Hellsing Posted July 3, 2013 ID:698129 Share Posted July 3, 2013 First off I have a triple team going on my system right now. I have the Fbi scam virus keeping me from doing anything. I can only keep the computer UN stuck by booting in safe mode with command window. I also have the internet security virus waiting and a suspected zero access rootkit as told by the rkill program. I need some help fixing this thing. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698130 Share Posted July 3, 2013 Hello Hellsing and welcome to Malwarebytes! I am D-FRED-BROWN and I will be helping you. Please start off by doing the following: For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Note: Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <-------- (If I don't respond within 24 hours, please send me a PM) -DFB Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698133 Share Posted July 3, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013Ran by Austin (administrator) on 03-07-2013 00:40:20Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Safe Mode (minimal)==================== Processes (Whitelisted) =================(Microsoft Corporation) C:\Windows\system32\cmd.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [52480 2009-04-24] (Alienware Corporation)HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)HKLM\...\Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait [42496 2012-01-30] (Contributors)HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-11-29] (LogMeIn, Inc.)HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [75825640 2013-06-13] (Microsoft Corporation)HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)HKCU\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [742264 2012-03-30] (BitTorrent, Inc.)HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [x]HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] ()HKCU\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 [67456 2011-11-07] (Uniblue Systems Limited)HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTIONHKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTIONHKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONHKCU\...\Run: [Akamai NetSession Interface] [x]HKCU\...\Run: [svidete] rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup [x]HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONHKCU\...\Winlogon: [shell] C:\Users\Austin\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTIONHKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n. ATTENTION! ====> ZeroAccess?MountPoints2: {1c1a6c67-9403-11de-b5da-0025643a50d8} - E:\LaunchU3.exe -aMountPoints2: {b6401647-eabf-11de-ae7c-806e6f6e6963} - D:\DVDROM\MediaManager\MediaManagerII.exeHKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)HKLM-x32\...\Run: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" [75048 2009-05-01] (cyberlink)HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-01-22] (Symantec Corporation)HKLM-x32\...\Run: [FAStartup] [x]HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-03-05] (Sensible Vision )HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)HKLM-x32\...\Run: [OSD] c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2007-12-14] ()HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2008-10-17] (CyberLink Corp.)HKLM-x32\...\Run: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)HKLM-x32\...\Run: [backupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation)HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x]HKLM-x32\...\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" [492912 2008-06-30] (Symantec Corporation)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-08] (Anvisoft)HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTIONAppInit_DLLs-x32: [0 ] ()Lsa: [Notification Packages] scecli FAPassSyncStartup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnkShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File)Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnkShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnkShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnkShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/xbox-360HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmURLSearchHook: (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No FileURLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No FileSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No FileBHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No FileBHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No FileToolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://www.support.dell.com/systemprofiler/SysProExe.CABDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABDPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6089/mcfscan.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.defaultFF NetworkProxy: "type", 4FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}FF Extension: Microsoft .NET Framework Assistant - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}FF Extension: Google Toolbar for Firefox - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: AOL Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}FF Extension: AOL Messaging Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760}FF Extension: uriloader - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\uriloader@pdf.js.xpiFF Extension: wdfopjxrea - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\wdfopjxrea@wdfopjxrea.org.xpiFF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpiFF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description></RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>{3112ca9c-de6d-4884-a869-9855de68056c}</em:id> <em:version>3.1.20081127W</em:version> <!-- For Up-To-Date Documentation of this Format Please See: http://www.mozilla.org/projects/firefox/extensions/packaging/extensions.html --> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>2.0</em:minVersion> <em:maxVersion>3.*</em:maxVersion> </Description> </em:targetApplication> <em:targetPlatform>WINNT</em:targetPlatform> <em:name>Google Toolbar for Firefox</em:name> <em:description>Take the power of Google with you anywhere on the Web!