Jump to content

Windows 7 zero access rootkit


Recommended Posts

First off I have a triple team going on my system right now. I have the Fbi scam virus keeping me from doing anything. I can only keep the computer UN stuck by booting in safe mode with command window. I also have the internet security virus waiting  and a suspected zero access rootkit as told by the rkill program.  I need some help fixing this thing.

Link to post
Share on other sites

Hello Hellsing and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please start off by doing the following:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Austin (administrator) on 03-07-2013 00:40:20
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [52480 2009-04-24] (Alienware Corporation)
HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)
HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait [42496 2012-01-30] (Contributors)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [75825640 2013-06-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [742264 2012-03-30] (BitTorrent, Inc.)
HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [x]
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] ()
HKCU\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  [67456 2011-11-07] (Uniblue Systems Limited)
HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTION
HKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTION
HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION
HKCU\...\Run: [Akamai NetSession Interface]  [x]
HKCU\...\Run: [svidete] rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup [x]
HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION
HKCU\...\Winlogon: [shell] C:\Users\Austin\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {1c1a6c67-9403-11de-b5da-0025643a50d8} - E:\LaunchU3.exe -a
MountPoints2: {b6401647-eabf-11de-ae7c-806e6f6e6963} - D:\DVDROM\MediaManager\MediaManagerII.exe
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" [75048 2009-05-01] (cyberlink)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-01-22] (Symantec Corporation)
HKLM-x32\...\Run: [FAStartup]  [x]
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-03-05] (Sensible Vision )
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM-x32\...\Run: [OSD] c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2007-12-14] ()
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [backupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x]
HKLM-x32\...\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" [492912 2008-06-30] (Symantec Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-08] (Anvisoft)
HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTION
AppInit_DLLs-x32:   [0 ] ()
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk
ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/xbox-360
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} -  No File
URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://www.support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6089/mcfscan.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default

FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: AOL Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF Extension: AOL Messaging Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF Extension: uriloader - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\uriloader@pdf.js.xpi
FF Extension: wdfopjxrea - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\wdfopjxrea@wdfopjxrea.org.xpi
FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.60</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.5.0.0</em:minVersion>
        <em:maxVersion>3.5.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL>
   


    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: <?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">

  <Description about="urn:mozilla:install-manifest">
    <em:id>{3112ca9c-de6d-4884-a869-9855de68056c}</em:id>
    <em:version>3.1.20081127W</em:version>
   
    <!-- For Up-To-Date Documentation of this Format Please See:
         http://www.mozilla.org/projects/firefox/extensions/packaging/extensions.html
         -->
    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>2.0</em:minVersion>
        <em:maxVersion>3.*</em:maxVersion>
      </Description>
    </em:targetApplication>
   
    <em:targetPlatform>WINNT</em:targetPlatform>
    <em:name>Google Toolbar for Firefox</em:name>
    <em:description>Take the power of Google with you anywhere on the Web!</em:description>
    <em:creator>Google Inc.</em:creator>
    <em:homepageURL>http://www.google.com/</em:homepageURL>
    <em:updateURL><![CDATA[https://tools.google.com/firefox/update?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%&dist=google]]></em:updateURL>


    <em:file>
      <Description about="urn:mozilla:extension:file:google-toolbar.jar">
        <em:package>content/</em:package>
        <em:locale>locale/en-US/</em:locale>
        <em:locale>locale/da-DK/</em:locale>
        <em:locale>locale/de-DE/</em:locale>
        <em:locale>locale/es-AR/</em:locale>
        <em:locale>locale/es-ES/</em:locale>
        <em:locale>locale/fi-FI/</em:locale>
        <em:locale>locale/fr-FR/</em:locale>
        <em:locale>locale/it-IT/</em:locale>
        <em:locale>locale/ja-JP/</em:locale>
        <em:locale>locale/ja-JPM/</em:locale>
        <em:locale>locale/ko-KR/</em:locale>
        <em:locale>locale/nb-NO/</em:locale>
        <em:locale>locale/nl-NL/</em:locale>
        <em:locale>locale/pt-BR/</em:locale>
        <em:locale>locale/ru-RU/</em:locale>
        <em:locale>locale/sv-SE/</em:locale>
        <em:locale>locale/zh-CN/</em:locale>
        <em:locale>locale/zh-TW/</em:locale>
        <em:skin>skin/</em:skin>
      </Description>
    </em:file>
  </Description>
</RDF>

 - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.60</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.5.0.0</em:minVersion>
        <em:maxVersion>3.5.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL>
   


    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{C0B62AAB-8E55-4B42-8670-E066358BE912}] C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\
FF Extension: <?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:name>XULRunner</em:name>
    <em:id>{C0B62AAB-8E55-4B42-8670-E066358BE912}</em:id>
    <em:version>1.9.1</em:version>
    <em:creator>Mozilla Corp.</em:creator>
    <em:description>XULRunner is a Mozilla runtime package</em:description>
    <em:type>2</em:type>
    <em:hidden>true</em:hidden>
    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>1.5</em:minVersion>
        <em:maxVersion>3.*.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>
  </Description>     
</RDF> - C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-08] (Anvisoft)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)
S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()
S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2360584 2009-03-05] (Sensible Vision )
S2 gupdate1ca70abb4bf12a0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-11-29] (Google Inc.)
S3 HcwDevCentralService; C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [401232 2013-02-07] (Hauppauge Computer Works, Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-07-25] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-22] ()
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3081544 2009-01-22] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [388424 2009-01-22] (Symantec Corporation)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe [268288 2009-03-19] (IDT, Inc.)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-01-22] (Symantec Corporation)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

==================== Drivers (Whitelisted) ====================

S4 ahcix64; C:\Windows\system32\drivers\ahcix64.sys [146944 2008-07-29] (ATI Technologies Inc.)
S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft)
S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()
S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()
R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.)
R0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [8704 2006-02-07] (JMicron )
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S4 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [163736 2007-06-15] (Marvell Semiconductor, Inc.)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
S3 OA007Vid; C:\Windows\System32\DRIVERS\OA007Vid.sys [310208 2008-12-27] (Creative Technology Ltd.)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)
S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2009-07-28] (Symantec Corporation)
S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)
S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]
S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST
2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp
2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp
2013-07-02 10:17 - 2013-07-02 10:18 - 00001448 ____A C:\AdwCleaner[s4].txt
2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt
2013-07-02 00:35 - 2013-07-02 00:36 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt
2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp
2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt
2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt
2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-06-30 18:02 - 2012-11-07 03:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2013-06-30 18:02 - 2012-11-07 03:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2013-06-30 18:02 - 2012-11-07 03:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys
2013-06-30 17:55 - 2013-06-30 17:57 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini
2013-06-30 17:25 - 2013-06-30 17:26 - 00023306 ____A C:\AdwCleaner[s1].txt
2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt
2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe
2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt
2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe
2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe
2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill
2013-06-30 17:16 - 2013-07-02 11:33 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt
2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe
2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-30 12:31 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys
2013-06-30 12:30 - 2013-06-30 12:31 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan
2013-06-30 11:51 - 2013-07-03 00:00 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job
2013-06-30 11:51 - 2013-06-30 17:23 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad
2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-23 01:35 - 2013-06-23 13:48 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3
2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url
2013-06-16 03:02 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 03:02 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 03:02 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 03:02 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 03:02 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 03:02 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 03:02 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 03:02 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 03:03 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 03:03 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:03 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:03 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:03 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:03 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 10:04 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 10:04 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 10:04 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 10:02 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 10:02 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 10:01 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 10:01 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:59 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:59 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:59 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:59 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:59 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:59 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:59 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:59 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:59 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:59 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:58 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:58 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url
2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url
2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-05 09:43 - 2013-06-05 09:50 - 00008121 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST
2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp
2013-07-03 00:04 - 2011-04-21 10:07 - 00000000 ____D C:\Windows\Minidump
2013-07-03 00:04 - 2009-12-12 04:29 - 714636151 ____A C:\Windows\MEMORY.DMP
2013-07-03 00:01 - 2010-07-23 21:24 - 00000000 ____D C:\Users\Austin\AppData\Local\PMB Files
2013-07-03 00:01 - 2010-05-07 10:46 - 00000000 ____D C:\Users\Austin\AppData\Roaming\uTorrent
2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job
2013-07-03 00:00 - 2013-03-22 00:34 - 00000000 ____D C:\ProgramData\LogMeIn
2013-07-02 23:57 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 23:55 - 2011-09-05 23:37 - 00000000 ____D C:\Users\Austin\AppData\Local\LogMeIn Hamachi
2013-07-02 23:54 - 2012-02-05 14:55 - 00000000 ____D C:\Users\Austin\.jedit
2013-07-02 23:54 - 2009-07-23 12:36 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-02 23:52 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-07-02 23:52 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job
2013-07-02 23:52 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 23:51 - 2009-07-14 00:51 - 01930249 ____A C:\Windows\setupact.log
2013-07-02 23:50 - 2009-07-10 19:58 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 23:45 - 2009-12-17 00:29 - 00391708 ____A C:\Windows\PFRO.log
2013-07-02 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-02 18:25 - 2013-05-23 14:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-02 18:25 - 2011-12-22 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 18:25 - 2010-07-23 21:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-07-02 14:42 - 2009-12-16 23:57 - 00000000 ____D C:\users\Austin
2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp
2013-07-02 11:35 - 2012-07-10 12:03 - 00007594 ____A C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
2013-07-02 11:33 - 2013-06-30 17:16 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt
2013-07-02 11:06 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 10:18 - 2013-07-02 10:17 - 00001448 ____A C:\AdwCleaner[s4].txt
2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt
2013-07-02 00:36 - 2013-07-02 00:35 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt
2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 07:15 - 2009-12-17 00:41 - 01886483 ____A C:\Windows\WindowsUpdate.log
2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp
2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt
2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt
2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-06-30 17:57 - 2013-06-30 17:55 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini
2013-06-30 17:26 - 2013-06-30 17:25 - 00023306 ____A C:\AdwCleaner[s1].txt
2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt
2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe
2013-06-30 17:23 - 2013-06-30 11:51 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk
2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt
2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe
2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe
2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill
2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe
2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad
2013-06-29 11:30 - 2010-05-07 11:05 - 00000404 ___AH C:\Windows\Tasks\Norton Security Scan for Austin.job
2013-06-29 01:11 - 2010-12-21 20:24 - 00000000 ____D C:\Users\Austin\AppData\Roaming\vlc
2013-06-27 02:20 - 2010-09-05 11:09 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-06-23 13:51 - 2009-07-23 12:51 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Adobe
2013-06-23 13:48 - 2013-06-23 01:35 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3
2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-23 13:33 - 2009-07-10 20:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-23 13:32 - 2009-07-30 19:07 - 00000000 ____D C:\Users\Austin\AppData\Local\Adobe
2013-06-23 13:31 - 2009-07-10 20:45 - 00000000 ____D C:\ProgramData\Adobe
2013-06-23 01:35 - 2012-03-06 14:24 - 00000000 ____D C:\Users\Austin\AppData\Local\Amazon
2013-06-18 12:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-06-16 23:24 - 2009-07-10 20:47 - 00531797 ____A C:\Windows\DirectX.log
2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url
2013-06-13 03:14 - 2009-07-30 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 03:06 - 2010-08-05 12:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 23:17 - 2012-05-09 17:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 23:17 - 2012-01-20 13:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url
2013-06-08 10:54 - 2013-03-22 00:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2013-06-08 10:53 - 2013-03-22 00:35 - 00107368 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2013-06-08 10:53 - 2013-03-22 00:35 - 00035656 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2013-06-08 10:53 - 2013-03-22 00:34 - 00100680 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2013-06-08 10:08 - 2013-06-16 03:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-16 03:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-16 03:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-16 03:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-16 03:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-16 03:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 03:35 - 2012-05-21 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-06 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url
2013-06-05 09:50 - 2013-06-05 09:43 - 00008121 ____A C:\Windows\IE10_main.log
2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0

ZeroAccess:
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U

Files to move or delete:
====================
C:\Users\Austin\AppData\Roaming\skype.ini
C:\ProgramData\hash.dat
C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-23 14:31

==================== End Of Log ============================

Link to post
Share on other sites

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U
C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0
C:\Users\Austin\AppData\Roaming\skype.ini
C:\ProgramData\hash.dat
C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job
S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]
S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]
HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTION
HKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTION
HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION
HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION
HKCU\...\Winlogon: [shell] C:\Users\Austin\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n. ATTENTION! ====> ZeroAccess?
HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013
Ran by Austin at 2013-07-03 00:52:58 Run:1
Running from G:\
Boot Mode: Safe Mode (minimal)
==============================================

C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => Moved successfully.
 X6va001 => Service not found.
 X6va005 => Service not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Temp => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Fraps3 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Adobe CSS5.1 Manager => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Adobe CSS5.1 Manager => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKU\ UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.

