31 16:00 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-09-01 01:11 - 1999-12-31 16:00 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2012-09-01 00:40 - 2012-09-01 00:40 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\InstallShield

2012-09-01 00:40 - 2012-09-01 00:40 - 00000000 ____D C:\Users\All Users\InstallShield

2012-09-01 00:40 - 2011-02-18 06:11 - 00439320 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys

2012-09-01 00:38 - 2012-09-01 00:38 - 00000000 ____D C:\Windows\SysWOW64\sda

2012-09-01 00:36 - 1999-12-31 16:00 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll

2012-09-01 00:36 - 1999-12-31 16:00 - 00422504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtsUStor.dll

2012-09-01 00:36 - 1999-12-31 16:00 - 00250984 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys

2012-09-01 00:33 - 2012-09-01 00:33 - 00000000 ____D C:\Program Files\Intel

2012-09-01 00:33 - 2011-09-26 15:15 - 00178344 ____A (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

2012-09-01 00:32 - 2011-09-06 13:33 - 00355016 ____A (Intel Corporation) C:\Windows\System32\PROUnstl.exe

2012-09-01 00:32 - 2006-01-12 12:52 - 00001904 ____N C:\Windows\System32\SetupBD.din

2012-09-01 00:19 - 2011-07-20 06:58 - 00342704 ____A (Intel Corporation) C:\Windows\System32\Drivers\e1k62x64.sys

2012-09-01 00:19 - 2011-06-29 21:55 - 00068264 ____A (Intel Corporation) C:\Windows\System32\e1kmsg.dll

2012-09-01 00:19 - 2011-06-15 22:14 - 00098496 ____A (Intel Corporation) C:\Windows\System32\NicInstK.dll

2012-09-01 00:19 - 2009-10-09 08:43 - 00003143 ____A C:\Windows\System32\e1k62x64.din

2012-09-01 00:04 - 2012-09-01 00:04 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk

2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Users\Gabe\AppData\Local\SlimWare Utilities Inc

2012-09-01 00:04 - 2012-09-01 00:04 - 00000000 ____D C:\Program Files (x86)\DriverUpdate

2012-08-31 20:19 - 2012-08-31 20:19 - 00002885 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log

2012-08-31 20:19 - 2012-08-28 18:10 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-31 20:19 - 2012-08-28 18:10 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-31 20:19 - 2012-08-28 18:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-29 20:05 - 2012-08-29 20:05 - 00000318 ____A C:\Users\Gabe\Desktop\Curse Client.appref-ms

2012-08-29 20:05 - 2012-08-29 20:05 - 00000000 ____D C:\Users\Gabe\Documents\My Curse

2012-08-29 19:46 - 2012-08-29 20:04 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.0

2012-08-29 19:46 - 2012-08-29 19:46 - 00000965 ____A C:\Users\Gabe\Gabe - Shortcut.lnk

2012-08-28 08:52 - 2012-08-28 08:52 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

2012-08-28 08:25 - 2012-08-28 08:59 - 00000984 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-08-24 13:39 - 2012-08-24 13:39 - 00000000 ____D C:\Users\Gabe\AppData\Local\{2E299EFB-46B7-442A-845F-11E4B795ED59}

2012-08-19 18:27 - 2012-08-19 18:27 - 00000030 ____A C:\Users\Gabe\AppData\Local\HackLogs.dat

2012-08-19 18:24 - 2012-08-28 18:24 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-19 18:23 - 2012-08-19 18:23 - 00000000 ____D C:\Users\All Users\McAfee

==================== 3 Months Modified Files ==================

2012-09-16 08:26 - 2012-07-26 15:27 - 00024776 ____A C:\Windows\PFRO.log

2012-09-16 08:26 - 2012-07-26 14:56 - 00015166 ____A C:\Windows\setupact.log

2012-09-16 08:26 - 2010-02-02 06:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-16 08:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-16 08:25 - 2009-10-17 02:53 - 01186162 ____A C:\Windows\WindowsUpdate.log

2012-09-16 08:25 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-16 08:25 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-16 08:17 - 2009-07-13 21:13 - 00852118 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-16 08:16 - 2012-09-16 08:16 - 00000470 ____A C:\Users\Gabe\Desktop\defogger_disable.log

2012-09-16 08:16 - 2012-09-16 08:16 - 00000000 ____A C:\Users\Gabe\defogger_reenable

2012-09-16 08:11 - 2012-04-07 21:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-16 08:10 - 2012-09-16 08:10 - 00050477 ____A C:\Users\Gabe\Desktop\Defogger.exe

2012-09-16 07:51 - 2009-12-26 20:18 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000UA.job

2012-09-16 06:54 - 2010-02-02 06:07 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-15 16:03 - 2012-09-15 06:06 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-09-15 16:03 - 2011-08-31 09:12 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-09-15 16:03 - 2011-08-31 09:10 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-09-15 14:46 - 2012-09-15 14:46 - 00302219 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

2012-09-15 13:50 - 2009-12-26 20:18 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000Core.job

2012-09-15 06:30 - 2012-09-15 06:06 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-09-15 06:19 - 2012-09-15 06:19 - 03878360 ____A C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

2012-09-15 06:07 - 2012-09-15 06:07 - 00001141 ____A C:\Users\Public\Desktop\Battlefield 3.lnk

2012-09-15 06:06 - 2012-09-13 18:30 - 00073702 ____A C:\Windows\DirectX.log

2012-09-15 05:35 - 2012-09-15 05:35 - 00000950 ____A C:\Users\Public\Desktop\Origin.lnk

2012-09-15 05:35 - 2012-09-15 05:35 - 00000537 ____A C:\Windows\KB893803v2.log

2012-09-15 05:35 - 2010-01-26 11:38 - 00003000 ____A C:\Windows\wininit.ini

2012-09-15 05:34 - 2012-09-15 05:33 - 16910992 ____A (Electronic Arts, Inc.) C:\Users\Gabe\Desktop\OriginThinSetup.exe

2012-09-14 17:43 - 2012-09-14 17:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\dotNetFx40_Full_setup.exe

2012-09-14 17:29 - 2012-09-14 17:29 - 16868888 ____A (Microsoft Corporation) C:\Users\Gabe\Downloads\Windows-KB890830-V4.12.exe

2012-09-14 16:41 - 2012-09-14 13:27 - 00000038 ___RH C:\Users\Gabe\Desktop\stinger.opt

2012-09-14 13:26 - 2012-09-14 13:26 - 09994856 ____A (McAfee Inc.) C:\Users\Gabe\Desktop\stinger.exe

2012-09-13 20:38 - 2012-09-13 20:38 - 00032037 ____A C:\Users\Gabe\Desktop\DDS.txt

2012-09-13 20:38 - 2012-09-13 20:38 - 00009748 ____A C:\Users\Gabe\Desktop\Attach.txt

2012-09-13 20:34 - 2012-09-13 20:34 - 00034177 ____A C:\Users\Gabe\Desktop\Result.txt

2012-09-13 20:34 - 2012-09-13 20:17 - 00034177 ____A C:\Users\Gabe\Downloads\Result.txt

2012-09-13 20:18 - 2012-09-13 20:18 - 00607260 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com

2012-09-13 20:16 - 2012-09-13 20:16 - 00751391 ____A (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe

2012-09-13 20:04 - 2012-01-01 03:40 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-13 19:25 - 2010-12-23 11:30 - 00868104 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-09-13 19:22 - 2012-09-13 19:22 - 00001750 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-09-13 19:04 - 2012-04-07 21:30 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-09-13 19:04 - 2011-11-20 23:33 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-09-13 18:21 - 2012-09-13 18:21 - 00001301 ____A C:\Users\Public\Desktop\DayZ Commander.lnk

2012-09-13 16:58 - 2012-09-13 16:58 - 00000224 ____A C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

2012-09-12 01:00 - 2009-11-26 14:54 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-09-07 15:04 - 2011-10-09 21:14 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-04 09:46 - 2011-11-01 13:56 - 00002455 ____A C:\Users\Gabe\Desktop\Google Chrome.lnk

2012-09-01 22:50 - 2012-09-01 22:42 - 1519417223 ____A C:\Users\Gabe\Downloads\LOLPBE.zip

2012-09-01 00:04 - 2012-09-01 00:04 - 00002469 ____A C:\Users\Public\Desktop\DriverUpdate.lnk

2012-08-31 20:19 - 2012-08-31 20:19 - 00002885 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log

2012-08-30 22:12 - 2012-09-14 17:30 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-08-29 20:05 - 2012-08-29 20:05 - 00000318 ____A C:\Users\Gabe\Desktop\Curse Client.appref-ms