</em:description> <em:creator>Google Inc.</em:creator> <em:homepageURL>http://www.google.com/</em:homepageURL> <em:updateURL><![CDATA[https://tools.google.com/firefox/update?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%&dist=google]]></em:updateURL> <em:file> <Description about="urn:mozilla:extension:file:google-toolbar.jar"> <em:package>content/</em:package> <em:locale>locale/en-US/</em:locale> <em:locale>locale/da-DK/</em:locale> <em:locale>locale/de-DE/</em:locale> <em:locale>locale/es-AR/</em:locale> <em:locale>locale/es-ES/</em:locale> <em:locale>locale/fi-FI/</em:locale> <em:locale>locale/fr-FR/</em:locale> <em:locale>locale/it-IT/</em:locale> <em:locale>locale/ja-JP/</em:locale> <em:locale>locale/ja-JPM/</em:locale> <em:locale>locale/ko-KR/</em:locale> <em:locale>locale/nb-NO/</em:locale> <em:locale>locale/nl-NL/</em:locale> <em:locale>locale/pt-BR/</em:locale> <em:locale>locale/ru-RU/</em:locale> <em:locale>locale/sv-SE/</em:locale> <em:locale>locale/zh-CN/</em:locale> <em:locale>locale/zh-TW/</em:locale> <em:skin>skin/</em:skin> </Description> </em:file> </Description></RDF> - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\FirefoxFF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\FirefoxFF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description></RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKCU\...\Firefox\Extensions: [{C0B62AAB-8E55-4B42-8670-E066358BE912}] C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:name>XULRunner</em:name> <em:id>{C0B62AAB-8E55-4B42-8670-E066358BE912}</em:id> <em:version>1.9.1</em:version> <em:creator>Mozilla Corp.</em:creator> <em:description>XULRunner is a Mozilla runtime package</em:description> <em:type>2</em:type> <em:hidden>true</em:hidden> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>1.5</em:minVersion> <em:maxVersion>3.*.*.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\Chrome:=======CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No FileCHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No FileCHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No FileCHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No FileCHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Default Plug-in) - default_plugin No File==================== Services (Whitelisted) =================S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-08] (Anvisoft)S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2360584 2009-03-05] (Sensible Vision )S2 gupdate1ca70abb4bf12a0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-11-29] (Google Inc.)S3 HcwDevCentralService; C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [401232 2013-02-07] (Hauppauge Computer Works, Inc.)S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation)S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.)S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.)S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-07-25] ()S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.)S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-22] ()S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3081544 2009-01-22] (Symantec Corporation)S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [388424 2009-01-22] (Symantec Corporation)S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe [268288 2009-03-19] (IDT, Inc.)S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-01-22] (Symantec Corporation)S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]==================== Drivers (Whitelisted) ====================S4 ahcix64; C:\Windows\system32\drivers\ahcix64.sys [146944 2008-07-29] (ATI Technologies Inc.)S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft)S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.)R0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [8704 2006-02-07] (JMicron )S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)S4 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [163736 2007-06-15] (Marvell Semiconductor, Inc.)S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)S3 OA007Vid; C:\Windows\System32\DRIVERS\OA007Vid.sys [310208 2008-12-27] (Creative Technology Ltd.)S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2009-07-28] (Symantec Corporation)S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]S4 LMIRfsClientNP; No ImagePathS3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp2013-07-02 10:17 - 2013-07-02 10:18 - 00001448 ____A C:\AdwCleaner[s4].txt2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt2013-07-02 00:35 - 2013-07-02 00:36 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft2013-06-30 18:02 - 2012-11-07 03:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys2013-06-30 18:02 - 2012-11-07 03:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys2013-06-30 18:02 - 2012-11-07 03:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys2013-06-30 17:55 - 2013-06-30 17:57 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini2013-06-30 17:25 - 2013-06-30 17:26 - 00023306 ____A C:\AdwCleaner[s1].txt2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill2013-06-30 17:16 - 2013-07-02 11:33 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group2013-06-30 12:31 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys2013-06-30 12:30 - 2013-06-30 12:31 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan2013-06-30 11:51 - 2013-07-03 00:00 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job2013-06-30 11:51 - 2013-06-30 17:23 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-06-23 01:35 - 2013-06-23 13:48 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps32013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url2013-06-16 03:02 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-16 03:02 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-16 03:02 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-16 03:02 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-16 03:02 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-16 03:02 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-16 03:02 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-06-16 03:02 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-06-16 