==== End of Fixlog ====

 

I am not able to boot into normal mode, it gets to the starting windows stage, finishes like its going to start then goes to an all  black screen and remains like that.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Austin (administrator) on 03-07-2013 01:23:57
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [52480 2009-04-24] (Alienware Corporation)
HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)
HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait [42496 2012-01-30] (Contributors)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [75825640 2013-06-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [742264 2012-03-30] (BitTorrent, Inc.)
HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [x]
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] ()
HKCU\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  [67456 2011-11-07] (Uniblue Systems Limited)
HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTION
HKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTION
HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION
HKCU\...\Run: [Akamai NetSession Interface]  [x]
HKCU\...\Run: [svidete] rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup [x]
HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION
MountPoints2: {1c1a6c67-9403-11de-b5da-0025643a50d8} - E:\LaunchU3.exe -a
MountPoints2: {b6401647-eabf-11de-ae7c-806e6f6e6963} - D:\DVDROM\MediaManager\MediaManagerII.exe
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" [75048 2009-05-01] (cyberlink)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-01-22] (Symantec Corporation)
HKLM-x32\...\Run: [FAStartup]  [x]
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-03-05] (Sensible Vision )
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM-x32\...\Run: [OSD] c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2007-12-14] ()
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [backupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x]
HKLM-x32\...\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" [492912 2008-06-30] (Symantec Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-08] (Anvisoft)
HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTION
AppInit_DLLs-x32:   [0 ] ()
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk
ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/xbox-360
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} -  No File
URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://www.support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6089/mcfscan.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default

FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: AOL Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF Extension: AOL Messaging Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF Extension: uriloader - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\uriloader@pdf.js.xpi
FF Extension: wdfopjxrea - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\wdfopjxrea@wdfopjxrea.org.xpi
FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.60</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.5.0.0</em:minVersion>
        <em:maxVersion>3.5.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL>
   


    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: <?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">

  <Description about="urn:mozilla:install-manifest">
    <em:id>{3112ca9c-de6d-4884-a869-9855de68056c}</em:id>
    <em:version>3.1.20081127W</em:version>
   
    <!-- For Up-To-Date Documentation of this Format Please See:
         http://www.mozilla.org/projects/firefox/extensions/packaging/extensions.html
         -->
    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>2.0</em:minVersion>
        <em:maxVersion>3.*</em:maxVersion>
      </Description>
    </em:targetApplication>
   
    <em:targetPlatform>WINNT</em:targetPlatform>
    <em:name>Google Toolbar for Firefox</em:name>
    <em:description>Take the power of Google with you anywhere on the Web!</em:description>
    <em:creator>Google Inc.</em:creator>
    <em:homepageURL>http://www.google.com/</em:homepageURL>
    <em:updateURL><![CDATA[https://tools.google.com/firefox/update?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%&dist=google]]></em:updateURL>


    <em:file>
      <Description about="urn:mozilla:extension:file:google-toolbar.jar">
        <em:package>content/</em:package>
        <em:locale>locale/en-US/</em:locale>
        <em:locale>locale/da-DK/</em:locale>
        <em:locale>locale/de-DE/</em:locale>
        <em:locale>locale/es-AR/</em:locale>
        <em:locale>locale/es-ES/</em:locale>
        <em:locale>locale/fi-FI/</em:locale>
        <em:locale>locale/fr-FR/</em:locale>
        <em:locale>locale/it-IT/</em:locale>
        <em:locale>locale/ja-JP/</em:locale>
        <em:locale>locale/ja-JPM/</em:locale>
        <em:locale>locale/ko-KR/</em:locale>
        <em:locale>locale/nb-NO/</em:locale>
        <em:locale>locale/nl-NL/</em:locale>
        <em:locale>locale/pt-BR/</em:locale>
        <em:locale>locale/ru-RU/</em:locale>
        <em:locale>locale/sv-SE/</em:locale>
        <em:locale>locale/zh-CN/</em:locale>
        <em:locale>locale/zh-TW/</em:locale>
        <em:skin>skin/</em:skin>
      </Description>
    </em:file>
  </Description>
</RDF>

 - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.60</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.5.0.0</em:minVersion>
        <em:maxVersion>3.5.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL>
   


    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{C0B62AAB-8E55-4B42-8670-E066358BE912}] C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\
FF Extension: <?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:name>XULRunner</em:name>
    <em:id>{C0B62AAB-8E55-4B42-8670-E066358BE912}</em:id>
    <em:version>1.9.1</em:version>
    <em:creator>Mozilla Corp.</em:creator>
    <em:description>XULRunner is a Mozilla runtime package</em:description>
    <em:type>2</em:type>
    <em:hidden>true</em:hidden>
    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>1.5</em:minVersion>
        <em:maxVersion>3.*.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>
  </Description>     
</RDF> - C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-08] (Anvisoft)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)
S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()
S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2360584 2009-03-05] (Sensible Vision )
S2 gupdate1ca70abb4bf12a0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-11-29] (Google Inc.)
S3 HcwDevCentralService; C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [401232 2013-02-07] (Hauppauge Computer Works, Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-07-25] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-22] ()
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3081544 2009-01-22] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [388424 2009-01-22] (Symantec Corporation)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe [268288 2009-03-19] (IDT, Inc.)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-01-22] (Symantec Corporation)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

==================== Drivers (Whitelisted) ====================

S4 ahcix64; C:\Windows\system32\drivers\ahcix64.sys [146944 2008-07-29] (ATI Technologies Inc.)
S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft)
S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()
S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()
R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.)
R0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [8704 2006-02-07] (JMicron )
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S4 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [163736 2007-06-15] (Marvell Semiconductor, Inc.)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
S3 OA007Vid; C:\Windows\System32\DRIVERS\OA007Vid.sys [310208 2008-12-27] (Creative Technology Ltd.)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)
S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2009-07-28] (Symantec Corporation)
S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)
S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]
S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-03 01:22 - 2013-07-03 01:22 - 00282680 ____A C:\Windows\Minidump\070313-28828-01.dmp
2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST
2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp
2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp
2013-07-02 10:17 - 2013-07-02 10:18 - 00001448 ____A C:\AdwCleaner[s4].txt
2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt
2013-07-02 00:35 - 2013-07-02 00:36 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt
2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp
2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt
2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt
2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-06-30 18:02 - 2012-11-07 03:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2013-06-30 18:02 - 2012-11-07 03:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2013-06-30 18:02 - 2012-11-07 03:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys
2013-06-30 17:55 - 2013-06-30 17:57 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini
2013-06-30 17:25 - 2013-06-30 17:26 - 00023306 ____A C:\AdwCleaner[s1].txt
2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt
2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe
2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt
2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe
2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe
2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill
2013-06-30 17:16 - 2013-07-02 11:33 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt
2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe
2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-30 12:31 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys
2013-06-30 12:30 - 2013-06-30 12:31 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan
2013-06-30 11:51 - 2013-07-03 00:00 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job
2013-06-30 11:51 - 2013-06-30 17:23 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad
2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-23 01:35 - 2013-06-23 13:48 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3
2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url
2013-06-16 03:02 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 03:02 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 03:02 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 03:02 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 03:02 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 03:02 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 03:02 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 03:02 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 03:02 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 03:03 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 03:03 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 03:03 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:03 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:03 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:03 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:03 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:03 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 10:04 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 10:04 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 10:04 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 10:02 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 10:02 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 10:01 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 10:01 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:59 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:59 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:59 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:59 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:59 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:59 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:59 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:59 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:59 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:59 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:58 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:58 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url
2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url
2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-05 09:43 - 2013-06-05 09:50 - 00008121 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-03 01:22 - 2013-07-03 01:22 - 00282680 ____A C:\Windows\Minidump\070313-28828-01.dmp
2013-07-03 01:22 - 2011-04-21 10:07 - 00000000 ____D C:\Windows\Minidump
2013-07-03 01:22 - 2009-12-12 04:29 - 599587703 ____A C:\Windows\MEMORY.DMP
2013-07-03 01:17 - 2011-09-05 23:37 - 00000000 ____D C:\Users\Austin\AppData\Local\LogMeIn Hamachi
2013-07-03 01:16 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 01:15 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-07-03 01:15 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job
2013-07-03 01:15 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 01:14 - 2009-07-14 00:51 - 01935559 ____A C:\Windows\setupact.log
2013-07-03 01:14 - 2009-07-10 19:58 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-03 00:53 - 2009-07-14 01:13 - 00797670 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST
2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp
2013-07-03 00:01 - 2010-07-23 21:24 - 00000000 ____D C:\Users\Austin\AppData\Local\PMB Files
2013-07-03 00:01 - 2010-05-07 10:46 - 00000000 ____D C:\Users\Austin\AppData\Roaming\uTorrent
2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job
2013-07-03 00:00 - 2013-03-22 00:34 - 00000000 ____D C:\ProgramData\LogMeIn
2013-07-03 00:00 - 2009-12-17 00:41 - 01892612 ____A C:\Windows\WindowsUpdate.log
2013-07-02 23:54 - 2012-02-05 14:55 - 00000000 ____D C:\Users\Austin\.jedit
2013-07-02 23:54 - 2009-07-23 12:36 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-02 23:45 - 2009-12-17 00:29 - 00391708 ____A C:\Windows\PFRO.log
2013-07-02 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-02 18:25 - 2013-05-23 14:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-02 18:25 - 2011-12-22 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 18:25 - 2010-07-23 21:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-07-02 14:42 - 2009-12-16 23:57 - 00000000 ____D C:\users\Austin
2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp
2013-07-02 11:35 - 2012-07-10 12:03 - 00007594 ____A C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
2013-07-02 11:33 - 2013-06-30 17:16 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt
2013-07-02 11:06 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 10:18 - 2013-07-02 10:17 - 00001448 ____A C:\AdwCleaner[s4].txt
2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt
2013-07-02 00:36 - 2013-07-02 00:35 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt
2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp
2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt
2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt
2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft
2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-06-30 17:57 - 2013-06-30 17:55 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini
2013-06-30 17:26 - 2013-06-30 17:25 - 00023306 ____A C:\AdwCleaner[s1].txt
2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt
2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe
2013-06-30 17:23 - 2013-06-30 11:51 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk
2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt
2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe
2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe
2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill
2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe
2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr
2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad
2013-06-29 11:30 - 2010-05-07 11:05 - 00000404 ___AH C:\Windows\Tasks\Norton Security Scan for Austin.job
2013-06-29 01:11 - 2010-12-21 20:24 - 00000000 ____D C:\Users\Austin\AppData\Roaming\vlc
2013-06-27 02:20 - 2010-09-05 11:09 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-06-23 13:51 - 2009-07-23 12:51 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Adobe
2013-06-23 13:48 - 2013-06-23 01:35 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps3
2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-23 13:33 - 2009-07-10 20:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-23 13:32 - 2009-07-30 19:07 - 00000000 ____D C:\Users\Austin\AppData\Local\Adobe
2013-06-23 13:31 - 2009-07-10 20:45 - 00000000 ____D C:\ProgramData\Adobe
2013-06-23 01:35 - 2012-03-06 14:24 - 00000000 ____D C:\Users\Austin\AppData\Local\Amazon
2013-06-18 12:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-06-16 23:24 - 2009-07-10 20:47 - 00531797 ____A C:\Windows\DirectX.log
2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url
2013-06-13 03:14 - 2009-07-30 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 03:06 - 2010-08-05 12:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 23:17 - 2012-05-09 17:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 23:17 - 2012-01-20 13:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url
2013-06-08 10:54 - 2013-03-22 00:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2013-06-08 10:53 - 2013-03-22 00:35 - 00107368 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2013-06-08 10:53 - 2013-03-22 00:35 - 00035656 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2013-06-08 10:53 - 2013-03-22 00:34 - 00100680 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2013-06-08 10:08 - 2013-06-16 03:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-16 03:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-16 03:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-16 03:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-16 03:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-16 03:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-16 03:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:13 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 03:35 - 2012-05-21 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-06 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url
2013-06-05 09:50 - 2013-06-05 09:43 - 00008121 ____A C:\Windows\IE10_main.log
2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0

Files to move or delete:
====================
C:\Users\Austin\AppData\Roaming\skype.ini
C:\ProgramData\hash.dat
C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-23 14:31

==================== End Of Log ============================

Link to post
Share on other sites

Let's try a slightly different fixlist.

 

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U
C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0
C:\Users\Austin\AppData\Roaming\skype.ini
C:\ProgramData\hash.dat
C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job
S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]
S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]
HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTION
HKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTION

HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION
HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTION

HKCU\...\Winlogon: [shell] C:\Users\Austin\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n. ATTENTION! ====> ZeroAccess?
HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTION

2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job
2013-07-03 01:16 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 01:15 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-07-03 01:15 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job
2013-07-03 01:15 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
HKLM-x32\...\Run: []  [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File)

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

 

It's around 1AM here so I'll call it a night. I will check back here in the morning.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013
Ran by Austin at 2013-07-03 01:51:24 Run:2
Running from G:\
Boot Mode: Safe Mode (minimal)
==============================================

C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => File/Directory not found.
 X6va001 => Service not found.
 X6va005 => Service not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Temp => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Fraps3 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Adobe CSS5.1 Manager => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.
HKU\ UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\  => Value not found.
 C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe not found.

==== End of Fixlog ====

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013
Ran by Austin at 2013-07-03 11:59:10 Run:3
Running from G:\
Boot Mode: Safe Mode (minimal)
==============================================

C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => File/Directory not found.
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@ => File/Directory not found.
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L => File/Directory not found.
C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0 => Moved successfully.
C:\Users\Austin\AppData\Roaming\skype.ini => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => Moved successfully.
X6va001 => Service deleted successfully.
X6va005 => Service deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Temp => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Fraps3 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.
HKU\UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => File/Directory not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => Moved successfully.
C:\Windows\Tasks\RegistryBooster.job => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => File/Directory not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => File/Directory not found.
C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => File/Directory not found.
C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => File/Directory not found.
C:\Windows\Tasks\RegistryBooster.job => File/Directory not found.
C:\Windows\Tasks\SA.DAT => File/Directory not found.
C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk => Moved successfully.
C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe not found.

==== End of Fixlog ====

Link to post
Share on other sites

Let's start getting rid of the rest of it.
 
Save the following to a flash drive, and I'll need you to run them from within Safe Mode:
 
1. TDSS Rootkit Removing Tool (TDSSKiller.exe)
2. Malwarebytes Anti-Rootkit from HERE
3. ComboFix from HERE
4. Security Check by screen317 from here or here.
 