2012-08-29 20:01 - 2012-08-14 17:19 - 00003465 __ASH C:\Windows\SysWOW64\win_stlthdb_sys.dat

2012-08-29 20:01 - 2012-08-13 19:06 - 00003465 __ASH C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat

2012-08-29 20:01 - 2012-08-13 19:06 - 00000700 __ASH C:\Users\Gabe\AppData\Local\systemFL7.dat

2012-08-29 19:46 - 2012-08-29 19:46 - 00000965 ____A C:\Users\Gabe\Gabe - Shortcut.lnk

2012-08-28 18:24 - 2012-08-19 18:24 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-28 18:24 - 2010-09-03 11:41 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-08-28 18:10 - 2012-08-31 20:19 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-28 18:10 - 2012-08-31 20:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-28 18:09 - 2012-08-31 20:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-28 08:59 - 2012-08-28 08:25 - 00000984 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-08-28 08:52 - 2012-08-28 08:52 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

2012-08-27 17:26 - 2012-08-13 19:12 - 00001906 __ASH C:\Users\Gabe\AppData\Local\win_fldb_sys.dat

2012-08-27 17:26 - 2012-08-13 19:12 - 00001386 __ASH C:\Windows\SysWOW64\win_fldb_sys.dat

2012-08-22 10:12 - 2012-09-13 19:10 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-11 22:54 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-11 22:54 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-11 22:54 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 11:01 - 2012-09-13 19:22 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-08-21 11:01 - 2009-11-27 11:46 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll

2012-08-21 11:01 - 2009-11-27 11:46 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll

2012-08-19 18:27 - 2012-08-19 18:27 - 00000030 ____A C:\Users\Gabe\AppData\Local\HackLogs.dat

2012-08-16 12:51 - 2012-08-16 12:47 - 00049512 ____A C:\Users\Gabe\Documents\(Unknown) - Clip 001.avi.sfk

2012-08-16 12:51 - 2012-08-16 12:47 - 00001024 ____A C:\Users\Gabe\Documents\Default.sfvidcap

2012-08-16 12:46 - 2012-08-16 12:45 - 967345152 ____A C:\Users\Gabe\Documents\(Unknown) - Clip 001.avi

2012-08-16 01:28 - 2009-07-13 20:45 - 04909576 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-14 17:24 - 2012-08-14 17:24 - 00000620 __ASH C:\Users\Gabe\AppData\Local\settingsFL.dat

2012-08-14 17:18 - 2012-08-13 19:05 - 00321736 ____A ( New Softwares.net) C:\Windows\SysWOW64\WinFLTrayShred.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00321736 ____A ( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00091336 ____A (New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00040960 ____A C:\Windows\SysWOW64\nwsftUninstall.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00034816 ____A C:\Windows\SysWOW64\WinFLAdrv.sys

2012-08-14 17:18 - 2012-08-13 19:05 - 00014024 ____A C:\Windows\SysWOW64\WinFLMsgService.exe

2012-08-14 17:18 - 2012-08-13 19:05 - 00001106 ____A C:\Users\Gabe\Desktop\Folder Lock.lnk

2012-08-14 17:17 - 2012-08-14 17:16 - 00001328 ____A C:\Users\Public\Desktop\World of Warcraft Beta.lnk

2012-08-14 17:11 - 2012-08-14 17:11 - 31727744 ____A (Blizzard Entertainment) C:\Users\Gabe\Desktop\World of Warcraft Beta Setup.exe

2012-08-13 19:06 - 2012-08-13 19:06 - 00002568 __ASH C:\Users\All Users\win_mpwd_sys.dat

2012-08-13 19:05 - 2012-08-13 19:05 - 00225680 ____A (NewSoftwares.net, Inc.) C:\Windows\SysWOW64\WinVDEdrv.sys

2012-08-13 19:05 - 2012-08-13 19:05 - 00197648 ____A C:\Windows\SysWOW64\WinVDEdrv6.sys

2012-08-06 21:05 - 2012-08-06 21:05 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-06 23_05_03.581740.dmp

2012-08-05 17:25 - 2012-03-14 10:40 - 00001156 ____A C:\Users\Public\Desktop\GOM Player.lnk

2012-08-02 09:58 - 2012-09-13 19:10 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-13 19:10 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-08-01 21:12 - 2012-08-01 21:12 - 00007603 ____A C:\Users\Gabe\AppData\Local\Resmon.ResmonCfg

2012-08-01 16:31 - 2012-08-01 16:31 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-01 18_31_09.895452.dmp

2012-07-31 20:33 - 2012-07-31 20:33 - 00002533 ____A C:\Users\Gabe\Desktop\Skype.lnk

2012-07-31 20:11 - 2011-10-03 22:26 - 00021352 ____A C:\Windows\System32\lvcoinst.log

2012-07-30 11:32 - 2012-07-30 11:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-07-30 11:32 - 2012-07-30 11:32 - 00102240 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-07-29 17:03 - 2011-10-30 23:14 - 00036864 ____A C:\Users\Gabe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-29 09:52 - 2012-07-29 09:52 - 00001047 ____A C:\Users\Public\Desktop\Vegas Pro 11.0.lnk

2012-07-28 17:20 - 2011-10-04 11:13 - 00083984 ____A C:\Users\Gabe\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-28 17:19 - 2010-01-11 12:13 - 00007756 ____A C:\Users\All Users\hpzinstall.log

2012-07-26 14:56 - 2012-07-26 14:56 - 00000000 ____A C:\Windows\setuperr.log

2012-07-25 14:01 - 2012-07-25 11:19 - 00002046 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk

2012-07-25 14:00 - 2012-07-25 11:17 - 00002329 ____A C:\Users\Public\Desktop\Canon MG2100 series On-screen Manual.lnk

2012-07-18 10:15 - 2012-08-15 02:27 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-16 17:16 - 2012-07-16 17:16 - 00000000 ____A C:\Users\Gabe\Documents\ts3_clientui-win64-1342421813-2012-07-16 19_16_09.766721.dmp

2012-07-12 06:37 - 2012-07-12 06:37 - 00041174 ____A C:\Users\Gabe\Documents\cc_20120712_083703.reg

2012-07-12 06:33 - 2012-06-08 16:58 - 00000829 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-09 11:42 - 2012-07-09 11:42 - 04547984 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll

2012-07-09 11:42 - 2012-07-09 11:42 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys

2012-07-04 14:16 - 2012-08-15 02:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-15 02:27 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-15 02:27 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-15 02:27 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-15 02:27 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-04 12:26 - 2012-09-13 19:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys

2012-07-04 12:26 - 2012-09-13 19:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-06-28 20:55 - 2012-08-16 01:08 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 20:09 - 2012-08-16 01:08 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 19:56 - 2012-08-16 01:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 19:49 - 2012-08-16 01:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 19:49 - 2012-08-16 01:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 19:48 - 2012-08-16 01:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 19:47 - 2012-08-16 01:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 19:45 - 2012-08-16 01:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 19:44 - 2012-08-16 01:08 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 19:43 - 2012-08-16 01:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 19:42 - 2012-08-16 01:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 19:40 - 2012-08-16 01:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 19:39 - 2012-08-16 01:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 19:35 - 2012-08-16 01:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 16:52 - 2012-08-16 01:08 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 16:27 - 2012-08-16 01:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 16:16 - 2012-08-16 01:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 16:09 - 2012-08-16 01:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 16:09 - 2012-08-16 01:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 16:08 - 2012-08-16 01:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 16:07 - 2012-08-16 01:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 16:06 - 2012-08-16 01:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 16:04 - 2012-08-16 01:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 16:04 - 2012-08-16 01:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 16:01 - 2012-08-16 01:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 16:01 - 2012-08-16 01:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 16:00 - 2012-08-16 01:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 15:57 - 2012-08-16 01:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-25 13:22 - 2012-04-28 18:36 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-14 17:23:35

Restore point made on: 2012-09-15 06:04:52

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8183.11 MB

Available physical RAM: 7355.73 MB

Total Pagefile: 8181.26 MB

Available Pagefile: 7356.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:916.41 GB) (Free:418.75 GB) NTFS

2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.68 GB) NTFS

4 Drive g: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 3824 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 15 GB 1024 KB

Partition 2 Primary 100 MB 15 GB

Partition 3 Primary 916 GB 15 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Gateway NTFS Partition 916 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3823 MB 564 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB20FD FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-09-06 04:59

==================== End Of Log =============================

boombaby16 · September 16, 2012

I just used Crtl F and typed utorrent because ive been trying to find the rest of the files and it looks like i missed some. I have uninstalled it though

boombaby16 · September 16, 2012

I didn't think of looking in program files(x86) because when i was using a search bar nothing else came up sorry about that