03:02 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-06-16 03:02 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-06-16 03:02 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-06-16 03:02 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-06-13 03:03 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-06-13 03:03 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-06-13 03:03 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-06-13 03:03 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-06-13 03:03 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-06-13 03:03 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-06-13 03:03 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-06-12 10:04 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-06-12 10:04 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-06-12 10:04 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll2013-06-12 10:02 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll2013-06-12 10:02 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll2013-06-12 10:01 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-06-12 10:01 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-06-12 09:59 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-06-12 09:59 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-06-12 09:59 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-06-12 09:59 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll2013-06-12 09:59 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-06-12 09:59 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-06-12 09:59 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-06-12 09:59 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe2013-06-12 09:59 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe2013-06-12 09:59 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll2013-06-12 09:58 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll2013-06-12 09:58 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-06-05 09:43 - 2013-06-05 09:50 - 00008121 ____A C:\Windows\IE10_main.log==================== One Month Modified Files and Folders =======2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp2013-07-03 00:04 - 2011-04-21 10:07 - 00000000 ____D C:\Windows\Minidump2013-07-03 00:04 - 2009-12-12 04:29 - 714636151 ____A C:\Windows\MEMORY.DMP2013-07-03 00:01 - 2010-07-23 21:24 - 00000000 ____D C:\Users\Austin\AppData\Local\PMB Files2013-07-03 00:01 - 2010-05-07 10:46 - 00000000 ____D C:\Users\Austin\AppData\Roaming\uTorrent2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job2013-07-03 00:00 - 2013-03-22 00:34 - 00000000 ____D C:\ProgramData\LogMeIn2013-07-02 23:57 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-02 23:55 - 2011-09-05 23:37 - 00000000 ____D C:\Users\Austin\AppData\Local\LogMeIn Hamachi2013-07-02 23:54 - 2012-02-05 14:55 - 00000000 ____D C:\Users\Austin\.jedit2013-07-02 23:54 - 2009-07-23 12:36 - 00000000 ____D C:\Program Files (x86)\Steam2013-07-02 23:52 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job2013-07-02 23:52 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job2013-07-02 23:52 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-07-02 23:51 - 2009-07-14 00:51 - 01930249 ____A C:\Windows\setupact.log2013-07-02 23:50 - 2009-07-10 19:58 - 00000000 ____D C:\ProgramData\NVIDIA2013-07-02 23:45 - 2009-12-17 00:29 - 00391708 ____A C:\Windows\PFRO.log2013-07-02 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat2013-07-02 18:25 - 2013-05-23 14:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-07-02 18:25 - 2011-12-22 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-02 18:25 - 2010-07-23 21:23 - 00000000 ____D C:\ProgramData\PMB Files2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sysprep2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration2013-07-02 14:42 - 2009-12-16 23:57 - 00000000 ____D C:\users\Austin2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp2013-07-02 11:35 - 2012-07-10 12:03 - 00007594 ____A C:\Users\Austin\AppData\Local\Resmon.ResmonCfg2013-07-02 11:33 - 2013-06-30 17:16 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt2013-07-02 11:06 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV2013-07-02 10:18 - 2013-07-02 10:17 - 00001448 ____A C:\AdwCleaner[s4].txt2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt2013-07-02 00:36 - 2013-07-02 00:35 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-07-01 07:15 - 2009-12-17 00:41 - 01886483 ____A C:\Windows\WindowsUpdate.log2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft2013-06-30 17:57 - 2013-06-30 17:55 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini2013-06-30 17:26 - 2013-06-30 17:25 - 00023306 ____A C:\AdwCleaner[s1].txt2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe2013-06-30 17:23 - 2013-06-30 11:51 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad2013-06-29 11:30 - 2010-05-07 11:05 - 00000404 ___AH C:\Windows\Tasks\Norton Security Scan for Austin.job2013-06-29 01:11 - 2010-12-21 20:24 - 00000000 ____D C:\Users\Austin\AppData\Roaming\vlc2013-06-27 02:20 - 2010-09-05 11:09 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job2013-06-23 13:51 - 2009-07-23 12:51 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Adobe2013-06-23 13:48 - 2013-06-23 01:35 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps32013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-06-23 13:33 - 2009-07-10 20:45 - 00000000 ____D C:\Program Files (x86)\Adobe2013-06-23 13:32 - 2009-07-30 19:07 - 00000000 ____D C:\Users\Austin\AppData\Local\Adobe2013-06-23 13:31 - 2009-07-10 20:45 - 00000000 ____D C:\ProgramData\Adobe2013-06-23 01:35 - 2012-03-06 14:24 - 00000000 ____D C:\Users\Austin\AppData\Local\Amazon2013-06-18 12:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL2013-06-16 23:24 - 2009-07-10 20:47 - 00531797 ____A C:\Windows\DirectX.log2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url2013-06-13 03:14 - 2009-07-30 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help2013-06-13 03:06 - 2010-08-05 12:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-06-11 23:17 - 2012-05-09 17:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-06-11 