----------Step 1----------------
Please locate (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please locate where you saved Malwareytes Anti-Rootkit

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please locate ComboFix.exe.

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please locate Security Check...

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites

12:38:41.0010 0568  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
12:38:41.0384 0568  ============================================================
12:38:41.0384 0568  Current date / time: 2013/07/03 12:38:41.0384
12:38:41.0384 0568  SystemInfo:
12:38:41.0384 0568 
12:38:41.0384 0568  OS Version: 6.1.7601 ServicePack: 1.0
12:38:41.0384 0568  Product type: Workstation
12:38:41.0384 0568  ComputerName: AUSTIN-PC
12:38:41.0384 0568  UserName: Austin
12:38:41.0384 0568  Windows directory: C:\Windows
12:38:41.0384 0568  System windows directory: C:\Windows
12:38:41.0384 0568  Running under WOW64
12:38:41.0384 0568  Processor architecture: Intel x64
12:38:41.0384 0568  Number of processors: 2
12:38:41.0384 0568  Page size: 0x1000
12:38:41.0384 0568  Boot type: Safe boot
12:38:41.0384 0568  ============================================================
12:38:42.0320 0568  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:38:42.0320 0568  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115800 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:38:50.0198 0568  Drive \Device\Harddisk2\DR3 - Size: 0xEF1A8000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:38:50.0198 0568  ============================================================
12:38:50.0198 0568  \Device\Harddisk0\DR0:
12:38:50.0198 0568  MBR partitions:
12:38:50.0198 0568  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37FEF800
12:38:50.0198 0568  \Device\Harddisk1\DR1:
12:38:50.0198 0568  MBR partitions:
12:38:50.0198 0568  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
12:38:50.0198 0568  \Device\Harddisk2\DR3:
12:38:50.0198 0568  MBR partitions:
12:38:50.0198 0568  \Device\Harddisk2\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x776DC0
12:38:50.0198 0568  ============================================================
12:38:50.0261 0568  C: <-> \Device\Harddisk0\DR0\Partition1
12:38:50.0292 0568  E: <-> \Device\Harddisk1\DR1\Partition1
12:38:50.0292 0568  ============================================================
12:38:50.0292 0568  Initialize success
12:38:50.0292 0568  ============================================================
12:38:53.0006 1008  ============================================================
12:38:53.0006 1008  Scan started
12:38:53.0006 1008  Mode: Manual;
12:38:53.0006 1008  ============================================================
12:38:53.0053 1008  ================ Scan system memory ========================
12:38:53.0053 1008  System memory - ok
12:38:53.0053 1008  ================ Scan services =============================
12:38:53.0318 1008  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:38:53.0318 1008  1394ohci - ok
12:38:53.0412 1008  ACDaemon - ok
12:38:53.0443 1008  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:38:53.0443 1008  ACPI - ok
12:38:53.0490 1008  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:38:53.0490 1008  AcpiPmi - ok
12:38:53.0584 1008  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:38:53.0599 1008  AdobeARMservice - ok
12:38:53.0771 1008  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:38:53.0786 1008  AdobeFlashPlayerUpdateSvc - ok
12:38:53.0833 1008  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:38:53.0833 1008  adp94xx - ok
12:38:53.0864 1008  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:38:53.0864 1008  adpahci - ok
12:38:53.0880 1008  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:38:53.0880 1008  adpu320 - ok
12:38:53.0927 1008  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:38:53.0927 1008  AeLookupSvc - ok
12:38:54.0067 1008  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe
12:38:54.0098 1008  AESTFilters - ok
12:38:54.0176 1008  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
12:38:54.0176 1008  Afc - ok
12:38:54.0254 1008  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:38:54.0254 1008  AFD - ok
12:38:54.0301 1008  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:38:54.0301 1008  agp440 - ok
12:38:54.0332 1008  [ 8F4121EB79C000F53331BA836EAFD3D6 ] ahcix64         C:\Windows\system32\drivers\ahcix64.sys
12:38:54.0332 1008  ahcix64 - ok
12:38:54.0348 1008  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:38:54.0348 1008  ALG - ok
12:38:54.0504 1008  [ DAE4E931AAA2CC2229D6EE9D1E040963 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
12:38:54.0504 1008  AlienFusionService - ok
12:38:54.0551 1008  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:38:54.0551 1008  aliide - ok
12:38:54.0582 1008  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:38:54.0582 1008  amdide - ok
12:38:54.0629 1008  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:38:54.0629 1008  AmdK8 - ok
12:38:54.0644 1008  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:38:54.0644 1008  AmdPPM - ok
12:38:54.0676 1008  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:38:54.0691 1008  amdsata - ok
12:38:54.0707 1008  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:38:54.0707 1008  amdsbs - ok
12:38:54.0722 1008  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:38:54.0722 1008  amdxata - ok
12:38:54.0785 1008  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:38:54.0785 1008  AppID - ok
12:38:54.0800 1008  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:38:54.0800 1008  AppIDSvc - ok
12:38:54.0863 1008  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
12:38:54.0863 1008  Appinfo - ok
12:38:54.0941 1008  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:38:54.0941 1008  Apple Mobile Device - ok
12:38:54.0956 1008  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:38:54.0956 1008  arc - ok
12:38:54.0972 1008  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:38:54.0972 1008  arcsas - ok
12:38:55.0050 1008  [ 44837F1CB5BD166A7BD8869F9E86E907 ] asdrm           C:\Windows\system32\DRIVERS\asdrm.sys
12:38:55.0050 1008  asdrm - ok
12:38:55.0112 1008  [ 88390FE440DCC3F10556AE41F4EDFCA1 ] asdrs           C:\Windows\system32\DRIVERS\asdrs.sys
12:38:55.0112 1008  asdrs - ok
12:38:55.0206 1008  [ ACF9720EFB9B2D5128446F2291F07A7A ] asdsrv          C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
12:38:55.0222 1008  asdsrv - ok
12:38:55.0268 1008  [ 2D6D1BCBE6B7D0688681CE71C4A4C828 ] asdws           C:\Windows\system32\DRIVERS\asdws.sys
12:38:55.0268 1008  asdws - ok
12:38:55.0393 1008  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:38:55.0409 1008  aspnet_state - ok
12:38:55.0456 1008  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:38:55.0456 1008  AsyncMac - ok
12:38:55.0518 1008  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:38:55.0518 1008  atapi - ok
12:38:55.0580 1008  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:38:55.0596 1008  AudioEndpointBuilder - ok
12:38:55.0612 1008  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:38:55.0612 1008  AudioSrv - ok
12:38:55.0705 1008  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:38:55.0705 1008  AxInstSV - ok
12:38:55.0752 1008  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:38:55.0752 1008  b06bdrv - ok
12:38:55.0768 1008  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:38:55.0783 1008  b57nd60a - ok
12:38:55.0846 1008  [ 57E58BCD31D8C34CB75649910FFD6D64 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
12:38:55.0892 1008  BCM43XX - ok
12:38:55.0939 1008  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:38:55.0939 1008  BDESVC - ok
12:38:55.0939 1008  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:38:55.0955 1008  Beep - ok
12:38:56.0017 1008  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:38:56.0033 1008  BFE - ok
12:38:56.0095 1008  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:38:56.0111 1008  BITS - ok
12:38:56.0158 1008  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:38:56.0158 1008  blbdrive - ok
12:38:56.0236 1008  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:38:56.0236 1008  Bonjour Service - ok
12:38:56.0298 1008  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:38:56.0298 1008  bowser - ok
12:38:56.0329 1008  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:38:56.0329 1008  BrFiltLo - ok
12:38:56.0360 1008  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:38:56.0360 1008  BrFiltUp - ok
12:38:56.0407 1008  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:38:56.0423 1008  Browser - ok
12:38:56.0438 1008  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:38:56.0438 1008  Brserid - ok
12:38:56.0454 1008  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:38:56.0454 1008  BrSerWdm - ok
12:38:56.0485 1008  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:38:56.0485 1008  BrUsbMdm - ok
12:38:56.0516 1008  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:38:56.0516 1008  BrUsbSer - ok
12:38:56.0579 1008  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:38:56.0626 1008  BthEnum - ok
12:38:56.0641 1008  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:38:56.0657 1008  BTHMODEM - ok
12:38:56.0672 1008  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:38:56.0688 1008  BthPan - ok
12:38:56.0704 1008  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:38:56.0704 1008  BTHPORT - ok
12:38:56.0766 1008  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:38:56.0766 1008  bthserv - ok
12:38:56.0766 1008  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:38:56.0766 1008  BTHUSB - ok
12:38:56.0797 1008  [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:38:56.0797 1008  btwaudio - ok
12:38:56.0813 1008  [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
12:38:56.0813 1008  btwavdt - ok
12:38:56.0891 1008  [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:38:56.0922 1008  btwdins - ok
12:38:56.0969 1008  [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
12:38:56.0969 1008  btwl2cap - ok
12:38:57.0016 1008  [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:38:57.0016 1008  btwrchid - ok
12:38:57.0078 1008  [ 93A45B3F2403670A6D14A0B466D97698 ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:38:57.0078 1008  ccEvtMgr - ok
12:38:57.0094 1008  [ 93A45B3F2403670A6D14A0B466D97698 ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:38:57.0094 1008  ccSetMgr - ok
12:38:57.0094 1008  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:38:57.0094 1008  cdfs - ok
12:38:57.0140 1008  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:38:57.0140 1008  cdrom - ok
12:38:57.0203 1008  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:38:57.0203 1008  CertPropSvc - ok
12:38:57.0281 1008  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:38:57.0281 1008  circlass - ok
12:38:57.0328 1008  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:38:57.0343 1008  CLFS - ok
12:38:57.0421 1008  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:57.0437 1008  clr_optimization_v2.0.50727_32 - ok
12:38:57.0499 1008  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:38:57.0515 1008  clr_optimization_v2.0.50727_64 - ok
12:38:57.0593 1008  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:57.0780 1008  clr_optimization_v4.0.30319_32 - ok
12:38:57.0827 1008  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:38:57.0874 1008  clr_optimization_v4.0.30319_64 - ok
12:38:57.0936 1008  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:38:57.0936 1008  CmBatt - ok
12:38:57.0967 1008  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:38:57.0967 1008  cmdide - ok
12:38:58.0014 1008  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:38:58.0014 1008  CNG - ok
12:38:58.0061 1008  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:38:58.0061 1008  Compbatt - ok
12:38:58.0076 1008  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:38:58.0076 1008  CompositeBus - ok
12:38:58.0108 1008  COMSysApp - ok
12:38:58.0123 1008  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:38:58.0139 1008  crcdisk - ok
12:38:58.0186 1008  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:38:58.0186 1008  CryptSvc - ok
12:38:58.0232 1008  [ 6A56407675844CB11E65964EE35E0B46 ] CustomSvc       C:\Program Files\OSD\Service1.exe
12:38:58.0248 1008  CustomSvc - ok
12:38:58.0279 1008  [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr      C:\Windows\system32\drivers\dadder.sys
12:38:58.0279 1008  DAdderFltr - ok
12:38:58.0342 1008  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:38:58.0342 1008  DcomLaunch - ok
12:38:58.0388 1008  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:38:58.0388 1008  defragsvc - ok
12:38:58.0435 1008  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:38:58.0435 1008  DfsC - ok
12:38:58.0482 1008  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:38:58.0482 1008  Dhcp - ok
12:38:58.0498 1008  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:38:58.0498 1008  discache - ok
12:38:58.0544 1008  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:38:58.0544 1008  Disk - ok
12:38:58.0591 1008  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:38:58.0591 1008  Dnscache - ok
12:38:58.0638 1008  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:38:58.0638 1008  dot3svc - ok
12:38:58.0669 1008  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:38:58.0685 1008  DPS - ok
12:38:58.0732 1008  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:38:58.0747 1008  drmkaud - ok
12:38:58.0778 1008  dump_wmimmc - ok
12:38:58.0825 1008  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:38:58.0856 1008  DXGKrnl - ok
12:38:58.0872 1008  EagleX64 - ok
12:38:58.0919 1008  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:38:58.0919 1008  EapHost - ok
12:38:59.0012 1008  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:38:59.0075 1008  ebdrv - ok
12:38:59.0168 1008  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:38:59.0184 1008  eeCtrl - ok
12:38:59.0231 1008  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:38:59.0231 1008  EFS - ok
12:38:59.0324 1008  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:38:59.0324 1008  ehRecvr - ok
12:38:59.0371 1008  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:38:59.0371 1008  ehSched - ok
12:38:59.0402 1008  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:38:59.0402 1008  elxstor - ok
12:38:59.0449 1008  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:38:59.0449 1008  ErrDev - ok
12:38:59.0527 1008  [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
12:38:59.0527 1008  EsgScanner - ok
12:38:59.0574 1008  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:38:59.0574 1008  EventSystem - ok
12:38:59.0590 1008  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:38:59.0590 1008  exfat - ok
12:38:59.0683 1008  [ BCCB1252F5F310C54991888C4B80D997 ] FAService       C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
12:38:59.0746 1008  FAService - ok
12:38:59.0761 1008  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:38:59.0777 1008  fastfat - ok
12:38:59.0839 1008  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:38:59.0839 1008  Fax - ok
12:38:59.0855 1008  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:38:59.0855 1008  fdc - ok
12:38:59.0902 1008  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:38:59.0902 1008  fdPHost - ok
12:38:59.0917 1008  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:38:59.0917 1008  FDResPub - ok
12:38:59.0917 1008  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:38:59.0917 1008  FileInfo - ok
12:38:59.0933 1008  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:38:59.0933 1008  Filetrace - ok
12:38:59.0948 1008  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:38:59.0948 1008  flpydisk - ok
12:38:59.0995 1008  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:38:59.0995 1008  FltMgr - ok
12:39:00.0058 1008  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:39:00.0073 1008  FontCache - ok
12:39:00.0167 1008  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:39:00.0167 1008  FontCache3.0.0.0 - ok
12:39:00.0182 1008  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:39:00.0182 1008  FsDepends - ok
12:39:00.0229 1008  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
12:39:00.0229 1008  fssfltr - ok
12:39:00.0338 1008  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:39:00.0416 1008  fsssvc - ok
12:39:00.0448 1008  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:39:00.0448 1008  Fs_Rec - ok
12:39:00.0510 1008  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:39:00.0510 1008  fvevol - ok
12:39:00.0526 1008  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:39:00.0526 1008  gagp30kx - ok
12:39:00.0572 1008  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:39:00.0572 1008  GEARAspiWDM - ok
12:39:00.0619 1008  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:39:00.0650 1008  gpsvc - ok
12:39:00.0744 1008  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca70abb4bf12a0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:39:00.0760 1008  gupdate1ca70abb4bf12a0 - ok
12:39:00.0806 1008  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:39:00.0806 1008  gupdatem - ok
12:39:00.0838 1008  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:39:00.0838 1008  hamachi - ok
12:39:00.0947 1008  [ B1E3F445943F06E36DC079AF28D0F86B ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:39:01.0009 1008  Hamachi2Svc - ok
12:39:01.0056 1008  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:39:01.0056 1008  hcw85cir - ok
12:39:01.0165 1008  [ 1D3719A2693816261FB8A0D7EC2E7931 ] HcwDevCentralService C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE
12:39:01.0181 1008  HcwDevCentralService - ok
12:39:01.0228 1008  [ 1DC06A88220FBF4DBED7D352BDA93A26 ] hcwE5bda        C:\Windows\system32\drivers\hcwE5bda.sys
12:39:01.0243 1008  hcwE5bda - ok
12:39:01.0306 1008  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:39:01.0321 1008  HDAudBus - ok
12:39:01.0337 1008  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:39:01.0337 1008  HidBatt - ok
12:39:01.0352 1008  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:39:01.0352 1008  HidBth - ok
12:39:01.0368 1008  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:39:01.0368 1008  HidIr - ok
12:39:01.0415 1008  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:39:01.0415 1008  hidserv - ok
12:39:01.0493 1008  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:39:01.0493 1008  HidUsb - ok
12:39:01.0555 1008  [ 6C92CA750A30650AD73ACA88F5A0CC32 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
12:39:01.0571 1008  HiPatchService - ok
12:39:01.0618 1008  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:39:01.0618 1008  hkmsvc - ok