Maurice Naggar · September 16, 2012

Return back to normal Windows. {Restart your system}

IF you have a previous copy of OTL.exe then delete it.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

boombaby16 · September 16, 2012

OTL logfile created on: 9/16/2012 11:43:16 AM - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Gabe\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.54% Memory free

15.98 Gb Paging File | 14.01 Gb Available in Paging File | 87.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 418.74 Gb Free Space | 45.69% Space Free | Partition Type: NTFS

Computer Name: AUSTIN | User Name: Gabe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/16 11:34:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe

PRC - [2012/09/15 08:30:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/08/24 05:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/08/14 19:18:16 | 000,275,656 | ---- | M] (New Softwares.net) -- C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe

PRC - [2012/08/14 19:18:11 | 001,238,216 | ---- | M] ( New Softwares.net) -- C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe

PRC - [2012/08/14 19:18:07 | 000,091,336 | ---- | M] (New Softwares.net) -- C:\Windows\SysWOW64\WinFLService.exe

PRC - [2012/08/14 19:18:04 | 000,321,736 | ---- | M] ( New Softwares.net) -- C:\Windows\SysWOW64\WinFLTray.exe

PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/11/16 22:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2011/03/28 11:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2011/03/07 13:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

PRC - [2009/07/07 14:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe

PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2009/02/23 13:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [1999/12/31 18:00:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

MOD - [2009/08/13 17:00:46 | 000,169,984 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 19:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 19:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/09/26 17:15:38 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV - [2012/09/15 08:30:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/09/13 21:04:13 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/13 18:52:02 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/09/10 13:27:04 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)

SRV - [2012/09/09 19:56:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/24 05:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/08/14 19:18:07 | 000,091,336 | ---- | M] (New Softwares.net) [Auto | Running] -- C:\Windows\SysWOW64\WinFLService.exe -- (FLService)

SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/11/15 11:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)

SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2010/10/21 14:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2009/10/17 04:59:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009/10/17 04:58:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/23 13:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [1999/12/31 18:00:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/20 21:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/11/15 11:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)

DRV:64bit: - [2011/07/20 08:58:22 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2011/04/13 21:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/18 08:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/01/19 12:50:23 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)

DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/04/30 16:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2009/04/30 16:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV:64bit: - [2007/06/08 08:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL)

DRV:64bit: - [1999/12/31 18:00:00 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2012/08/13 21:05:42 | 000,197,648 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysWOW64\WinVDEdrv6.sys -- (NEWDRIVER)

DRV - [2012/08/13 21:05:41 | 000,225,680 | ---- | M] (NewSoftwares.net, Inc.) [File_System | Auto | Running] -- C:\Windows\SysWOW64\WinVDEdrv.sys -- (WinVDEDrv)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/12/31 09:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6830&r=173611095216p0325v1k5k48926241

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6830&r=173611095216p0325v1k5k48926241

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={D7F9B83F-2513-4C25-8580-245EC3C2841A}&mid=d57939cbbc8547d0804fd1482a8b5da6-5f0d3d0792bd5478ce8e5957931ac5ca75832844〈=en&ds=gm011&pr=sa&d=2012-04-19 17:20:43&v=11.0.0.9&sap=hp

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS355US355

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D7F9B83F-2513-4C25-8580-245EC3C2841A}&mid=d57939cbbc8547d0804fd1482a8b5da6-5f0d3d0792bd5478ce8e5957931ac5ca75832844〈=en&ds=gm011&pr=sa&d=2012-04-19 17:20:43&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [string data over 1000 bytes]

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: " "

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"'>http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110621

FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0

FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Gabe\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gabe\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gabe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gabe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2012/09/09 19:56:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2012/08/19 20:24:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Gabe\AppData\Roaming\Move Networks [2009/12/22 21:22:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2012/09/09 19:56:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2012/08/19 20:24:19 | 000,000,000 | ---D | M]

[2009/12/26 22:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Extensions

[2012/09/07 22:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions

[2011/01/30 00:59:27 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2012/09/07 22:10:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012/08/26 10:15:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/04/21 20:32:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\engine@conduit.com

[2012/02/21 18:23:30 | 000,166,900 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}.xpi

[2012/08/27 19:29:41 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2011/01/23 18:21:38 | 000,919,575 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\conduitengine.xpi

[2011/01/23 18:21:38 | 000,917,835 | ---- | M] () (No name found) -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\xfirexo_tb.xpi

[2011/05/04 15:08:19 | 000,001,832 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\bing.xml

[2011/10/02 13:57:40 | 000,000,863 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\conduit.xml

[2010/03/27 09:26:19 | 000,010,017 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\rf6skmu6.default\searchplugins\mywebsearch.xml

[2012/08/31 22:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 3.6 BETA 5\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npijjiFFPlugin1.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Gabe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Gabe\AppData\LocalLow\raidcall\plugins\webplugin_en.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Gabe\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Prezi = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\

CHR - Extension: Angry Birds = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: YouTube Downloader = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\baghcaokjpiflfgfddiobkomaaklphhg\12.0_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Add to Amazon Wish List = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\

CHR - Extension: Japanese Kana = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign\2.0.3_0\

CHR - Extension: Picnik = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\

CHR - Extension: StumbleUpon = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.7.12.1_0\

CHR - Extension: Easy YouTube Downloader = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\linimbofbhfiebblpncbhgefaolagapd\73_0\

CHR - Extension: Google Mail Checker = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.4_0\

CHR - Extension: Xbox LIVE Dashboard = C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobdmiffgnobnpagcjjmpcajhdaoighg\0.9.9.5_0\

O1 HOSTS File: ([2011/10/28 17:55:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gabe\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe (New Softwares.net)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\newsteam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKCU..\Run: [WinFLTray] C:\Windows\SysWOW64\WinFLTray.exe ( New Softwares.net)

O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ts3server_win64.exe (TeamSpeak Systems GmbH)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.169.190.211 208.72.160.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9045E3-1B5D-42FD-ACCF-147F1A58918A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC53C46-B7D6-4384-9DB9-6F11CE9EF5FF}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC084C6-73F6-4A18-AC61-EB4D9553E781}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EC38F95-65F6-43C4-87D8-F3D8D6914123}: DhcpNameServer = 69.169.190.211 208.72.160.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99934CF4-7A22-40A0-899A-D684F507105A}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB09BEB4-0DB7-45B4-8312-2F60BED851D6}: DhcpNameServer = 208.67.222.222 208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9D5DC4-3F91-4CB2-93DF-F380073CF7D6}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE598C3D-2A0E-4B49-94AF-BC91032D5B2B}: DhcpNameServer = 208.67.222.222 208.67.220.220

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 12:30:21 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/16 11:34:05 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe

[2012/09/16 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Desktop\ERUNT

[2012/09/15 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\Battlefield 3

[2012/09/15 08:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012/09/15 07:37:32 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Origin

[2012/09/15 07:37:31 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\Origin

[2012/09/15 07:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2012/09/15 07:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

[2012/09/15 07:33:57 | 016,910,992 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\Gabe\Desktop\OriginThinSetup.exe

[2012/09/15 07:32:30 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Desktop\Battlefield 3- Premium Edition

[2012/09/14 19:30:11 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[2012/09/14 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/09/14 15:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012/09/14 15:26:19 | 009,994,856 | ---- | C] (McAfee Inc.) -- C:\Users\Gabe\Desktop\stinger.exe

[2012/09/14 08:23:18 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\ArmA 2

[2012/09/13 21:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/09/13 21:22:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/09/13 21:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/09/13 21:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/09/13 21:10:40 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/09/13 21:10:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rndismpx.sys

[2012/09/13 21:10:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012/09/13 21:06:02 | 000,000,000 | ---D | C] -- C:\f1367e126a89152dbd33

[2012/09/13 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012/09/13 20:31:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\ArmA 2 OA

[2012/09/13 20:31:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\ArmA 2

[2012/09/13 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios

[2012/09/12 14:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2012/09/12 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab

[2012/09/12 00:54:40 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/09/12 00:54:39 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/09/03 01:53:02 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\Amazon MP3

[2012/09/02 00:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{3FC66E2C-85B6-4398-82FB-C13C51DE9DD8}

[2012/09/01 03:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/09/01 03:11:39 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2012/09/01 03:11:39 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2012/09/01 03:11:39 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2012/09/01 03:11:39 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2012/09/01 03:11:39 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2012/09/01 03:11:39 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2012/09/01 03:11:39 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2012/09/01 03:11:39 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2012/09/01 03:11:39 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2012/09/01 03:11:39 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2012/09/01 03:11:38 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2012/09/01 03:11:38 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2012/09/01 03:11:38 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2012/09/01 02:40:58 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys

[2012/09/01 02:40:54 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\InstallShield

[2012/09/01 02:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2012/09/01 02:38:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda

[2012/09/01 02:36:17 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll

[2012/09/01 02:36:17 | 000,250,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys

[2012/09/01 02:36:16 | 000,422,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll

[2012/09/01 02:33:14 | 000,178,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IPROSetMonitor.exe

[2012/09/01 02:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2012/09/01 02:32:56 | 000,355,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe

[2012/09/01 02:19:15 | 000,342,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1k62x64.sys

[2012/09/01 02:19:15 | 000,098,496 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstK.dll

[2012/09/01 02:19:15 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1kmsg.dll

[2012/09/01 02:04:29 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\SlimWare Utilities Inc

[2012/09/01 02:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate

[2012/09/01 02:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate

[2012/09/01 02:04:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers

[2012/08/31 22:19:30 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/08/31 22:19:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/08/31 22:19:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/08/29 22:05:34 | 000,000,000 | ---D | C] -- C:\Users\Gabe\Documents\My Curse

[2012/08/29 22:05:28 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

[2012/08/28 10:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2012/08/24 15:39:12 | 000,000,000 | ---D | C] -- C:\Users\Gabe\AppData\Local\{2E299EFB-46B7-442A-845F-11E4B795ED59}

[2012/08/19 20:24:19 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/08/19 20:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2010/01/17 00:24:36 | 1648,462,032 | ---- | C] (Macrovision Corporation ) -- C:\Program Files\MSSetupv80.exe

========== Files - Modified Within 30 Days ==========

[2012/09/16 11:50:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000UA.job

[2012/09/16 11:36:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/16 11:36:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/16 11:34:36 | 000,852,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/16 11:34:36 | 000,709,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/16 11:34:36 | 000,145,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/16 11:34:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gabe\Desktop\OTL.exe

[2012/09/16 11:29:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/16 11:28:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/16 11:28:48 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/16 10:16:00 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\defogger_reenable

[2012/09/16 10:11:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/16 10:10:50 | 000,050,477 | ---- | M] () -- C:\Users\Gabe\Desktop\Defogger.exe

[2012/09/16 08:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/15 18:03:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/09/15 18:03:32 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/15 18:03:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/09/15 16:46:36 | 000,302,219 | ---- | M] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

[2012/09/15 16:44:41 | 000,063,803 | ---- | M] () -- C:\Users\Gabe\Desktop\35058358.jpg

[2012/09/15 16:44:37 | 000,044,604 | ---- | M] () -- C:\Users\Gabe\Desktop\35058353.jpg

[2012/09/15 16:44:32 | 000,086,068 | ---- | M] () -- C:\Users\Gabe\Desktop\35058347.jpg

[2012/09/15 16:44:28 | 000,065,308 | ---- | M] () -- C:\Users\Gabe\Desktop\35058336.jpg

[2012/09/15 15:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2684759980-1959591888-1663914851-1000Core.job

[2012/09/15 08:30:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/09/15 08:19:23 | 003,878,360 | ---- | M] () -- C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

[2012/09/15 08:07:12 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012/09/15 07:35:16 | 000,003,000 | ---- | M] () -- C:\Windows\wininit.ini

[2012/09/15 07:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2012/09/15 07:34:35 | 016,910,992 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Gabe\Desktop\OriginThinSetup.exe

[2012/09/14 18:41:07 | 000,000,038 | RH-- | M] () -- C:\Users\Gabe\Desktop\stinger.opt

[2012/09/14 15:26:23 | 009,994,856 | ---- | M] (McAfee Inc.) -- C:\Users\Gabe\Desktop\stinger.exe

[2012/09/13 22:04:09 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/13 21:25:22 | 000,868,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/09/13 21:22:48 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/13 21:04:12 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/09/13 21:04:12 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/09/13 20:21:09 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk

[2012/09/13 18:58:02 | 000,000,224 | ---- | M] () -- C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

[2012/09/09 19:56:38 | 000,002,118 | ---- | M] () -- C:\Users\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.6 Beta 5.lnk

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/04 11:46:36 | 000,002,455 | ---- | M] () -- C:\Users\Gabe\Desktop\Google Chrome.lnk

[2012/09/01 02:04:24 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk

[2012/08/31 00:12:46 | 062,164,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[2012/08/30 08:52:25 | 002,441,049 | ---- | M] () -- C:\Users\Gabe\Desktop\2012BTS_PrintAd_6x9_M1.pdf

[2012/08/29 22:05:34 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2012/08/29 22:05:28 | 000,000,318 | ---- | M] () -- C:\Users\Gabe\Desktop\Curse Client.appref-ms

[2012/08/29 22:01:51 | 000,003,465 | -HS- | M] () -- C:\Windows\SysWow64\win_stlthdb_sys.dat

[2012/08/29 22:01:50 | 000,003,465 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat

[2012/08/29 22:01:46 | 000,000,700 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\systemFL7.dat

[2012/08/29 21:46:49 | 000,000,965 | ---- | M] () -- C:\Users\Gabe\Gabe - Shortcut.lnk

[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/08/28 10:59:23 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/08/28 10:52:52 | 000,000,000 | ---- | M] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

[2012/08/27 19:26:50 | 000,001,906 | -HS- | M] () -- C:\Users\Gabe\AppData\Local\win_fldb_sys.dat

[2012/08/27 19:26:50 | 000,001,386 | -HS- | M] () -- C:\Windows\SysWow64\win_fldb_sys.dat

[2012/08/22 12:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/08/22 12:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/08/21 13:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll

[2012/08/21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll

[2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/08/19 20:27:53 | 000,000,030 | ---- | M] () -- C:\Users\Gabe\AppData\Local\HackLogs.dat

========== Files Created - No Company Name ==========

[2012/09/16 10:16:00 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\defogger_reenable

[2012/09/16 10:10:52 | 000,050,477 | ---- | C] () -- C:\Users\Gabe\Desktop\Defogger.exe

[2012/09/15 16:46:36 | 000,302,219 | ---- | C] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-09-15 16_46_36.139859.dmp

[2012/09/15 16:44:43 | 000,063,803 | ---- | C] () -- C:\Users\Gabe\Desktop\35058358.jpg

[2012/09/15 16:44:38 | 000,044,604 | ---- | C] () -- C:\Users\Gabe\Desktop\35058353.jpg

[2012/09/15 16:44:34 | 000,086,068 | ---- | C] () -- C:\Users\Gabe\Desktop\35058347.jpg

[2012/09/15 16:44:30 | 000,065,308 | ---- | C] () -- C:\Users\Gabe\Desktop\35058336.jpg

[2012/09/15 08:19:26 | 003,878,360 | ---- | C] () -- C:\Users\Gabe\Desktop\battlelog-web-plugins-1.132.0-retail-prod.exe

[2012/09/15 08:07:12 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012/09/15 08:06:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/15 08:06:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/09/15 07:35:15 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2012/09/14 15:27:09 | 000,000,038 | RH-- | C] () -- C:\Users\Gabe\Desktop\stinger.opt

[2012/09/13 21:22:48 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/13 20:21:09 | 000,001,301 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk

[2012/09/13 18:58:02 | 000,000,224 | ---- | C] () -- C:\Users\Gabe\Desktop\ARMA 2 Operation Arrowhead.url

[2012/09/01 02:32:57 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din

[2012/09/01 02:19:15 | 000,003,143 | ---- | C] () -- C:\Windows\SysNative\e1k62x64.din

[2012/09/01 02:04:24 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk

[2012/08/30 08:52:24 | 002,441,049 | ---- | C] () -- C:\Users\Gabe\Desktop\2012BTS_PrintAd_6x9_M1.pdf

[2012/08/29 22:05:34 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2012/08/29 22:05:28 | 000,000,318 | ---- | C] () -- C:\Users\Gabe\Desktop\Curse Client.appref-ms

[2012/08/29 21:46:49 | 000,000,965 | ---- | C] () -- C:\Users\Gabe\Gabe - Shortcut.lnk

[2012/08/28 10:52:52 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\Documents\ts3_clientui-win64-1343657352-2012-08-28 10_52_52.211270.dmp

[2012/08/28 10:25:38 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/08/19 20:27:53 | 000,000,030 | ---- | C] () -- C:\Users\Gabe\AppData\Local\HackLogs.dat

[2012/08/14 19:24:27 | 000,000,620 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\settingsFL.dat