23:17 - 2012-01-20 13:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url2013-06-08 10:54 - 2013-03-22 00:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn2013-06-08 10:53 - 2013-03-22 00:35 - 00107368 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll2013-06-08 10:53 - 2013-03-22 00:35 - 00035656 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll2013-06-08 10:53 - 2013-03-22 00:34 - 00100680 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll2013-06-08 10:08 - 2013-06-16 03:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-08 10:07 - 2013-06-16 03:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-08 10:06 - 2013-06-16 03:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-08 10:06 - 2013-06-16 03:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-08 10:06 - 2013-06-16 03:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-08 08:28 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-08 07:42 - 2013-06-16 03:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-06-08 07:40 - 2013-06-16 03:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-06-08 07:40 - 2013-06-16 03:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-06-08 07:40 - 2013-06-16 03:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-06-08 07:40 - 2013-06-16 03:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-06-08 07:13 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-06-06 03:35 - 2012-05-21 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-06-06 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url2013-06-05 09:50 - 2013-06-05 09:43 - 00008121 ____A C:\Windows\IE10_main.log2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exeZeroAccess:C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0ZeroAccess:C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\LC:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\UFiles to move or delete:====================C:\Users\Austin\AppData\Roaming\skype.iniC:\ProgramData\hash.datC:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-06-23 14:31==================== End Of Log ============================ Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698134 Share Posted July 3, 2013 Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txtC:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\LC:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\UC:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0C:\Users\Austin\AppData\Roaming\skype.iniC:\ProgramData\hash.datC:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.jobS3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTIONHKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTIONHKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONHKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONHKCU\...\Winlogon: [shell] C:\Users\Austin\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTIONHKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n. ATTENTION! ====> ZeroAccess?HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTIONNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove. Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698137 Share Posted July 3, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013Ran by Austin at 2013-07-03 00:52:58 Run:1Running from G:\Boot Mode: Safe Mode (minimal)==============================================C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => Moved successfully. X6va001 => Service not found. X6va005 => Service not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Temp => Value not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Fraps3 => Value not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Adobe CSS5.1 Manager => Value not found.HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Adobe CSS5.1 Manager => Value not found.HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.HKU\ UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.==== End of Fixlog ==== I am not able to boot into normal mode, it gets to the starting windows stage, finishes like its going to start then goes to an all black screen and remains like that. Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698139 Share Posted July 3, 2013 so it just now got to the login screen, a full 20 minutes after i turned it on Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698141 Share Posted July 3, 2013 Hmm.. For some reason, it couldn't delete much of the malware we wanted it to. See if you can run FRST again, but only do a scan this time- please post the new FRST.txt in your next reply Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698144 Share Posted July 3, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013Ran by Austin (administrator) on 03-07-2013 01:23:57Running from G:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Safe Mode (minimal)==================== Processes (Whitelisted) =================(Microsoft Corporation) C:\Windows\system32\cmd.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684264 2009-02-06] (Synaptics Incorporated)HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [52480 2009-04-24] (Alienware Corporation)HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)HKLM\...\Run: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait [42496 2012-01-30] (Contributors)HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-11-29] (LogMeIn, Inc.)HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [75825640 2013-06-13] (Microsoft Corporation)HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)HKCU\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [742264 2012-03-30] (BitTorrent, Inc.)HKCU\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [x]HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] ()HKCU\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 [67456 2011-11-07] (Uniblue Systems Limited)HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTIONHKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTIONHKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONHKCU\...\Run: [Akamai NetSession Interface] [x]HKCU\...