12:39:01.0664 1008  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:39:01.0664 1008  HomeGroupListener - ok
12:39:01.0711 1008  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:39:01.0711 1008  HomeGroupProvider - ok
12:39:01.0805 1008  [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:39:01.0820 1008  hpqcxs08 - ok
12:39:01.0852 1008  [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:39:01.0852 1008  hpqddsvc - ok
12:39:01.0867 1008  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:39:01.0867 1008  HpSAMD - ok
12:39:01.0930 1008  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:39:01.0945 1008  HTTP - ok
12:39:01.0992 1008  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:39:01.0992 1008  hwpolicy - ok
12:39:02.0023 1008  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:39:02.0023 1008  i8042prt - ok
12:39:02.0086 1008  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:39:02.0086 1008  iaStorV - ok
12:39:02.0148 1008  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:39:02.0164 1008  idsvc - ok
12:39:02.0210 1008  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:39:02.0210 1008  iirsp - ok
12:39:02.0257 1008  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:39:02.0273 1008  IKEEXT - ok
12:39:02.0288 1008  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:39:02.0304 1008  intelide - ok
12:39:02.0335 1008  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:39:02.0335 1008  intelppm - ok
12:39:02.0398 1008  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:39:02.0398 1008  IPBusEnum - ok
12:39:02.0444 1008  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:39:02.0444 1008  IpFilterDriver - ok
12:39:02.0507 1008  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:39:02.0522 1008  IPMIDRV - ok
12:39:02.0522 1008  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:39:02.0538 1008  IPNAT - ok
12:39:02.0616 1008  [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:39:02.0647 1008  iPod Service - ok
12:39:02.0663 1008  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:39:02.0663 1008  IRENUM - ok
12:39:02.0678 1008  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:39:02.0678 1008  isapnp - ok
12:39:02.0694 1008  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:39:02.0710 1008  iScsiPrt - ok
12:39:02.0756 1008  [ 5FEF11C18EC25CDCB27E6C8680690B69 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
12:39:02.0772 1008  itecir - ok
12:39:02.0803 1008  [ 7FF7DB8466DA74DA7AD64A55F31221F6 ] JGOGO           C:\Windows\system32\drivers\jgogo.sys
12:39:02.0803 1008  JGOGO - ok
12:39:02.0819 1008  [ F8D19D891C60213FAB6DB93EEF2DA2A5 ] JRAID           C:\Windows\system32\drivers\jraid.sys
12:39:02.0819 1008  JRAID - ok
12:39:02.0834 1008  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:39:02.0834 1008  kbdclass - ok
12:39:02.0881 1008  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:39:02.0881 1008  kbdhid - ok
12:39:02.0897 1008  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:39:02.0897 1008  KeyIso - ok
12:39:02.0944 1008  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:39:02.0944 1008  KSecDD - ok
12:39:02.0959 1008  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:39:02.0959 1008  KSecPkg - ok
12:39:02.0975 1008  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:39:02.0975 1008  ksthunk - ok
12:39:03.0022 1008  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:39:03.0037 1008  KtmRm - ok
12:39:03.0068 1008  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:39:03.0068 1008  LanmanServer - ok
12:39:03.0115 1008  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:39:03.0131 1008  LanmanWorkstation - ok
12:39:03.0271 1008  [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate      C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE
12:39:03.0334 1008  LiveUpdate - ok
12:39:03.0380 1008  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:39:03.0380 1008  lltdio - ok
12:39:03.0412 1008  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:39:03.0412 1008  lltdsvc - ok
12:39:03.0427 1008  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:39:03.0427 1008  lmhosts - ok
12:39:03.0552 1008  [ 8F2CFF01F12955477450DA5E572D4001 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
12:39:03.0568 1008  LMIGuardianSvc - ok
12:39:03.0630 1008  [ 0F28935ECF1FBDEC22BAF720A5A94564 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
12:39:03.0630 1008  LMIInfo - ok
12:39:03.0692 1008  [ CA86C7042E406070B905AE6CA45D22EA ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
12:39:03.0692 1008  LMIMaint - ok
12:39:03.0755 1008  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
12:39:03.0755 1008  lmimirr - ok
12:39:03.0755 1008  LMIRfsClientNP - ok
12:39:03.0770 1008  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
12:39:03.0770 1008  LMIRfsDriver - ok
12:39:03.0817 1008  [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
12:39:03.0817 1008  LogMeIn - ok
12:39:03.0864 1008  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:39:03.0880 1008  LSI_FC - ok
12:39:03.0911 1008  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:39:03.0911 1008  LSI_SAS - ok
12:39:03.0926 1008  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:39:03.0942 1008  LSI_SAS2 - ok
12:39:03.0958 1008  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:39:03.0973 1008  LSI_SCSI - ok
12:39:04.0004 1008  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:39:04.0004 1008  luafv - ok
12:39:04.0051 1008  [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
12:39:04.0051 1008  Macromedia Licensing Service - ok
12:39:04.0098 1008  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:39:04.0114 1008  MBAMProtector - ok
12:39:04.0223 1008  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:39:04.0223 1008  MBAMScheduler - ok
12:39:04.0254 1008  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:39:04.0285 1008  MBAMService - ok
12:39:04.0316 1008  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:39:04.0316 1008  Mcx2Svc - ok
12:39:04.0348 1008  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:39:04.0348 1008  megasas - ok
12:39:04.0379 1008  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:39:04.0379 1008  MegaSR - ok
12:39:04.0472 1008  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:39:04.0519 1008  Microsoft Office Groove Audit Service - ok
12:39:04.0566 1008  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:39:04.0566 1008  MMCSS - ok
12:39:04.0582 1008  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:39:04.0582 1008  Modem - ok
12:39:04.0628 1008  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:39:04.0628 1008  monitor - ok
12:39:04.0675 1008  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:39:04.0675 1008  mouclass - ok
12:39:04.0722 1008  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:39:04.0738 1008  mouhid - ok
12:39:04.0784 1008  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:39:04.0784 1008  mountmgr - ok
12:39:04.0894 1008  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:39:04.0909 1008  MozillaMaintenance - ok
12:39:04.0909 1008  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:39:04.0925 1008  mpio - ok
12:39:04.0940 1008  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:39:04.0940 1008  mpsdrv - ok
12:39:05.0018 1008  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:39:05.0034 1008  MpsSvc - ok
12:39:05.0081 1008  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:39:05.0081 1008  MRxDAV - ok
12:39:05.0128 1008  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:39:05.0128 1008  mrxsmb - ok
12:39:05.0159 1008  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:39:05.0159 1008  mrxsmb10 - ok
12:39:05.0174 1008  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:39:05.0190 1008  mrxsmb20 - ok
12:39:05.0221 1008  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:39:05.0221 1008  msahci - ok
12:39:05.0237 1008  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:39:05.0252 1008  msdsm - ok
12:39:05.0268 1008  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:39:05.0268 1008  MSDTC - ok
12:39:05.0315 1008  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:39:05.0315 1008  Msfs - ok
12:39:05.0330 1008  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:39:05.0330 1008  mshidkmdf - ok
12:39:05.0330 1008  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:39:05.0330 1008  msisadrv - ok
12:39:05.0393 1008  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:39:05.0393 1008  MSiSCSI - ok
12:39:05.0393 1008  msiserver - ok
12:39:05.0424 1008  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:39:05.0440 1008  MSKSSRV - ok
12:39:05.0455 1008  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:39:05.0455 1008  MSPCLOCK - ok
12:39:05.0471 1008  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:39:05.0471 1008  MSPQM - ok
12:39:05.0518 1008  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:39:05.0518 1008  MsRPC - ok
12:39:05.0533 1008  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:39:05.0533 1008  mssmbios - ok
12:39:05.0564 1008  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:39:05.0564 1008  MSTEE - ok
12:39:05.0580 1008  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:39:05.0580 1008  MTConfig - ok
12:39:05.0627 1008  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:39:05.0627 1008  Mup - ok
12:39:05.0658 1008  [ 72BC95EAD29FAF301FDD4B733C30EE19 ] mv61xx          C:\Windows\system32\drivers\mv61xx.sys
12:39:05.0658 1008  mv61xx - ok
12:39:05.0705 1008  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:39:05.0720 1008  napagent - ok
12:39:05.0767 1008  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:39:05.0767 1008  NativeWifiP - ok
12:39:05.0939 1008  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS
12:39:05.0939 1008  NAVENG - ok
12:39:06.0001 1008  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS
12:39:06.0048 1008  NAVEX15 - ok
12:39:06.0126 1008  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:39:06.0142 1008  NDIS - ok
12:39:06.0204 1008  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:39:06.0204 1008  NdisCap - ok
12:39:06.0251 1008  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:39:06.0251 1008  NdisTapi - ok
12:39:06.0298 1008  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:39:06.0298 1008  Ndisuio - ok
12:39:06.0360 1008  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:39:06.0360 1008  NdisWan - ok
12:39:06.0407 1008  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:39:06.0407 1008  NDProxy - ok
12:39:06.0500 1008  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:39:06.0516 1008  Nero BackItUp Scheduler 4.0 - ok
12:39:06.0578 1008  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:39:06.0578 1008  Net Driver HPZ12 - ok
12:39:06.0594 1008  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:39:06.0594 1008  NetBIOS - ok
12:39:06.0641 1008  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:39:06.0656 1008  NetBT - ok
12:39:06.0656 1008  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:39:06.0656 1008  Netlogon - ok
12:39:06.0719 1008  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:39:06.0734 1008  Netman - ok
12:39:06.0812 1008  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:06.0859 1008  NetMsmqActivator - ok
12:39:06.0875 1008  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:06.0875 1008  NetPipeActivator - ok
12:39:06.0906 1008  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:39:06.0906 1008  netprofm - ok
12:39:06.0906 1008  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:06.0906 1008  NetTcpActivator - ok
12:39:06.0922 1008  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:39:06.0922 1008  NetTcpPortSharing - ok
12:39:06.0922 1008  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:39:06.0937 1008  nfrd960 - ok
12:39:06.0984 1008  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:39:07.0000 1008  NlaSvc - ok
12:39:07.0000 1008  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:39:07.0000 1008  Npfs - ok
12:39:07.0031 1008  npggsvc - ok
12:39:07.0046 1008  NPPTNT2 - ok
12:39:07.0062 1008  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:39:07.0078 1008  nsi - ok
12:39:07.0093 1008  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:39:07.0093 1008  nsiproxy - ok
12:39:07.0156 1008  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:39:07.0187 1008  Ntfs - ok
12:39:07.0265 1008  [ 07953351A3424BAA50FC5C4A1434FB04 ] NTI BackupNowEZSvr C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
12:39:07.0265 1008  NTI BackupNowEZSvr - ok
12:39:07.0280 1008  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
12:39:07.0280 1008  NTIDrvr - ok
12:39:07.0296 1008  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:39:07.0296 1008  Null - ok
12:39:07.0374 1008  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
12:39:07.0374 1008  NVENETFD - ok
12:39:07.0624 1008  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:39:07.0842 1008  nvlddmkm - ok
12:39:07.0904 1008  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:39:07.0904 1008  nvraid - ok
12:39:07.0936 1008  [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64          C:\Windows\system32\drivers\nvrd64.sys
12:39:07.0936 1008  nvrd64 - ok
12:39:07.0936 1008  [ 71C1C6F1D0E5F29E7BCD62411F5D9EB6 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
12:39:07.0951 1008  nvsmu - ok
12:39:07.0951 1008  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:39:07.0967 1008  nvstor - ok
12:39:08.0014 1008  [ 581286807B5832503FD700A3217B589F ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
12:39:08.0014 1008  nvstor64 - ok
12:39:08.0060 1008  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:39:08.0092 1008  nvsvc - ok
12:39:08.0170 1008  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:39:08.0201 1008  nvUpdatusService - ok
12:39:08.0216 1008  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:39:08.0216 1008  nv_agp - ok
12:39:08.0263 1008  [ A884303EA5CD3D250B514FDD5CE92AC8 ] OA007Vid        C:\Windows\system32\DRIVERS\OA007Vid.sys
12:39:08.0263 1008  OA007Vid - ok
12:39:08.0404 1008  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:39:08.0419 1008  odserv - ok
12:39:08.0466 1008  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:39:08.0466 1008  ohci1394 - ok
12:39:08.0513 1008  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:39:08.0513 1008  ose - ok
12:39:08.0560 1008  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:39:08.0560 1008  p2pimsvc - ok
12:39:08.0622 1008  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:39:08.0622 1008  p2psvc - ok
12:39:08.0653 1008  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:39:08.0653 1008  Parport - ok
12:39:08.0700 1008  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:39:08.0700 1008  partmgr - ok
12:39:08.0716 1008  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:39:08.0716 1008  PcaSvc - ok
12:39:08.0731 1008  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:39:08.0747 1008  pci - ok
12:39:08.0762 1008  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:39:08.0762 1008  pciide - ok
12:39:08.0778 1008  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:39:08.0778 1008  pcmcia - ok
12:39:08.0794 1008  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:39:08.0794 1008  pcw - ok
12:39:08.0809 1008  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:39:08.0825 1008  PEAUTH - ok
12:39:08.0918 1008  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:39:09.0106 1008  PerfHost - ok
12:39:09.0152 1008  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:39:09.0184 1008  pla - ok
12:39:09.0215 1008  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:39:09.0230 1008  PlugPlay - ok
12:39:09.0293 1008  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:39:09.0293 1008  Pml Driver HPZ12 - ok
12:39:09.0324 1008  PnkBstrA - ok
12:39:09.0355 1008  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:39:09.0371 1008  PNRPAutoReg - ok
12:39:09.0386 1008  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:39:09.0386 1008  PNRPsvc - ok
12:39:09.0433 1008  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:39:09.0449 1008  PolicyAgent - ok
12:39:09.0496 1008  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:39:09.0496 1008  Power - ok
12:39:09.0542 1008  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:39:09.0542 1008  PptpMiniport - ok
12:39:09.0574 1008  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:39:09.0574 1008  Processor - ok
12:39:09.0620 1008  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:39:09.0620 1008  ProfSvc - ok
12:39:09.0636 1008  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:39:09.0636 1008  ProtectedStorage - ok
12:39:09.0683 1008  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:39:09.0698 1008  Psched - ok
12:39:09.0745 1008  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:39:09.0745 1008  PxHlpa64 - ok
12:39:09.0776 1008  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:39:09.0808 1008  ql2300 - ok
12:39:09.0823 1008  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:39:09.0839 1008  ql40xx - ok
12:39:09.0854 1008  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:39:09.0854 1008  QWAVE - ok
12:39:09.0870 1008  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:39:09.0870 1008  QWAVEdrv - ok
12:39:09.0886 1008  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:39:09.0886 1008  RasAcd - ok
12:39:09.0917 1008  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:39:09.0917 1008  RasAgileVpn - ok
12:39:09.0932 1008  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:39:09.0948 1008  RasAuto - ok
12:39:09.0979 1008  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:39:09.0979 1008  Rasl2tp - ok
12:39:10.0026 1008  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:39:10.0057 1008  RasMan - ok
12:39:10.0073 1008  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:39:10.0073 1008  RasPppoe - ok
12:39:10.0088 1008  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:39:10.0088 1008  RasSstp - ok
12:39:10.0135 1008  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:39:10.0135 1008  rdbss - ok
12:39:10.0151 1008  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:39:10.0151 1008  rdpbus - ok
12:39:10.0166 1008  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:39:10.0166 1008  RDPCDD - ok
12:39:10.0213 1008  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:39:10.0213 1008  RDPENCDD - ok
12:39:10.0213 1008  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:39:10.0213 1008  RDPREFMP - ok
12:39:10.0260 1008  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:39:10.0260 1008  RDPWD - ok
12:39:10.0307 1008  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:39:10.0322 1008  rdyboost - ok