[2012/08/14 19:19:17 | 000,003,465 | -HS- | C] () -- C:\Windows\SysWow64\win_stlthdb_sys.dat

[2012/08/13 21:12:59 | 000,001,906 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\win_fldb_sys.dat

[2012/08/13 21:12:59 | 000,001,386 | -HS- | C] () -- C:\Windows\SysWow64\win_fldb_sys.dat

[2012/08/13 21:06:38 | 000,002,568 | -HS- | C] () -- C:\ProgramData\win_mpwd_sys.dat

[2012/08/13 21:06:03 | 000,003,465 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\win_stlthdb_sys.dat

[2012/08/13 21:06:03 | 000,000,700 | -HS- | C] () -- C:\Users\Gabe\AppData\Local\systemFL7.dat

[2012/08/13 21:05:43 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\WinFLAdrv.sys

[2012/08/13 21:05:42 | 000,197,648 | ---- | C] () -- C:\Windows\SysWow64\WinVDEdrv6.sys

[2012/08/13 21:05:18 | 000,014,024 | ---- | C] () -- C:\Windows\SysWow64\WinFLMsgService.exe

[2012/08/13 21:05:17 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nwsftUninstall.exe

[2012/08/01 23:12:30 | 000,007,603 | ---- | C] () -- C:\Users\Gabe\AppData\Local\Resmon.ResmonCfg

[2012/06/08 23:54:55 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini

[2012/06/08 19:01:28 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe

[2012/06/08 19:01:28 | 000,001,066 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/04/21 00:54:37 | 000,000,040 | ---- | C] () -- C:\Users\Gabe\jagex_cl_runescape_LIVE.dat

[2012/04/09 01:52:25 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll

[2012/04/09 01:52:25 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll

[2012/04/09 01:52:24 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2012/02/21 19:30:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/11/01 23:27:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/11/01 23:27:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/10/31 01:14:26 | 000,036,864 | ---- | C] () -- C:\Users\Gabe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/07 01:45:14 | 000,000,042 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\iPod Access Photo Prefs

[2011/10/07 01:44:02 | 000,000,011 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\iPodAccessPhoto_Time

[2011/09/26 19:07:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2011/09/01 20:17:50 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011/08/31 11:10:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010/12/23 13:30:39 | 000,868,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/11/21 09:05:57 | 000,000,219 | ---- | C] () -- C:\Windows\iepreview.ini

[2010/03/04 19:19:14 | 000,000,000 | ---- | C] () -- C:\Users\Gabe\jagex__preferences3.dat

[2009/12/15 09:02:40 | 000,000,650 | ---- | C] () -- C:\Users\Gabe\AppData\Roaming\wklnhst.dat

[2009/12/03 08:34:02 | 000,000,632 | RHS- | C] () -- C:\Users\Gabe\ntuser.pol

[2009/11/28 19:46:12 | 000,000,117 | ---- | C] () -- C:\Users\Gabe\jagex_runescape_preferences2.dat

[2009/11/28 19:43:57 | 000,000,041 | ---- | C] () -- C:\Users\Gabe\jagex_runescape_preferences.dat

========== LOP Check ==========

[2012/09/09 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\.minecraft

[2012/09/13 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Amazon

[2012/09/02 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Audacity

[2011/10/07 01:14:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\BSD

[2012/08/20 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Canon

[2012/07/12 08:36:16 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\DAEMON Tools Lite

[2011/01/17 03:42:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\DriverCure

[2010/03/14 09:04:31 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\eMusic

[2011/01/30 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ijjigame

[2010/10/13 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\KeePass

[2011/10/04 00:27:15 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Leadertech

[2011/01/06 14:24:00 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\LolClient

[2012/06/14 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\LolClient2

[2010/02/14 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Opera

[2012/09/15 07:37:58 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Origin

[2011/01/17 03:42:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ParetoLogic

[2012/07/29 11:57:21 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Publish Providers

[2010/12/25 12:17:28 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\runic games

[2011/01/19 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\School Zone Preferences

[2011/10/31 01:14:26 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Solveig Multimedia

[2012/07/29 11:57:17 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Sony

[2012/06/28 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\SplitMediaLabs

[2009/12/05 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Stardock

[2012/09/12 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\SystemRequirementsLab

[2012/08/01 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TeamViewer

[2009/12/15 09:03:55 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Template

[2011/07/08 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico 3

[2011/06/29 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico 3 Demo

[2011/07/01 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tropico3

[2012/07/26 04:18:50 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TS3Client

[2012/02/12 05:36:02 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\TuneUp Software

[2009/12/07 20:41:53 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Tutor

[2010/12/23 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Uniblue

[2010/03/11 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Unity

[2012/09/13 22:01:05 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\uTorrent

[2010/11/23 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\Windows Live Writer

[2011/06/02 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Gabe\AppData\Roaming\ZiggyTV

[2012/05/23 17:32:51 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

boombaby16 · September 16, 2012

OTL Extras logfile created on: 9/16/2012 11:43:16 AM - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Gabe\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.54% Memory free

15.98 Gb Paging File | 14.01 Gb Available in Paging File | 87.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 418.74 Gb Free Space | 45.69% Space Free | Partition Type: NTFS

Computer Name: AUSTIN | User Name: Gabe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

https [open] -- "C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe" -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1 -- [2012/05/12 19:31:25 | 000,000,000 | ---D | M]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04C040A3-6155-49B4-BEE5-B162F4CFAEB8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |

"{0969BD7E-D03C-4426-A9FD-A2AC7A2CC017}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{143317E5-0C0B-4786-96FF-DF14366621B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1E14B04A-1362-4FBD-9030-DED87035CEA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2106C174-DC53-4F22-A1EE-5A7CE086863B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{238315D8-5CCA-40A1-9EFA-A63C48104431}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{2A233DCC-CFDD-4DBB-BE38-FF889314DDB1}" = lport=139 | protocol=6 | dir=in | app=system |

"{2BA7741A-19D7-4EBB-A7F1-68C9E8906252}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{2ECD5ADD-B272-4D98-98B2-7DDC9FDB1EF4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{2EE92A94-6FBD-4614-9869-452D298DC6CC}" = lport=3390 | protocol=6 | dir=in | app=system |

"{2FE00AF6-E7E1-4D0B-8F48-1296FC67BA01}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{335A9CB4-6D2B-492F-B835-8E895FFE3204}" = rport=2869 | protocol=6 | dir=out | app=system |

"{3A442E4B-24C7-4631-B399-1AB2AA848817}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3C7D539D-CB23-4E73-ABD1-F5A7371AD74E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3EF0CBC0-3002-42F5-8334-1D5B4D0DC31A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{40A9325A-7E3F-4F8D-928F-FBC6153BDD05}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4DEB35B9-4CD3-44EB-8A94-EAD0B9236F77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{4ED49A28-5F64-443E-A8FD-F8A237617586}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{500A63A7-4190-42CF-9B3E-2CB3B8E6173D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{506A6BEB-AE57-4B07-8E1F-A5ADD16285AA}" = rport=445 | protocol=6 | dir=out | app=system |

"{52A29A33-AC6A-4A54-B38A-0FCD6E60CFB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{56C0D160-AD5A-4DB6-A1A4-4D04F7DC587F}" = lport=137 | protocol=17 | dir=in | app=system |

"{58126FA2-EF82-4489-969A-45D1D0202231}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{5A86BD9B-446B-4C41-8CA1-D036353837F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5BF3D399-5629-4FFC-9816-7FDD77B3A087}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{5D77FC71-C5AC-4A67-AFCC-4C64B668FA81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{60099793-3549-4200-93C5-96A7B3E068C8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{64DDAF5C-48A1-4FF6-9B4D-16DEB6B5D5E9}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |

"{66A4BDFD-9654-4EFB-BCFB-D83D0E55F3CB}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6C6A18FA-3EAC-4327-A4F2-66D7AEFEC128}" = rport=137 | protocol=17 | dir=out | app=system |

"{6CA57AB4-E7FB-48E4-9DAA-3062FA66F20D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6CE851B1-33DD-424E-85B7-273017E79375}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6EEE1E37-ABB4-43E3-BCC7-3EF5E818AF1E}" = lport=10244 | protocol=6 | dir=in | app=system |

"{7042382A-7EEC-43DF-9F60-8B952046598B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{719484F6-6178-44A8-BB3F-FADEB87C0C84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7920D849-AF6D-4DB7-B8AB-456745B5C047}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7D1BD266-08BB-42B7-8B35-7822921B3763}" = rport=10243 | protocol=6 | dir=out | app=system |