12:39:10.0385 1008  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:39:10.0400 1008  RemoteAccess - ok
12:39:10.0447 1008  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:39:10.0463 1008  RemoteRegistry - ok
12:39:10.0510 1008  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:39:10.0510 1008  RFCOMM - ok
12:39:10.0556 1008  [ CB7C996F3878E936BFDD9CDFE6A3A987 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
12:39:10.0556 1008  rimmptsk - ok
12:39:10.0603 1008  [ 2C543F0E04B5F6FD5C17509D0ECE6D1D ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
12:39:10.0603 1008  rimsptsk - ok
12:39:10.0619 1008  [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
12:39:10.0619 1008  rismxdp - ok
12:39:10.0619 1008  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:39:10.0634 1008  RpcEptMapper - ok
12:39:10.0666 1008  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:39:10.0666 1008  RpcLocator - ok
12:39:10.0744 1008  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:39:10.0744 1008  RpcSs - ok
12:39:10.0759 1008  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:39:10.0759 1008  rspndr - ok
12:39:10.0775 1008  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:39:10.0775 1008  SamSs - ok
12:39:10.0822 1008  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:39:10.0822 1008  sbp2port - ok
12:39:10.0853 1008  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:39:10.0853 1008  SCardSvr - ok
12:39:10.0900 1008  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:39:10.0900 1008  scfilter - ok
12:39:10.0962 1008  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:39:10.0993 1008  Schedule - ok
12:39:11.0009 1008  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:39:11.0009 1008  SCPolicySvc - ok
12:39:11.0056 1008  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
12:39:11.0056 1008  sdbus - ok
12:39:11.0102 1008  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:39:11.0102 1008  SDRSVC - ok
12:39:11.0149 1008  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:39:11.0149 1008  secdrv - ok
12:39:11.0196 1008  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:39:11.0196 1008  seclogon - ok
12:39:11.0212 1008  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:39:11.0212 1008  SENS - ok
12:39:11.0212 1008  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:39:11.0212 1008  SensrSvc - ok
12:39:11.0243 1008  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:39:11.0243 1008  Serenum - ok
12:39:11.0274 1008  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:39:11.0274 1008  Serial - ok
12:39:11.0305 1008  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:39:11.0305 1008  sermouse - ok
12:39:11.0352 1008  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:39:11.0368 1008  SessionEnv - ok
12:39:11.0414 1008  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:39:11.0414 1008  sffdisk - ok
12:39:11.0430 1008  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:39:11.0430 1008  sffp_mmc - ok
12:39:11.0430 1008  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:39:11.0446 1008  sffp_sd - ok
12:39:11.0461 1008  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:39:11.0461 1008  sfloppy - ok
12:39:11.0508 1008  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:39:11.0508 1008  SharedAccess - ok
12:39:11.0570 1008  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:39:11.0570 1008  ShellHWDetection - ok
12:39:11.0586 1008  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:39:11.0586 1008  SiSRaid2 - ok
12:39:11.0617 1008  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:39:11.0617 1008  SiSRaid4 - ok
12:39:11.0680 1008  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:39:11.0680 1008  SkypeUpdate - ok
12:39:11.0711 1008  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:39:11.0711 1008  Smb - ok
12:39:11.0820 1008  [ C5F27FC0503704946148A5E1BB97ADDB ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
12:39:11.0914 1008  SmcService - ok
12:39:11.0945 1008  [ 86523066C79C7642CD0F08585A12E412 ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
12:39:11.0960 1008  SNAC - ok
12:39:12.0007 1008  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:39:12.0007 1008  SNMPTRAP - ok
12:39:12.0023 1008  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:39:12.0023 1008  spldr - ok
12:39:12.0070 1008  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:39:12.0070 1008  Spooler - ok
12:39:12.0163 1008  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:39:12.0257 1008  sppsvc - ok
12:39:12.0288 1008  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:39:12.0288 1008  sppuinotify - ok
12:39:12.0460 1008  [ 623E4A909E759D73D1C9FA5059A49E9A ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
12:39:12.0491 1008  SpyHunter 4 Service - ok
12:39:12.0522 1008  [ 569F8D9768A00AB9A5166997C88EFE42 ] SRTSP           C:\Windows\system32\Drivers\SRTSP64.SYS
12:39:12.0538 1008  SRTSP - ok
12:39:12.0569 1008  [ FB283AE148CC4C5A4954DAEFBB9DFFF0 ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL64.SYS
12:39:12.0584 1008  SRTSPL - ok
12:39:12.0584 1008  [ C9ECA0A26CEBADE5134BA01FD8EF86A6 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX64.SYS
12:39:12.0600 1008  SRTSPX - ok
12:39:12.0678 1008  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:39:12.0709 1008  srv - ok
12:39:12.0740 1008  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:39:12.0740 1008  srv2 - ok
12:39:12.0756 1008  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:39:12.0772 1008  srvnet - ok
12:39:12.0834 1008  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:39:12.0834 1008  SSDPSRV - ok
12:39:12.0850 1008  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:39:12.0850 1008  SstpSvc - ok
12:39:12.0974 1008  [ FF84750B1AB2F0FCC494DFD41D9656B5 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe
12:39:12.0990 1008  STacSV - ok
12:39:13.0021 1008  Steam Client Service - ok
12:39:13.0099 1008  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:39:13.0115 1008  Stereo Service - ok
12:39:13.0146 1008  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:39:13.0146 1008  stexstor - ok
12:39:13.0208 1008  [ DDE4B46E0E91EC78808766EA449457B8 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
12:39:13.0208 1008  STHDA - ok
12:39:13.0271 1008  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:39:13.0271 1008  StillCam - ok
12:39:13.0318 1008  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:39:13.0333 1008  stisvc - ok
12:39:13.0380 1008  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:39:13.0380 1008  swenum - ok
12:39:13.0520 1008  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:39:13.0536 1008  SwitchBoard - ok
12:39:13.0583 1008  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:39:13.0583 1008  swprv - ok
12:39:13.0645 1008  [ AB135C5739D0AB8CBAAF1D4B23E3C259 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:39:13.0723 1008  Symantec AntiVirus - ok
12:39:13.0754 1008  [ 70C8D165063EB76F1A373B74456D2AAB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:39:13.0754 1008  SymEvent - ok
12:39:13.0817 1008  [ 2F240094AFFC3D5AA8BF3060B22FE7ED ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:39:13.0817 1008  SynTP - ok
12:39:13.0879 1008  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:39:13.0910 1008  SysMain - ok
12:39:13.0957 1008  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:39:13.0957 1008  TabletInputService - ok
12:39:14.0004 1008  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:39:14.0004 1008  TapiSrv - ok
12:39:14.0020 1008  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:39:14.0020 1008  TBS - ok
12:39:14.0082 1008  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:39:14.0129 1008  Tcpip - ok
12:39:14.0191 1008  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:39:14.0207 1008  TCPIP6 - ok
12:39:14.0238 1008  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:39:14.0254 1008  tcpipreg - ok
12:39:14.0300 1008  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:39:14.0300 1008  TDPIPE - ok
12:39:14.0332 1008  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:39:14.0347 1008  TDTCP - ok
12:39:14.0394 1008  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:39:14.0410 1008  tdx - ok
12:39:14.0456 1008  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:39:14.0456 1008  TermDD - ok
12:39:14.0519 1008  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:39:14.0534 1008  TermService - ok
12:39:14.0550 1008  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:39:14.0550 1008  Themes - ok
12:39:14.0597 1008  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:39:14.0597 1008  THREADORDER - ok
12:39:14.0612 1008  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:39:14.0612 1008  TrkWks - ok
12:39:14.0690 1008  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:39:14.0690 1008  TrustedInstaller - ok
12:39:14.0737 1008  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:14.0737 1008  tssecsrv - ok
12:39:14.0800 1008  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:39:14.0800 1008  TsUsbFlt - ok
12:39:14.0846 1008  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:39:14.0846 1008  tunnel - ok
12:39:14.0862 1008  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:39:14.0878 1008  uagp35 - ok
12:39:14.0940 1008  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
12:39:14.0940 1008  UBHelper - ok
12:39:14.0971 1008  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:39:14.0987 1008  udfs - ok
12:39:14.0987 1008  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:39:15.0002 1008  UI0Detect - ok
12:39:15.0018 1008  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:39:15.0018 1008  uliagpkx - ok
12:39:15.0065 1008  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:39:15.0065 1008  umbus - ok
12:39:15.0080 1008  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:39:15.0080 1008  UmPass - ok
12:39:15.0143 1008  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:39:15.0143 1008  upnphost - ok
12:39:15.0205 1008  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:39:15.0205 1008  USBAAPL64 - ok
12:39:15.0221 1008  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:15.0221 1008  usbccgp - ok
12:39:15.0268 1008  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
12:39:15.0268 1008  usbcir - ok
12:39:15.0283 1008  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:39:15.0283 1008  usbehci - ok
12:39:15.0299 1008  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:39:15.0299 1008  usbhub - ok
12:39:15.0314 1008  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:39:15.0314 1008  usbohci - ok
12:39:15.0330 1008  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:39:15.0330 1008  usbprint - ok
12:39:15.0346 1008  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:15.0346 1008  USBSTOR - ok
12:39:15.0361 1008  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:39:15.0361 1008  usbuhci - ok
12:39:15.0377 1008  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:39:15.0377 1008  UxSms - ok
12:39:15.0392 1008  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:39:15.0392 1008  VaultSvc - ok
12:39:15.0392 1008  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:39:15.0392 1008  vdrvroot - ok
12:39:15.0439 1008  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:39:15.0455 1008  vds - ok
12:39:15.0502 1008  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:15.0502 1008  vga - ok
12:39:15.0517 1008  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:39:15.0517 1008  VgaSave - ok
12:39:15.0564 1008  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:39:15.0564 1008  vhdmp - ok
12:39:15.0580 1008  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:39:15.0580 1008  viaide - ok
12:39:15.0595 1008  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:39:15.0595 1008  volmgr - ok
12:39:15.0642 1008  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:39:15.0658 1008  volmgrx - ok
12:39:15.0658 1008  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:39:15.0673 1008  volsnap - ok
12:39:15.0689 1008  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:39:15.0689 1008  vsmraid - ok
12:39:15.0751 1008  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:39:15.0798 1008  VSS - ok
12:39:15.0814 1008  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:39:15.0814 1008  vwifibus - ok
12:39:15.0860 1008  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:39:15.0876 1008  W32Time - ok
12:39:15.0892 1008  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:39:15.0892 1008  WacomPen - ok
12:39:15.0938 1008  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:39:15.0938 1008  WANARP - ok
12:39:15.0938 1008  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:39:15.0938 1008  Wanarpv6 - ok
12:39:16.0032 1008  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:39:16.0048 1008  WatAdminSvc - ok
12:39:16.0110 1008  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:39:16.0141 1008  wbengine - ok
12:39:16.0157 1008  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:39:16.0157 1008  WbioSrvc - ok
12:39:16.0204 1008  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:39:16.0204 1008  wcncsvc - ok
12:39:16.0219 1008  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:39:16.0219 1008  WcsPlugInService - ok
12:39:16.0250 1008  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:39:16.0250 1008  Wd - ok
12:39:16.0297 1008  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:39:16.0313 1008  Wdf01000 - ok
12:39:16.0328 1008  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:39:16.0328 1008  WdiServiceHost - ok
12:39:16.0344 1008  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:39:16.0344 1008  WdiSystemHost - ok
12:39:16.0391 1008  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:39:16.0391 1008  WebClient - ok
12:39:16.0406 1008  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:39:16.0422 1008  Wecsvc - ok
12:39:16.0422 1008  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:39:16.0422 1008  wercplsupport - ok
12:39:16.0469 1008  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:39:16.0484 1008  WerSvc - ok
12:39:16.0516 1008  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:39:16.0531 1008  WfpLwf - ok
12:39:16.0547 1008  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
12:39:16.0562 1008  WimFltr - ok
12:39:16.0562 1008  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:39:16.0562 1008  WIMMount - ok
12:39:16.0562 1008  WinHttpAutoProxySvc - ok
12:39:16.0656 1008  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:39:16.0672 1008  Winmgmt - ok
12:39:16.0734 1008  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files\OSD\WinRing0x64.sys
12:39:16.0734 1008  WinRing0_1_2_0 - ok
12:39:16.0812 1008  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:39:16.0859 1008  WinRM - ok
12:39:16.0937 1008  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:39:16.0937 1008  WinUsb - ok
12:39:16.0999 1008  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:39:17.0015 1008  Wlansvc - ok
12:39:17.0108 1008  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:39:17.0155 1008  wlidsvc - ok
12:39:17.0202 1008  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:39:17.0202 1008  WmiAcpi - ok
12:39:17.0249 1008  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:39:17.0249 1008  wmiApSrv - ok
12:39:17.0311 1008  WMPNetworkSvc - ok
12:39:17.0327 1008  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:39:17.0327 1008  WPCSvc - ok
12:39:17.0374 1008  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:39:17.0374 1008  WPDBusEnum - ok
12:39:17.0405 1008  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:39:17.0420 1008  ws2ifsl - ok
12:39:17.0467 1008  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:39:17.0467 1008  WSDPrintDevice - ok
12:39:17.0467 1008  WSearch - ok
12:39:17.0545 1008  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:39:17.0608 1008  wuauserv - ok
12:39:17.0654 1008  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:39:17.0654 1008  WudfPf - ok
12:39:17.0701 1008  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:17.0717 1008  WUDFRd - ok
12:39:17.0748 1008  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:39:17.0748 1008  wudfsvc - ok
12:39:17.0795 1008  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:39:17.0810 1008  WwanSvc - ok
12:39:17.0873 1008  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
12:39:17.0873 1008  xusb21 - ok
12:39:17.0935 1008  [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
12:39:17.0951 1008  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
12:39:17.0951 1008  ================ Scan global ===============================
12:39:17.0982 1008  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:39:18.0044 1008  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:39:18.0044 1008  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:39:18.0091 1008  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:39:18.0122 1008  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:39:18.0138 1008  [Global] - ok
12:39:18.0138 1008  ================ Scan MBR ==================================
12:39:18.0154 1008  [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0
12:39:18.0154 1008  Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:39:18.0232 1008  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
12:39:18.0232 1008  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
12:39:18.0232 1008  [ 508F4A6A6A6B3DADC6D881D9948389D2 ] \Device\Harddisk1\DR1
12:39:19.0963 1008  \Device\Harddisk1\DR1 - ok
12:39:19.0979 1008  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3
12:39:19.0979 1008  \Device\Harddisk2\DR3 - ok
12:39:19.0979 1008  ================ Scan VBR ==================================
12:39:20.0026 1008  [ E763A24D024F94699947D3D82CAB5AF0 ] \Device\Harddisk0\DR0\Partition1
12:39:20.0026 1008  \Device\Harddisk0\DR0\Partition1 - ok
12:39:20.0026 1008  [ 0E241EDDA96A71AE2BE25A8043495FDE ] \Device\Harddisk1\DR1\Partition1
12:39:20.0026 1008  \Device\Harddisk1\DR1\Partition1 - ok
12:39:20.0026 1008  [ 7015487D7B17CDF5111DCACDE252E0E8 ] \Device\Harddisk2\DR3\Partition1
12:39:20.0026 1008  \Device\Harddisk2\DR3\Partition1 - ok
12:39:20.0026 1008  ============================================================
12:39:20.0026 1008  Scan finished
12:39:20.0026 1008  ============================================================
12:39:20.0041 0848  Detected object count: 1
12:39:20.0041 0848  Actual detected object count: 1
12:39:32.0287 0848  \Device\Harddisk0\DR0\# - copied to quarantine
12:39:32.0287 0848  \Device\Harddisk0\DR0 - copied to quarantine
12:39:32.0443 0848  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
12:39:32.0443 0848  \Device\Harddisk0\DR0 - ok
12:39:35.0017 0848  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
12:39:41.0803 0780  Deinitialize success
 

Link to post
Share on other sites

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 4024877056, free: 3371134976

DNS error
DNS error
Initializing...
------------ Kernel report ------------
     07/03/2013 12:43:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\41268209.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\jgogo.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\SystemRoot\system32\drivers\cdrom.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\itecir.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\drivers\dadder.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800585b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa800585a060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005152790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa800511b990
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004772760
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8004688060
Lower Device Driver Name: \Driver\nvstor64\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80047721b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003c6ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004688060, DeviceName: \Device\00000071\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B64D5C06

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 939456512
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 939458560  Numsec = 37308416

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80051475c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800511b990, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B323F410

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398931968 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800585b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005864640, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800585b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800585a060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064  Numsec = 7826880

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 4011491328 bytes
Sector size: 512 bytes

Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 4024877056, free: 3399745536

Initializing...
------------ Kernel report ------------
     07/03/2013 13:06:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\41268209.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\jgogo.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\SystemRoot\system32\drivers\cdrom.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\itecir.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\drivers\dadder.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR12
Upper Device Object: 0xfffffa8005b7b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa8005d571c0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005152790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa800511b990
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004772760
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8004688060
Lower Device Driver Name: \Driver\nvstor64\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80047721b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003c6ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004688060, DeviceName: \Device\00000071\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B64D5C06

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 939456512
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 939458560  Numsec = 37308416

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80051475c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800511b990, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B323F410

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398931968 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8005b7b060, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800593a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b7b060, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005d571c0, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064  Numsec = 7826880

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 4011491328 bytes
Sector size: 512 bytes

Done!
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svidete --> [Trojan.Agent.U]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...
Removal finished

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.01.01

Windows 7 Service Pack 1 x64 FAT32 (Safe Mode)
Internet Explorer 10.0.9200.16618
Austin :: AUSTIN-PC [administrator]

7/3/2013 1:06:18 PM
mbar-log-2013-07-03 (13-06-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 289452
Time elapsed: 30 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svidete (Trojan.Agent.U) -> Data: rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Things look a whole lot better. Let's run some more scans to verify there isn't anything left:

 

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

I've got to leave for work so i will post what i have done and will do the rest tonight.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Austin on Wed 07/03/2013 at 15:22:53.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}

 

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

 

~~~ Folders

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\extensions\wdfopjxrea@wdfopjxrea.org.xpi [Tracur]
Successfully deleted: [Folder] C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}
Successfully deleted the following from C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\prefs.js

user_pref("aim_toolbar.search.searchtype", "web");
user_pref("extensions.crossrider.bic", "13c367a68d7b1403b41dee10dddf90ec");





user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\minidumps [127 files]

 

~~~ Chrome

Dumping contents of C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf
C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf\background.js
C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf\manifest.json

Successfully deleted: [Folder] C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/03/2013 at 15:24:57.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.303 - Logfile created 07/03/2013 at 15:14:53
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Austin - AUSTIN-PC
# Boot Mode : Safe mode
# Running from : C:\Users\Austin\Desktop\AdwCleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [22703 octets] - [30/06/2013 17:22:09]
AdwCleaner[R2].txt - [22764 octets] - [30/06/2013 17:25:03]
AdwCleaner[R3].txt - [1268 octets] - [30/06/2013 18:33:05]
AdwCleaner[R4].txt - [1000 octets] - [03/07/2013 15:14:53]
AdwCleaner[s1].txt - [23306 octets] - [30/06/2013 17:25:27]
AdwCleaner[s2].txt - [340 octets] - [30/06/2013 18:33:44]
AdwCleaner[s3].txt - [340 octets] - [02/07/2013 00:52:44]
AdwCleaner[s4].txt - [1448 octets] - [02/07/2013 10:17:54]

########## EOF - C:\AdwCleaner[R4].txt - [1299 octets] ##########

 

OTL Extras logfile created on: 7/3/2013 3:26:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Austin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.18% Memory free
7.50 Gb Paging File | 6.76 Gb Available in Paging File | 90.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.97 Gb Total Space | 96.83 Gb Free Space | 21.61% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1863.01 Gb Total Space | 911.19 Gb Free Space | 48.91% Space Free | Partition Type: NTFS
 