"{818EFD75-25A8-42E9-9388-1044A2E8916A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8640AB5C-704B-4B10-B4F4-DD995B739B4A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{87297657-74B5-49B2-A3C0-CBB54E9A94C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{88823938-F57D-450B-A9E1-E9E6CB81B03B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{9819B9AE-7C23-452C-86E4-E268FA4AD63F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{996AB946-E670-4DE6-B6EC-97F876DC839E}" = lport=53 | protocol=6 | dir=in | name=xbox |

"{9A4FF8D5-7259-40EF-A826-20DCC60A1CDF}" = lport=445 | protocol=6 | dir=in | app=system |

"{9D40C250-0F7F-4395-A2CF-F55B7708053D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{A54AE23C-1C01-4820-B914-DA45313653DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A746A6D5-3D8E-4E9C-8ADE-45A6FEEF77DB}" = lport=3390 | protocol=6 | dir=in | app=system |

"{AB71F573-8431-4A45-81A4-D71ADDAF404F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B032458E-FE53-4AE9-B20D-A15CC8FB5C53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B3EAF040-68B9-4DAB-90CC-EC50A2A6B9DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B60612CB-9DFC-417B-8A02-3D808170E791}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{B834C371-7F91-43FC-94C6-C31DFA710F1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B9821534-BEEC-424D-B8A9-7CFE9C4BA661}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BC753A0C-56BA-4299-9738-CC3CD25F4B98}" = lport=88 | protocol=17 | dir=in | name=xbox |

"{C30CD350-A799-46C7-BC34-2694A5A097F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C5A862BE-26BF-4CBC-BA20-5106514BC228}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CB8AD1BA-8116-4466-AFD7-B109E8950FF4}" = lport=80 | protocol=6 | dir=in | name=xbox |

"{D1B88A36-1A3C-4469-B0D0-B2EAE96D7DB9}" = lport=138 | protocol=17 | dir=in | app=system |

"{D1CC3E2A-CECD-41C0-8049-8FD26B5D3529}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D2CF3071-4ABB-42B5-A1DF-C5322EBF4C5F}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

"{D33A831A-682C-4091-9726-9D5983F7D13C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{D595E61A-6CA5-4527-80D7-FF20178C1C11}" = lport=53 | protocol=17 | dir=in | name=xbox |

"{D6A3D4C2-56FD-48D3-9BAD-5AA977D365BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D7B999DF-E15D-4F94-B871-CCF4454C2329}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D9606CD2-402A-4C11-9F3A-5242CDAB8643}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{E4AC2093-151C-4AA1-9C81-5C7B9B1A8973}" = rport=138 | protocol=17 | dir=out | app=system |

"{E56B1AEE-09A0-4AA9-A462-FEC4A4E6FD41}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{E848CF91-F0B3-49F0-A0C2-652328EE7A16}" = lport=3074 | protocol=6 | dir=in | name=xbox |

"{EE0F3F28-31E5-4594-8FFF-EA2E02997E2C}" = rport=139 | protocol=6 | dir=out | app=system |

"{EE242A3B-934B-45DC-AB7B-3923BD1ED6CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F2A66BD1-8329-44FC-AA76-4C2C06C014BA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{F7E26640-543C-4A5F-A3E8-C0CB1669983D}" = lport=49194 | protocol=6 | dir=in | name=akamai netsession interface |

"{F84DB62E-7411-415A-94DA-BC5D80F34EDC}" = lport=3074 | protocol=17 | dir=in | name=xbox |

"{F912922B-61CC-473F-B37D-B8996E11C8F9}" = lport=10244 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00BC28E7-85C9-41A2-BB67-18B4A7BE0963}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{00E7F2F9-7756-43CA-917A-3BCF218D2715}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{030CFC1B-9641-4C4B-82D2-15A7BC5E3004}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{056FD8BA-7CA9-4391-92CF-777DBDE809F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{06A0C1CB-05D2-4D36-B18A-B370DC6C175B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{07166C9A-0A83-48ED-BE31-19D9D0887BC2}" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"{07855779-D91F-46DC-99D4-BDA55CF34EFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{091A4580-EBBC-4DF9-B6EF-235D2A96E824}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{0A8A3B82-B669-40F5-AB22-303AF58E73A3}" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{0AB1B4BB-1077-407E-966C-0DDF70288350}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{0BD1B5BE-2887-49EE-B1D9-E9EB75FC2271}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{12B4EF22-A976-47D7-8978-2AFADEEE826F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1554A731-F9FE-4526-A020-A433C28FCABE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{15D60749-804D-47DC-BB89-A978085DCEA7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{1ADEE01A-A2B5-4B6A-9782-CB7E75D3C3CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |

"{1B6C01C6-132A-4002-A7E0-24E38BC85EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{1CE24A00-2FD1-49A0-B047-818BE64D8578}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{1ECC0E6B-6FF8-414A-A033-CBFA0DD75B52}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{1FD0014D-88E6-4BDB-B8C7-1325273A0D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |

"{202F609A-207F-4493-A6F4-310E9D5A1F55}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{20E59715-E916-4706-9A52-C4D5F9C13F3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{21B86A8F-DB77-451F-902C-148BAE57DC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{24B6F2BA-DB10-4F4A-8ABD-E693DD568622}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{258B8DAC-2674-470F-A9E0-C0927C4E07CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{261B9352-820A-4CCA-B840-F0AE2061AE71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |

"{27028A6C-D2C6-479C-89A9-CA6922C466A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |

"{2817AA6F-6F85-4BE8-BD8B-E3B533CF8E49}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{28F8C773-1978-4918-A4AB-000F0C9A25D2}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{2A0C5D4E-AF69-4189-8E9C-E33E4FB5EC83}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{2C15230B-E103-4579-946D-4275E549B6C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{2E2D577C-F7BB-4943-B44B-40B9582EFCAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{2F981986-0B08-48FE-826D-358B30CF36B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2FD6963F-6C85-497B-B506-76CD71084A38}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{30941C05-8983-4B68-BE7D-39780A772700}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"{35BAEDE2-517B-4A37-BCF0-9746514F5B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |

"{3612C5B1-F970-42E8-BA89-C7AE4C2540D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{362F2FDF-0F9C-4F15-A2ED-043741692467}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |

"{3654F1D9-44FC-4A00-87A7-56BB2523AD96}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{3796B015-FC06-4470-A978-497538411AEE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{37BA126B-8B87-4FF3-8D2D-23365DADB5E2}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{3AC1FAAA-9310-47AB-9E4F-F3B16A91789F}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |

"{3C20A7AE-B615-4DE9-8499-8CCD587115EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{3E02779D-3041-4618-8F74-A3DBA5DC5514}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{3FC699A1-C37B-411B-91EF-FD9E6E1FB3D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{3FDF4361-6232-4325-9DF5-413BDB905437}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{4000A869-75A3-499F-B28E-BF63703D97BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{407CFF3F-0E22-485C-8BA3-B1B0025BC1AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{4222DFA5-7DA7-4E2A-A6B3-6A3F3A35DDC6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |

"{425C99B7-ACE7-4AA2-BA22-3A42D982144D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |

"{4264D043-3516-4FE1-B168-3611263CD9D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{447D350B-6E30-40B0-8D26-367E85EF6E97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{456AB36E-8C31-4561-8EF4-7034E4955E4E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{467932E1-6EF8-4AFC-B8AD-442B4331B672}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"{47A87AA7-217D-46C9-B2A3-05C8CF349225}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{47D2E5E2-A85A-4C40-8D75-8967FD24F393}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{4A83657A-9DD2-45F9-824C-63BF05EF7D97}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{4B4A326A-4184-4DD9-9020-AC13F253832F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{4C5C0E8A-C634-48CB-AECE-88717ECF218E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{4CFCD7E8-BA3B-4D36-8EB0-E50269734CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |

"{5007F3E1-2060-48ED-BB07-29FEC6BC05CB}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{51253277-A019-494A-8606-4CF3A8903A00}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |

"{54211E11-A053-4942-9826-05AEEDD6296E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{567E40FC-7C8C-4E75-8384-28299924E3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5BDE5558-3649-4C13-942F-4602FFB48D75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe |

"{5CCBA6A8-FDB6-480C-9280-8095CC633BCC}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{6002DFF0-355E-4F55-9FE0-E3F581E25A85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |

"{600D9673-5D71-4E15-B026-A6CC5F20F40F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |

"{6210823C-5CAB-4C33-9902-B20C5D559210}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{6407B39B-DC1A-4697-983F-9ACB45FFDDF2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{65488676-58D1-4682-9BD7-0152FFE4DB80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{68D4C3A6-84FC-48AD-BDAB-134AA5BD5185}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{69212E99-2B68-4027-85DC-080CD10C726C}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{6A35B954-CAF0-4FED-8515-DBF63C05EA29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |

"{6D02E8F7-B68E-472F-A725-336D8A52A58E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{6E12E74E-CF26-4389-9FDC-CBB2C3A7F6C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6F549217-A7DE-4478-983D-6A702FEBE32E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{71A8062D-F0E2-423D-B7B1-5AC49DA82575}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{74456BAA-FB60-4AF8-A1CA-0053692BC766}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{749D73BC-34C0-4168-9E49-F27EEDD262B7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{77168832-4036-47CB-8C20-84E8CC3A179E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{792B875E-9878-43C5-94EC-C3FD49E34BF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |

"{798F9E71-9EAD-43D6-9BC5-6448E5252A23}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steam.exe |

"{7A97164A-F6DE-48CF-8E43-CF053D77AEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7B2A6FFA-4CDE-44D7-8618-F49AF0E937CB}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"{7E90BD7D-0DE4-45E4-AF41-7FA6689B855D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{8430E235-A6AA-433F-9BC4-994FB5A8A591}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{844BA6E9-B1E2-418D-9F4A-A9B86B4A0DFC}" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"{85895AB1-0EDA-40A3-9856-CA643253FA32}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{85F435D1-F274-4724-A3DD-481697EAD579}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{86118848-F7C1-4080-993A-86C463B3BDBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |

"{89CD63EE-07AE-4A2F-AE6F-867E9906AEF9}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{8AA91295-2FAB-4323-A0D1-E047F8B3F5BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{8D34FFBD-BE20-4A04-BAE2-8C292E1B2EC1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{8D368669-2ECE-4991-A6BF-614FC1A74C44}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steam.exe |

"{8E3710FD-94E6-491A-8283-DFFB0C91CEB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{8E43032E-23F9-48C1-B141-99502B347EBA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{8E6A0C52-8CA3-48EF-A929-A327DE5C7B1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9135CD43-A4CA-47BD-BD73-F3C6580CAAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |

"{93D02334-A8C1-425D-AC3B-8237A0ECAE82}" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{94292D91-7DA3-4FDC-BBD8-662C148DB4EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{94B3188D-DC87-4381-9D6E-DDA7236887AC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{95C7EB0E-FFBD-41BE-98C3-10DE7D81FB45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{99515387-A7F5-401C-BB57-3B014979DD7D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{9AEAF9F7-EE0A-4920-9BD4-D2503D907A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{9B51C8D3-97E8-453E-AF78-C0F37246DBDA}" = dir=out | app=%systemroot%\syswow64\winflservice.exe |

"{A6B06FFF-DAC5-4C0D-9E00-63F42719DD18}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{A763870D-03C7-4F81-A14B-361AC80DF495}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A796CF65-C357-4D48-A810-F91F47A5F7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{A85A4971-A88C-4E3E-81A9-58B6F13A4478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A99D0A58-C882-4ECE-93D3-24539EEBBDB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{AABC709D-93CC-4F24-A169-40188A159324}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{AB4C0819-D195-4237-BE14-9084A4819CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{AD0380AB-6BE3-4C60-96F0-803B480046AC}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{ADBB7113-57D7-4A05-81D4-673B4D947E8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{ADF6E848-C6C8-4DFA-8E6D-653D99490780}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{AEB5EF1B-18AB-47C3-9D41-E4286BACD9D8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{B804A7C5-EE4C-48ED-9D53-F8681E8507FF}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{B9CED2AC-311F-4335-9B11-BEC03B02001B}" = dir=out | app=%systemroot%\syswow64\winflmsgservice.exe |

"{BC22F425-3B0A-414F-A7DD-1054E41A2DEB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{BC841860-9D4B-45D2-A91B-746CFBF07FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BCBEC383-62A9-48F8-BBD9-E6445F7E299D}" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\apps\2.0\620hohyo.wap\74rjzvnx.mtd\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\curseclient.exe |

"{C14B73B4-49A7-4ABB-80B8-5652234226F7}" = protocol=58 | dir=in | app=system |

"{C154E153-BEF5-4380-BAC8-0E1FBC0A9ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{C20A04BC-7E11-42EE-B312-8CB0E479B9C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{C2E33376-8A6F-4832-AB73-F00AB6E01F89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |

"{C2F764FF-63CF-45C4-BB5A-30565F395024}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C3C05766-1479-4ED6-A50E-0A471323A73F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C486C68C-E634-46AB-BEDB-B416C60F37FC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{C493119C-BD2C-496B-A12B-A3EB23267094}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe |

"{C4EEDBED-9F3B-4303-B1C1-D5B8135B0F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. beta\ruse.exe |

"{C5A594E1-618D-4A59-AB9C-CE2F915B90BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{C72B4CAB-76DD-41DB-9B2D-C50914B8B54D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{C7786C0C-0873-461D-AFFE-06FC681F4F21}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{C9291B2A-8A37-4BF5-A9AD-F8698B25AB70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |

"{CAF50383-54B1-4B41-B72E-55628CAE2AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |

"{D064FB3E-8157-4017-A44D-CFFB1D53DAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{D261DCBA-6DE4-40BD-87D8-E0FEE920CD31}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{D4CE6EB9-A584-4214-A3A2-B8BF00C68B22}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{D5F334FC-8ED6-4B67-AAEC-5FDD07085BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |

"{D6EF0D23-1F8A-485F-B1FF-A24962C92718}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |

"{D9BCF801-4B98-4E22-A531-43201C537DD4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{DA05962A-A244-47E2-B359-BB76B8CDAFB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world in conflict\wic.exe |

"{DACE10D7-351E-4FB0-A357-1B78A5647262}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{DD7DB2AF-BB60-49AA-ABEE-B91AF983E9E5}" = protocol=17 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2\arma2.exe |

"{DEA4F087-3088-4BFC-BF59-0411EAA6617D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{E0373812-D8E3-433B-8948-21C10B0407C6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{E1E205BF-EC7D-4ED9-90E8-BB2271464961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EA141209-8EFF-474E-B000-066F4D92D7F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{EA8331C2-AB81-410D-9194-C94983013130}" = dir=out | app=%systemroot%\syswow64\winfltray.exe |

"{EC04A8C4-D1BD-4B12-8408-08CDE8F4D603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{EC5D545F-29B4-40FC-AEE6-F495738F63B4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{EF69F213-5D58-4704-95BB-24B5682E19AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{EF9F6578-E3EC-4AF1-9966-BDF3D2174542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F2A9AC41-8823-47E3-9F5D-AB83C14863DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F3833E4F-C738-4B68-BD3A-93BBA2661857}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{F56039CC-1183-4286-A35F-01684C8070B9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{F57870A3-8F8B-4613-BE10-EC5BC31C81B3}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"{F68D02B8-625B-4652-966F-45C6CAA7D699}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F83C3D6A-36A7-4609-B6A3-E84D5B9EE326}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F8D3BEDC-5313-4D30-8023-E13FCCFB7041}" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\apps\2.0\620hohyo.wap\74rjzvnx.mtd\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\curseclient.exe |

"{F925D95E-7D88-4F48-9254-6E45C65986F5}" = protocol=6 | dir=out | app=system |

"{F9647595-1A13-4C85-8D80-582A687E2ABC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F99578C7-EF2E-4B90-BAA5-23FB56F48A5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{FBC1DEFB-217F-46F6-BFA1-60F56D5E21CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{FC095908-76CA-4441-8058-8216183B1EA5}" = protocol=6 | dir=in | app=c:\program files (x86)\newsteam\steamapps\common\arma 2\arma2.exe |

"{FE366548-E372-46A6-AFAA-DB532D8D210A}" = dir=out | app=%systemroot%\syswow64\winfltrayshred.exe |

"{FF6505FF-255B-4F63-8B68-84D70FBA6F58}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{FFAA0933-4C46-4F3E-BEDF-9F60EDDFEAC1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"TCP Query User{01BD2C2E-56DA-46E8-99CA-699C6A3AAF8C}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe |

"TCP Query User{07B0F7C0-617D-4E21-BF2D-A303222B98E9}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"TCP Query User{1011D357-C743-4BE7-B2EE-DBCB66D6C874}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{11C6BC33-172C-4B65-84A1-6CB8ADE7B23F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{2158F28F-2122-49DB-A990-A921CB794CFD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{21594557-C918-4B2C-8143-9213205A9473}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{2C06EDD3-C733-476B-A9A9-9F6A6A85E06F}C:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=6 | dir=in | app=c:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe |

"TCP Query User{3AFEA53A-53BC-4850-95C4-5F1BCC28FEBE}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{3D0EECAC-4126-4C5D-B5D8-D1465087E794}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{3F66B78E-36A8-4C8E-8D18-D29A9FC17A07}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"TCP Query User{4814C958-0525-4472-BFF5-DE8D31B59F99}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{5628C68A-4C81-4990-B79A-CA0CDFDBE610}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{59F516CC-B3EB-45D6-842D-9EB7C999A778}C:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe |

"TCP Query User{5D14B456-9833-4F09-A950-BBE9559991AC}C:\users\gabe\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{5EB65F59-119F-44B4-94AF-71908D217368}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"TCP Query User{67D5C9A4-0625-4FE9-81C9-A75F862C9287}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"TCP Query User{8A6FF8C9-0F4C-4A40-8FDE-1B3D9D18BB10}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"TCP Query User{A5F117E9-8907-4B60-9960-8D641C5F3951}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"TCP Query User{A9E7C889-F1D5-4985-9B9F-22E36F8B439C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{B03093A6-03FE-44BC-B497-7930B50C7888}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"TCP Query User{BA12181A-A869-4B1F-9863-8B783BDE114D}C:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe |

"TCP Query User{BC5EC2A8-7BB1-4F0F-B2C2-E524B2C4C7B1}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |

"TCP Query User{BD39D98E-6572-4BA8-B4FF-5B4B1EE039F3}C:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe |

"TCP Query User{C5E76E77-20AC-4EC8-B8D2-33BDF90DEB1C}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |

"TCP Query User{CD5ED0D8-1EFC-4CE2-A7FA-F247B9B65D6B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"TCP Query User{E129A982-AC50-4051-873F-1F91F0D7754B}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"TCP Query User{E6ACD6CC-18C8-4BA5-B713-C2C1E456F031}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"TCP Query User{EA9A3966-F195-4746-B028-202683B761C2}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"TCP Query User{ED305143-DADD-4F44-B133-05492777E93F}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe |

"TCP Query User{FC2BCB84-991F-48D0-9C23-5742FDBC544C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"TCP Query User{FF250840-FA96-4327-B37F-852E16350088}C:\users\gabe\desktop\gaming\cataclysm\launcher.exe" = protocol=6 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"UDP Query User{003B434D-4200-4144-8958-F6630D747A98}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"UDP Query User{025F146F-EFAD-40DE-9D69-EB827F4DF941}C:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\backgrounddownloader.exe |

"UDP Query User{03A805D7-DD6E-45CE-AFD3-83776ABB0FC5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{0CA0BE7B-7DE3-4A0F-ABC8-A059B30BB453}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"UDP Query User{14ED6303-667A-4BF3-96A4-02F031698D84}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"UDP Query User{1CAA8084-3C08-4F16-BD10-36972350F4D9}C:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.patch.exe |

"UDP Query User{1DA45922-6FB6-40F2-A463-A94E384E8571}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"UDP Query User{202D8FC6-B9A4-4E09-A245-9FACF4429BDA}C:\udk\udk-2011-10\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win64\udk.exe |

"UDP Query User{2A2675F1-DC80-4EC7-8F9F-11BFA9331C7D}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"UDP Query User{2BCB18B8-DC0A-4A37-BC35-2E862CED28B0}C:\users\gabe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\akamai\netsession_win.exe |

"UDP Query User{3E1A67A0-8117-4C2E-9345-E94EFE57FF1F}C:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\program files\teamspeak 3 client\teamspeak3-server_win64\ts3server_win64.exe |

"UDP Query User{44C93AB9-E22C-4425-8E85-7FFDDA224DD2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{4AC8EB03-8876-4022-A8D7-D5932D276838}C:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe" = protocol=17 | dir=in | app=c:\users\gabe\documents\downloads\star trek downloader st.0.20100108a.0.exe |

"UDP Query User{66087288-85E8-4CEB-8129-FDD8AB0BCD0A}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"UDP Query User{69F64547-B1C5-4804-BC7F-F8E6F3AAB7A0}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{6BEB3D0E-E3A0-42DD-8DBC-AF91622D6512}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |

"UDP Query User{772C1125-DB6A-4B24-A930-DAC8A217CCA3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{7BB284D8-9ED4-4079-B869-ADA604046FAF}C:\users\gabe\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\gabe\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{89DFB941-7711-4378-B89D-F8F4C90EF0C9}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"UDP Query User{A008CC2D-005E-4381-9C14-336DCB0EB565}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{AB9D87BA-BB49-4D8D-9E47-843920395630}C:\users\gabe\desktop\gaming\cataclysm\launcher.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\launcher.exe |

"UDP Query User{B539D029-E071-42C4-B4BE-A038DABC4429}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{B5446DB0-5D06-43E2-9F5D-0BB6EECF8176}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |

"UDP Query User{B8A9F289-01BC-4928-A0E0-68AD4139024C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{BCFB21FC-8AB5-44A4-9B06-9C33F6898AD1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{C5F9E4E9-2881-4923-B371-9D3795330FA4}C:\udk\udk-2011-10\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-10\binaries\win32\udk.exe |

"UDP Query User{D579376E-4039-4604-9D7B-8A12BEB1F921}C:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\gabe\desktop\gaming\cataclysm\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"UDP Query User{E2A10C4F-7DF2-4E51-8565-FB0AF2105E90}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |

"UDP Query User{E753F8A1-3D48-4B6B-8C43-E2CAA1D56C39}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"UDP Query User{F95A1733-4FE3-4979-AF6A-5DCA2576F49B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit)

"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel® Network Connections 16.7.166.0

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"CCleaner" = CCleaner

"lvdrivers_12.10" = Logitech Webcam Software Driver Package

"Microsoft Security Client" = Microsoft Security Essentials

"PROSetDX" = Intel® Network Connections 16.7.166.0

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"UDK-ffdd5697-b106-4728-8506-cb5096730e1e" = Unreal Development Kit: 2011-10

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05891AC5-DC7A-4B6D-B144-FE0DB96B180A}" = DriverUpdate

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer

"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool

"{15C49338-59E5-472E-94F7-D5AE15EE23C9}" = XSplit

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 35

"{28507DEF-A8E9-4615-81C9-CBEEDD7623B5}" = GMI

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63B07463-2E1B-4B7F-AF79-4D4D3E98F03B}" = Sound Blaster X-Fi MB

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8543A572-5993-4101-BACC-C83884E183A4}" = One Touch Video Capture

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}" = TouchCopy 11

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8378408-72C8-4223-BE7E-9B461AEDF6B1}" = S4 League_EU

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser

"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4D34EBA-83D6-49E3-A6D6-6889C4A639A3}" = DayZ Commander

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Akamai" = Akamai NetSession Interface Service

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)

"AudibleDownloadManager" = Audible Download Manager

"Battlelog Web Plugins" = Battlelog Web Plugins

"BattlEye for A2" = BattlEye Uninstall

"BattlEye for OA" = BattlEye for OA Uninstall

"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4

"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cities XL 2011" = Cities XL 2011

"DivX Setup" = DivX Setup

"DynUpdater" = Dyn Updater

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ESN Sonar-0.70.0" = ESN Sonar

"ESN Sonar-0.70.4" = ESN Sonar

"Folder Lock" = Folder Lock

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"GOM Player" = GOM Player

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HyperCam 3" = HyperCam 3

"Identity Card" = Identity Card

"Impulse" = Impulse

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup

"JPG to PDF Converter" = JPG to PDF Converter 1.0

"KeePass Password Safe_is1" = KeePass Password Safe 1.18

"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"Picasa 3" = Picasa 3

"PunkBusterSvc" = PunkBuster Services

"RaidCall" = Raidcall

"SpywareBlaster_is1" = SpywareBlaster 4.5

"StarCraft II" = StarCraft II

"Steam App 33900" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"TeamViewer 7" = TeamViewer 7

"Wakfu" = Wakfu

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

"World of Warcraft Beta" = World of Warcraft Beta

"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"101a9f93b8f0bb6f" = Curse Client

"Akamai" = Akamai NetSession Interface

"Amazon Kindle For PC" = Amazon Kindle For PC v1.1

"Google Chrome" = Google Chrome

"Move Media Player" = Move Media Player

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/11/2011 9:14:23 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 276216

Error - 10/11/2011 9:14:23 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 276216

Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 277214

Error - 10/11/2011 9:14:24 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 277214

Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 278213

Error - 10/11/2011 9:14:25 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 278213

Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 279211

Error - 10/11/2011 9:14:26 AM | Computer Name = Gabe-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 279211

[ Media Center Events ]

Error - 5/19/2012 11:36:47 AM | Computer Name = Austin | Source = MCUpdate | ID = 0

Description = 8:36:45 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status