Computer Name: AUSTIN-PC | User Name: Austin | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2975216493-871587154-3665915270-1003\SOFTWARE\Classes\<extension>]
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FD6151-720E-48B1-8653-EC6439D09865}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{17F00CCA-D824-4F64-B6E9-692D1B524394}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3422AFB4-6A44-492C-B454-F8DA6DA701DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{39329055-C6F1-4A72-933A-8AFBFA4BD563}" = lport=139 | protocol=6 | dir=in | app=system |
"{4A44BE1F-28D4-468E-8977-80D610921840}" = rport=138 | protocol=17 | dir=out | app=system |
"{5570E5A3-264A-4B56-9A05-11832B4A5A96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5ADC1B27-EC92-4A37-A185-8425FD5020A7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5C4FCAF6-3329-493D-B07C-EC9D93C56412}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C607A8D-951B-4FD9-AB6D-13B84C5FE4AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6026AAD7-D9E9-4F7C-8E27-C2827CC0A9BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{607CCD35-EF71-4713-A162-902403C9FE79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67DF1E49-9EAF-47E1-BFE2-D24BD2C3F801}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6930BCF6-92E2-4C72-8981-632B3DBA8C54}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8197A6DB-C9A4-4D85-8361-41788AC5A3A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{915FC868-0F5A-4BF5-A2A8-CDBC31B4A04C}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{92AF7DE5-81CA-4176-8E65-01082E05B002}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95255B4C-35D0-4078-83FB-D119C88D0071}" = lport=137 | protocol=17 | dir=in | app=system |
"{A664DDE1-E0D7-40F2-AAEC-FE0281F55BAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5755706-36C7-4A1A-B7BB-E1F07F158336}" = rport=139 | protocol=6 | dir=out | app=system |
"{B73C632A-8A8A-4A19-97E7-002A123AF8DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF953460-80B1-4C12-B3FC-BE4BF962765B}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{BFE8A581-C19E-43D9-BE89-C9DECA3E3A5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D22D6297-CB8D-457D-AEFB-0D20A26C963C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D46A21BA-4470-44C2-9933-5CDAC0C8C2D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D55154D4-D4E6-4205-80AA-59A10780819A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{DCF8F04E-178B-45C3-8416-9951D1010992}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1211257-2304-4CB5-9A26-8786A12F4897}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E87D054E-D415-4529-81F4-AE34176CFCA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1D22AD1-477E-4E9C-9436-5EA2E29E16DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F45EF06A-7C14-4A81-8D54-D3F5DF6F2B9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE695B7B-FA94-412A-89E2-E70DD56C6809}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00968847-1B7A-47B0-B076-518C533B223E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{01AF58B6-076B-4C3E-A920-D617F65FC71A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{0396A993-2FAC-4E02-A9E6-E52F0DA57096}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0453785A-C84C-4E06-BC11-601E99538312}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{045E196D-8875-475E-A359-A85E931473BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{04D4B01D-004F-4312-89B6-00D66A1EBA9D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{058B4200-137B-4CEC-A38D-3A42AD2DBA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{060EAC78-3F47-4096-93D5-2DE66FCCF5AD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0621383C-81D5-4541-A08D-8CD2FA31FF10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{07251191-D00C-4604-95E6-A3AF35819187}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |
"{07353631-4D5B-4FB9-A54A-5E4A65131829}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{0814A83F-F347-4F0E-BC5E-52840B80CDE0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0851D790-A380-4848-A184-F880262CA738}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0971DFB4-8DA9-4294-9296-0B75D2A1D43D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{0C8C8FD1-959F-42C2-ACF9-57378F132593}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0E89D171-9192-4B21-982A-67CD267EC860}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{103EB53B-B009-4F88-9424-3A26B73230D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11D7B27B-23B2-4D3A-868F-EBB4F8D37FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{1235F50A-824B-4FF1-ADB3-3AC22914E12B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{129CE38F-E0E4-4600-9F9F-899DE58D67B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{142CDDAB-281F-4F14-93E0-EF07AEAC8359}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
"{15FB015B-0878-4EFF-BEB9-284DE7536264}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{17513AFC-026E-412B-B811-B0E228E030CB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{1762F4A6-80AF-427A-88AE-70BD6D3ECEAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{18662066-8941-4CAA-85A6-31EE64990081}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{1A1A64C7-7FA4-4E33-80F5-0C2B0AE4F36D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{1A904ED9-8E5B-490F-A8B8-5A4BF61FFAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1DB49775-BFDC-4906-84EA-CFC35FFB5F52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{1E15D57E-B743-465E-A952-B5E4F8734CDE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1EF22A77-6FFF-49A9-B0F1-126608948AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{20A10DDE-14F6-420A-AD0F-466A35368576}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{22191B72-AD75-4002-8BFD-F2C814C96EBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{2286F86D-DC6D-4B0B-92FE-B6A47AD8B7EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |
"{23471422-BC00-40E5-A704-D3E044AD56F6}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{24DA75ED-03F0-4978-BADE-207ED1CEDC8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{28F3B765-6D55-4C8A-B16B-78EFEED818F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29FA10A3-2D01-4116-B156-E338BE7CEC16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{2B45B68B-7AA0-4938-A4F7-D08A4436D640}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe |
"{2B8F1582-544A-4462-9D48-28537505B629}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\zombie panic! source\hl2.exe |
"{2CD1DE59-216F-44A5-9F16-88949FD762EE}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{2D9AFEEC-99AE-4E06-95C5-606FC81EA341}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E7A426B-7ABA-493F-91E8-1DF27D1DD711}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{2E98A220-5002-4477-B509-7FFBC737E2BC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2F0B9899-B36E-49CA-8AE9-01EB0FB7BE6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{2F830DE5-F38A-4477-B005-0AA29303D5E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{2FEE4D13-E9B3-474A-A8E1-8345CC42CC08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{300E18CB-1531-4338-8EF6-931FC14BE72A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{334F7ECE-8533-4501-BA42-F95C1DAA9E50}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{3556EB61-EBDF-446F-8E3F-B78B034830B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{374490DC-2211-4EE0-AAD9-27775769C586}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{38C8076D-4387-4F3D-985B-57AB12E5B628}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3A3FCF18-8D26-4A37-B17A-619166CCDB95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3CFF34C9-B631-48C5-81B9-A43E80048689}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{3DA9F498-5DD1-4F34-B40C-9C6A1C6241AA}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{3DB00AF9-7868-4773-B7A2-89D9C7AFAE5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{3DB041EA-5F73-4790-8777-65B5834D5DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe |
"{3F14C0B2-F7E8-4491-BCC6-11384F90E3B7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{3F71CD11-06CD-4469-992B-73F2689662E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{3FD46C20-5195-4FFE-BCFC-6C358607172D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
"{3FE1BA70-54FB-4ABB-864C-7515C0622E4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FFAAB65-CBD8-49C5-8DAE-6AF0B6530A2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{420B5F09-B628-442E-9323-715C133F100E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{429D48F9-7473-4311-86E0-722B3867797A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{42C672B0-CAEB-42E1-8393-75E7FBD2A0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{43387F27-D2C3-415D-8827-DEB0D711C346}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
"{43BDC9DA-043C-4DB3-AAC2-63BB986611E8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44AB057C-B215-4C37-9ACD-E600E02ABC80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46ACB9F7-34B5-44E1-87B5-C5B06BAECB4A}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{478B64D4-D577-4211-AFD5-9C74F43125B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |
"{48318C97-277B-426F-9BAF-CE3461658660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{48C25AAE-19C2-491E-9FDC-D05233AD5D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{4A1B51D0-E206-48A1-B622-4E3D1F318048}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{4AA0E8BE-E83D-475A-B473-1D88DD029C91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AD4B1BF-B58E-46EF-80A5-D11B964AE6C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4C32343C-96B2-44D7-8AAA-958DFBE350C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{4D509693-42B9-4A16-88CA-DCF1DA24DD84}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{4EDBE0D1-C6E5-4E98-B66E-7672B2C06579}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{4FC483E0-FAE6-4DD9-AE18-851901EAFC48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{4FC96618-795C-482C-82CF-6734AC53302F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{4FFFD9E1-5334-40C9-B491-474029D82191}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{501120BA-18F2-435B-A0F2-300CF9840B14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{50511F8A-697D-4618-90D6-F0ABAE838101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{515BF168-EB7E-4C06-9F43-B5481A5280F6}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{5293DA3F-B17E-430F-9C76-B45A5A91C981}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{531ECD3F-2E11-4375-AC84-72DBF0A458F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{53407BD3-194A-41EF-B313-B955606013D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{54F607A9-7902-4A66-BE81-514BAB40295B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{552BB5EA-EC31-4311-B257-90050321EAA9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{582E6C47-79A7-457A-9B73-3BE52BE0CC5A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{58D25627-DFBB-4771-92CD-03FCC6357741}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{5C8DE266-BAB5-4D52-972F-093D321EEAB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{5D52B2A7-51D3-4FC2-B48D-BF5D01AB1321}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{5EB0FA35-37B5-41B0-811C-E82DD9078C80}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{5FAF1253-21DD-43F1-84B2-47A5276D324B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{5FD173C8-815E-4397-9ED5-F6136CAA53A5}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{600F2516-0DEB-42A1-BF55-60863A7B8BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{618928B8-1FF2-47E0-A981-9C1BCB79E2C9}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{61BDE505-5397-4E6D-9F13-E5385E1B7896}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |
"{61D1B2AF-7F6B-4267-944C-4CF933E157C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{63719DFA-61A9-40A4-A316-230302DD15FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{670FD7C5-8BB4-40AF-9575-34249194426E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{68DF308C-7B61-446A-8EBC-6A4763630414}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |
"{69C99B15-5BBE-4604-9827-E2705CEAD918}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{69F52415-6E48-4561-B9BD-67F664DDCBDF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6AB1E573-A6EF-4FBE-BEE7-BAE0109A3A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |
"{6DF7C88B-0076-4F6A-B72C-DB2E0CCB9015}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{6E33188A-260E-48DE-B1DD-09DF516321DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |
"{6F2A1B08-9382-4E78-9BFA-6B3FD7D24B46}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{6F5D260B-2A86-4767-80C7-FD6AD3E1D578}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{6FDDF6AD-4987-41A9-91D1-32ECADFA7E51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{74A5E302-E03D-47E2-BEBF-2E5062685E54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{757EC728-A4CE-43C1-A247-F3B2C9334B00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{76F4F1A2-172A-4F97-B50B-99E38030A837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{774CCDBF-85E3-4E20-A52E-1946E107BA05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |
"{77C1FE65-1B84-41DE-B87A-30A2E5918653}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |
"{78006569-3418-4EAC-ABFD-17F02A59A31E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{786CB0A3-9FEB-4D3A-ABE6-6AD835A4B8D0}" = protocol=17 | dir=in | app=c:\gpotato\rappelz\launcher.exe |
"{795C3B0A-B325-411A-8D6D-2D3BBD486A04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{7A247DB6-F8F5-4D17-820D-81286BB13589}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{7A47C4F2-37A6-412E-B1DC-0EE50909FABF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\zombie panic! source\hl2.exe |
"{7D58D211-B4AD-436B-BCAA-5F0DE07EC567}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{7F1A1459-FAFB-45EF-9B94-7DB31B8675B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{806172A8-AF6C-4EEA-BC95-28954E087319}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{8095DE65-854D-47D2-BB75-77C8CEF12D19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |
"{80D2413A-E03E-4D16-85D3-1CDF963B7835}" = protocol=6 | dir=out | app=system |
"{8158BA83-B193-4F6D-9A1A-49A3248DB9BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{82185158-1B5D-4C9F-95AA-C17546775F36}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{826DD2E1-8283-4455-B9F0-58C7456F0B88}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{85586046-9295-4530-AAD1-EE85F6F96D50}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{85D22268-44DC-45A2-912B-66FBAF79E195}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{85EA82CF-1D4A-4880-9515-498A74C9CC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{86AE9F47-C16E-4DCD-9792-95FF527B78DD}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{87E7E523-FFBA-45BA-ABC1-5C135815AA88}" = dir=in | app=c:\users\austin\appdata\local\microsoft\skydrive\skydrive.exe |
"{886960AC-B810-43CF-BF6B-25BC819B916C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{8B1D18B5-B30F-4DC3-8EB2-54270BD93795}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\eternal-silence\hl2.exe |
"{8C38ECEA-9C33-4682-B1DA-B9DA1A73B29E}" = protocol=58 | dir=in | app=system |
"{8D02BD89-37BD-455A-9C76-7B218E4F395C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{8F16470E-79DA-4813-8F3D-5E65A7D76933}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{8FAC3CFA-47BE-494A-BD67-B2D9B824FA13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{917E035B-E40C-4078-B3C7-00D1558E237E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{91899F3E-1C89-4936-B7E6-86734CA4A8D0}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{928C2219-1604-4F6F-B364-1631AD2C6074}" = protocol=6 | dir=in | app=c:\gpotato\rappelz\launcher.exe |
"{945671CA-77F4-432E-8937-490C29EE7DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |
"{95C59588-0A3B-458A-9A60-937290A0C3CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{98720BBD-2542-4A8F-82E7-C13FF54DA5A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{9B338E21-3E6D-4FFD-9D96-67F34D91F53F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{9C5B8898-5CAC-41B0-B1E8-FCEEDFD26355}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{9D0E5694-E55E-4D6C-8688-7BF84B2BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"{9F7025F6-985A-4756-9483-57F58F528853}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9FE99FF7-4027-4B70-A8CB-99E346BAEB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{A0B52B96-8479-42A4-8BF3-DCF66656A074}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A0EC131F-8243-436B-8EC1-03F2F15FCDC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |
"{A12C5580-DCAB-48BA-9F86-7FA8848FC2C0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A1B35937-3FB5-433B-905F-73C6E53BFD20}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{A31AA887-8630-4352-B581-43284A74BE07}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A33BF414-2359-441B-97AC-D347C8DD51DD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A5076D16-0526-4155-B45A-9D8261EC77E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{A5BF996B-66F0-4122-B9DD-7C60B649C03E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{A7626EA6-5B99-49B1-A648-811FD6B3DC96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |
"{A7F023FC-A4D2-4DB7-808A-F8D32A638E61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{A97671CB-284E-4B20-B935-5C828C4ABE87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{A9B18348-E8E6-4063-9122-C5085A6A32E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA34E37A-85F8-499B-B8EB-17BA24CAEB27}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{AA99EB54-8BE6-40CD-9C7A-D79E47F324F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red demo\nationred.exe |
"{AB0721C9-525F-4E1B-96AA-5F1B71916CCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{ABC65834-15C7-42F4-9956-88DAFB2E21F3}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{AF821224-DE32-4E8C-BFFD-C89DED210DE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{AFED2E52-32B8-4176-AD59-D584D94932C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{B0C03719-1DC3-4DA0-8FF3-A97B8D9FF704}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B248A74F-34BD-4036-B930-456855AE90AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |
"{B25D7E75-D709-4706-80C9-C019CF05B6D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{B4CE3C3A-65D9-4544-95A5-5775F913149B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B58BCA16-3E0A-4ED3-9483-36475D9C7F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe |
"{B5DC3577-33B0-41D1-8B7C-A38ADF4D0D0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8037421-5A21-4DD1-BDA8-B57C9CCDC363}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B89D7BD8-7BE1-40CF-B8CB-DBDF10D06201}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{B8AA9E97-A125-46C9-A768-F411BCA9F5C3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{BDC8EF23-2206-49F3-A27C-DA46DFD6B0C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BEA3A2A4-CBAF-4678-B0CF-DB75443A1287}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{BF324FBE-EFA2-48C5-9580-C1F2AE68D177}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{C0391F63-EA1E-4D75-846D-359477677B71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C1DCFF4A-4610-463F-A05D-C84DC4398BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{C4DA0031-CC29-4798-894D-9B8D131B5D26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C52A14A1-1302-4A64-B8D6-62C0EEFBFBCE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5E607E3-A859-4035-9688-1A8D0FB7625D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{C861FE3F-FEB0-441C-9BA8-70E8EBE8243D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C961B871-B459-43FB-9FF5-5A3D1D2536AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{CA77994F-2C92-48C4-8811-01159D504223}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv beta version\ffxivboot.exe |
"{CAC20328-A54A-4E8B-8BFD-99CD515EE805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{CD701828-B59C-4761-A3E2-15AECB359638}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{CDA9A806-06EC-4544-99C6-132F79F07EA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF1A6560-79FD-4B83-AFC3-493F6ABAF732}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{D03CECC2-D320-4CC7-B5B4-4717D3CEF89C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D0885D3C-8834-4B1D-9D3D-BC2E5B15D3C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D0CE759B-277A-4753-BCE9-F7537A8C667A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |
"{D1F69485-CB92-423B-9565-A10FE689EF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{D31B06DC-F174-4C72-A26C-0221728C1D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red demo\nationred.exe |
"{D336D1C9-E1C7-4B8F-AB18-8645574195BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\eternal-silence\hl2.exe |
"{D4E58B4C-2F4A-4D42-A53A-281D4D09E249}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe |
"{D51D793E-9684-4282-8820-C360183369AF}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{D58F4388-0376-4137-ABC2-00A81E9051E7}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{D8CC53D5-B020-4847-A5A9-2E4C6970D956}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DB5C7DEC-09B4-4944-956B-3A8A0E290DB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DC8D07B0-CCFB-4F62-81A1-21381BAA3CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{DD6F7E45-CD87-4E46-8D5D-FD266FF43550}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{DDA64F0F-B37A-493D-B2F9-AA24F1088A10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |
"{DDAA3DC9-8E85-4BD6-B82A-410C97189C9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
"{DF1B4623-901B-4534-9610-C10EBF9DDAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |
"{E30E549E-14BF-4C58-BB96-2EA5A58BB096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{E4842386-82D4-4BDE-8D8A-1739B24EB829}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E4B1D8B1-1B8A-4AC0-B8AD-534F55F66527}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4F7C2D9-5757-4EDF-884E-84F06268A77E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{E6100732-3267-4FC6-8B74-893D8E7CF3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{E695421A-7882-4AFF-93E0-1BBC0ACC71D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{E721A4D1-93DC-48DA-9B15-BEEE7EE1A393}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{EC0D815B-6412-4AF7-A8A0-1A69F99474D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EEA0455D-B33F-401C-9B7B-8440344ADC70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{EEC3C6CE-1C67-448D-B29F-3B9EE85768D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |
"{EED44FFF-24C4-49F8-814B-9C87B5F87879}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv beta version\ffxivboot.exe |
"{EFD513EF-FA0B-443C-B872-445A08BF1913}" = protocol=17 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"{F07DEF57-D6EA-4E2F-B348-E86CD7FEFA3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{F189CA07-43C6-40B6-BDD2-FFFE9AAC252A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F43592F6-928B-4890-A7ED-EF7BE61217B9}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F6548E3A-338D-486F-9C08-14BC7CE4992E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F76194A8-ECCD-4689-8A37-4938BCA60EA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F79F1C3D-A67B-498D-943E-12772EC64807}" = dir=in | app=d:\setup\hpznui40.exe |
"{F9E8E479-B13E-467D-BDEA-6D524F5AB518}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{FA5E7CC4-8922-4CF0-BF88-B2A86E48576C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FA74AA0F-0780-4E28-8E66-81A7BB9AD660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{FA9525CB-1C35-48A9-8DEB-825198441A74}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FEAC0C6D-B264-4DF8-9151-4C38C542E2FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |
"{FEC8E989-90DD-4638-9E76-68FDAB9A3094}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{039DC8D6-EAE6-44C4-81E1-55633D099563}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{0E9F768C-491C-4DC4-9993-175E4DFB53CD}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{0FF4CE6B-5C0D-4FDC-9909-CFD140775FC6}C:\users\austin\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\austin\downloads\championsonlinef2p.exe |
"TCP Query User{1583F3A4-FD9B-48A5-A658-D4B8413C403B}C:\users\austin\downloads\drjava-stable-20040326.exe" = protocol=6 | dir=in | app=c:\users\austin\downloads\drjava-stable-20040326.exe |
"TCP Query User{1D2B7EDF-68D6-4428-8CF4-14C95951BD60}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{21B1A929-1AE8-4A2C-BFDD-24B24F661D64}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{2ABDA84E-F64A-4728-8EDA-C606F0E9ABEB}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{377BE962-5964-4446-9BB8-3BDDAFCE6F4C}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |
"TCP Query User{38C38BE6-A486-40AE-A88D-AFFE4AB45AA8}C:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe |
"TCP Query User{38FD10DF-7AAE-43C8-A683-7B746A0467E7}C:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe |
"TCP Query User{3DE22CE6-71D4-465B-B134-823453C3A9AF}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{420A2BA5-D760-41E4-BDE4-501081D21233}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{43910CC6-936B-41E3-976E-8CD784D6651D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{49D2D984-C950-42EE-B802-901944842800}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{49FC721C-2450-434C-8D57-3E731EF1D3FE}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4F208C18-B096-480F-93FB-2FAAF9322AAE}C:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe |
"TCP Query User{5C2B0A3E-25B4-47D5-81CE-15F47D01D2F5}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"TCP Query User{6CE3B008-1793-49ED-801B-E323F2B68752}C:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe |
"TCP Query User{719316F8-1271-4277-B3E1-61DCED25F985}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{8685BD4F-A2C6-421E-8009-7FE43ED153D3}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |
"TCP Query User{878484D7-DB7E-4491-AA06-4D3843CB6917}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{8A90F198-07B7-4A3B-821E-164EC372A306}C:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe |
"TCP Query User{92B1A3A0-7277-4447-AF65-003757B1DF32}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{94B88380-E1FD-4DC1-B62E-16DF196DD9E6}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |
"TCP Query User{966EA829-68B8-46FA-82D9-C0C86C292F95}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{9DFC726A-7B38-4D3A-8F76-3B0DEE1DA90E}C:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe |
"TCP Query User{9F3690E9-23E4-465C-AB3A-D0B81CCD0B48}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{BC1B1150-1C0F-4FFF-B6B1-AF61923323B6}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"TCP Query User{C0B81D66-0CDC-4D47-B8C3-24264760D3D5}C:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe |
"TCP Query User{C4B35EA2-EA4E-4062-8F3C-EE719E8DEBA9}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D1DBFC01-F27D-4DF9-91D4-FF9B2BF2A0F6}C:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe |
"TCP Query User{D9048816-C6F6-48B3-B622-342BAD991BEF}C:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe |
"TCP Query User{DB1CB208-7F0C-422A-B30D-31EF68B9A5C7}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"TCP Query User{E1372322-5A55-4104-A11B-07B719858187}C:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe |
"TCP Query User{E25D0AD6-1833-43DE-9485-12DCE902FFE4}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{ECB2A876-9641-4772-9560-E7043570890C}C:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe |
"TCP Query User{F1C7A3C5-5E03-40CF-81CE-E0D53614AF85}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{F6C6202A-028B-4104-9839-899D27E57E56}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |
"TCP Query User{F9871369-BACD-439D-B648-9776EAD1EFC6}C:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe |
"UDP Query User{023C0698-405D-4E8A-9D87-70D288B10F22}C:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe |
"UDP Query User{05C3C86A-51D8-46B3-BC17-967B855EEDC7}C:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe |
"UDP Query User{0DBD9B46-5BB8-499E-A76F-91A9B529BBE1}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{10410D63-65FF-42B9-A63E-9EDF35CEA564}C:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe |
"UDP Query User{286FFBFF-27B2-4923-83E0-77484804BEEC}C:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe |
"UDP Query User{2A686B04-BE53-4345-A494-E7B784F45ED9}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{2D187F19-236E-4E91-9557-18670D581248}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{2DBFD858-5DEA-464A-9982-B8492CCB5A17}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{353472CB-6141-4118-BC9C-73DF8D371CE4}C:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe |
"UDP Query User{43349F91-D7E7-48B8-BD10-6A8CFF3600A7}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{46E35F69-70E1-4F8A-AE5F-D4E1BCE98B2E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{47A089B5-C6D1-4B97-A904-E7E4723A65C1}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"UDP Query User{4E484F41-0308-4444-B92A-F787B2D77572}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |
"UDP Query User{59B1C217-9BC8-4CBB-979C-D9632FD2703B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{5FA1BDD0-4DDE-4105-B4DE-9FF7B4369DFC}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |
"UDP Query User{6C9370CC-A5F7-494E-A9E7-521BB49520EA}C:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe |
"UDP Query User{799B4879-A844-4A05-BADA-71200BA4F1D7}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{7E480AD3-1B94-4428-A159-72C48B2F8353}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{895063FD-1716-4D75-89FA-F13A71A0C765}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |
"UDP Query User{9421E55C-7CFE-4731-B39E-131AF3583756}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{9D45249D-30FD-438C-BEF5-AD5382B9EF55}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |
"UDP Query User{9D708A7A-DA07-4FF3-9F04-49DE0626D4B0}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A42ADAD5-9074-4E22-B331-D2EBB3D8D55E}C:\users\austin\downloads\drjava-stable-20040326.exe" = protocol=17 | dir=in | app=c:\users\austin\downloads\drjava-stable-20040326.exe |
"UDP Query User{A76960A1-B307-4CCB-9BCB-DC6B2371AF79}C:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe |
"UDP Query User{B27B25CE-B78B-4392-9C5D-96E07B6A2889}C:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe |
"UDP Query User{B483F1D5-58D7-4730-B25D-0CC490AB57F3}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |
"UDP Query User{C132ED16-5C3E-47A3-A4B8-783CBA7BF620}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C714D3C1-FCCC-46A9-9CF5-7C9F824DABD9}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{CDE751F8-D0CD-46EB-BBDF-EBD244D374A0}C:\users\austin\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\austin\downloads\championsonlinef2p.exe |
"UDP Query User{D405BD94-FE3A-4D60-8CE7-A066D656BE67}C:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe |
"UDP Query User{D44D866E-0F93-46E5-ABAA-BDBBA553518C}C:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe |
"UDP Query User{D5AF9C07-D304-4537-9241-F95A9BF8AEE6}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{DD1E039D-E117-44A3-8AD7-678C5BC8EAC6}C:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe |
"UDP Query User{DD6185E1-BA53-4F2F-8EBF-9D385C4ADEDE}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{E12ABAB7-1313-48BC-9AFE-C8CBB0FC1FED}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{EDA422F4-C5D7-4BA3-89A3-2133BEA3F6A9}C:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe |
"UDP Query User{EF691517-B49F-4B90-AC37-5CAF8C559E06}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"UDP Query User{F0BECE94-C901-4C88-862E-FD36AF1B3AE1}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"UDP Query User{F1F2DA1E-6DAD-4E3D-8065-D205FBF8B771}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{12F5D482-1F43-4708-BCC5-031F10A08949}" = Symantec Endpoint Protection
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCD55450-77AC-4347-B24F-654B1189F8D4}" = SpyHunter
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}" = HP Officejet 6500 E710n-z Product Improvement Study
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{E110DEF3-6022-436C-8290-A681CEDFF01C}" = Command Center
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Blender" = Blender
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Creative OA007" = Integrated Webcam Driver (1.01.01.1227) 
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"jEdit_is1" = jEdit 4.5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java 7 Update 3
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java SE Development Kit 6 Update 16
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{e460c2b8-962b-4780-bd63-6bbfcc28827d}" = Nero 9 Essentials
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FBA1239D-189F-4855-88B6-4DBE606D30A5}" = Fiesta
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"4Story" = 4Story (4STORY)
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM Toolbar" = AOL Messaging Toolbar
"AIM_7" = AIM 7
"AlienRespawn20_AD" = AlienRespawn v2.0
"Anvi Smart Defender" = Anvi Smart Defender 1.9
"APB Reloaded" = APB Reloaded
"Atlantica" = Atlantica
"Audacity_is1" = Audacity 1.2.6
"AVerMedia MCE Encoder x64" = AVerMedia MCE Encoder x64 3.0.1.0
"AVS Image Converter_is1" = AVS Image Converter 2.2.2.218
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DFO" = DFOLauncher
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DragonNest" = DragonNest
"Dynasty Warriors Online" = Dynasty Warriors Online
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVE" = EVE Online (remove only)
"Fraps" = Fraps (remove only)
"GamersFirst LIVE!" = GamersFirst LIVE!
"GameSpy Arcade" = GameSpy Arcade
"GameStop App" = GameStop App
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"Guild Wars 2" = Guild Wars 2
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Hauppauge Device Central" = Hauppauge Device Central
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"InstallShield_{E110DEF3-6022-436C-8290-A681CEDFF01C}" = Command Center
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.5 (Standard)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator
"PunkBusterSvc" = PunkBuster Services
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1250" = Killing Floor
"Steam App 17550" = Eternal Silence
"Steam App 200710" = Torchlight II
"Steam App 212220" = Dungeon Fighter Online
"Steam App 212680" = FTL: Faster Than Light
"Steam App 215" = Source SDK Base
"Steam App 219150" = Hotline Miami
"Steam App 220" = Half-Life 2
"Steam App 221260" = Little Inferno
"Steam App 22380" = Fallout: New Vegas
"Steam App 22480" = GECK - New Vegas Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 27940" = Dead Horde
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 36620" = Forsaken World
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 6900" = Hitman: Codename 47
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 91600" = Sanctum
"Steam App 99900" = Spiral Knights
"SystemRequirementsLab" = System Requirements Lab
"The Secret World_is1" = The Secret World
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"uTorrent Acceleration Tool" = uTorrent Acceleration Tool
"VLC media player" = VLC media player 2.0.5
"Warhammer 40,000 Boltgun1.0" = Warhammer 40,000 Boltgun
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2975216493-871587154-3665915270-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"AOL Messaging Toolbar" = AOL Messaging Toolbar
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
< End of report >
 

Link to post
Share on other sites