\Run: [svidete] rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup [x]HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONMountPoints2: {1c1a6c67-9403-11de-b5da-0025643a50d8} - E:\LaunchU3.exe -aMountPoints2: {b6401647-eabf-11de-ae7c-806e6f6e6963} - D:\DVDROM\MediaManager\MediaManagerII.exeHKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)HKLM-x32\...\Run: [bDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe" [75048 2009-05-01] (cyberlink)HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-01-22] (Symantec Corporation)HKLM-x32\...\Run: [FAStartup] [x]HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95496 2009-03-05] (Sensible Vision )HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)HKLM-x32\...\Run: [OSD] c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2007-12-14] ()HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2008-10-17] (CyberLink Corp.)HKLM-x32\...\Run: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)HKLM-x32\...\Run: [backupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation)HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x]HKLM-x32\...\Run: [ALUAlert] "C:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" [492912 2008-06-30] (Symantec Corporation)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1563720 2013-06-08] (Anvisoft)HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTIONAppInit_DLLs-x32: [0 ] ()Lsa: [Notification Packages] scecli FAPassSyncStartup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnkShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File)Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnkShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnkShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)Startup: C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnkShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/xbox-360HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmURLSearchHook: (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No FileURLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No FileSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110828033131655&tb_oid=28-08-2011&tb_mrud=28-08-2011BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No FileBHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No FileBHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll No FileToolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://www.support.dell.com/systemprofiler/SysProExe.CABDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABDPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6089/mcfscan.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtFireFox:========FF ProfilePath: C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.defaultFF NetworkProxy: "type", 4FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}FF Extension: Microsoft .NET Framework Assistant - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}FF Extension: Google Toolbar for Firefox - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: AOL Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}FF Extension: AOL Messaging Toolbar - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760}FF Extension: uriloader - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\uriloader@pdf.js.xpiFF Extension: wdfopjxrea - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\wdfopjxrea@wdfopjxrea.org.xpiFF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpiFF Extension: No Name - C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description></RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>{3112ca9c-de6d-4884-a869-9855de68056c}</em:id> <em:version>3.1.20081127W</em:version> <!-- For Up-To-Date Documentation of this Format Please See: http://www.mozilla.org/projects/firefox/extensions/packaging/extensions.html --> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>2.0</em:minVersion> <em:maxVersion>3.*</em:maxVersion> </Description> </em:targetApplication> <em:targetPlatform>WINNT</em:targetPlatform> <em:name>Google Toolbar for Firefox</em:name> <em:description>Take the power of Google with you anywhere on the Web!</em:description> <em:creator>Google Inc.</em:creator> <em:homepageURL>http://www.google.com/</em:homepageURL> <em:updateURL><![CDATA[https://tools.google.com/firefox/update?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%&dist=google]]></em:updateURL> <em:file> <Description about="urn:mozilla:extension:file:google-toolbar.jar"> <em:package>content/</em:package> <em:locale>locale/en-US/</em:locale> <em:locale>locale/da-DK/</em:locale> <em:locale>locale/de-DE/</em:locale> <em:locale>locale/es-AR/</em:locale> <em:locale>locale/es-ES/</em:locale> <em:locale>locale/fi-FI/</em:locale> <em:locale>locale/fr-FR/</em:locale> <em:locale>locale/it-IT/</em:locale> <em:locale>locale/ja-JP/</em:locale> <em:locale>locale/ja-JPM/</em:locale> <em:locale>locale/ko-KR/</em:locale> <em:locale>locale/nb-NO/</em:locale> <em:locale>locale/nl-NL/</em:locale> <em:locale>locale/pt-BR/</em:locale> <em:locale>locale/ru-RU/</em:locale> <em:locale>locale/sv-SE/</em:locale> <em:locale>locale/zh-CN/</em:locale> <em:locale>locale/zh-TW/</em:locale> <em:skin>skin/</em:skin> </Description> </em:file> </Description></RDF> - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\FirefoxFF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\FirefoxFF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>smartwebprinting@hp.com</em:id> <em:version>4.60</em:version> <em:targetApplication> <!-- Firefox --> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>3.5.0.0</em:minVersion> <em:maxVersion>3.5.*.*</em:maxVersion> </Description> </em:targetApplication> <!-- front-end metadata --> <em:name>HP Smart Web Printing</em:name> <em:description>Print what you want, how you want.</em:description> <em:creator>hp.com</em:creator> <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL> <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform> </Description></RDF> - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKCU\...\Firefox\Extensions: [{C0B62AAB-8E55-4B42-8670-E066358BE912}] C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\FF Extension: <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:name>XULRunner</em:name> <em:id>{C0B62AAB-8E55-4B42-8670-E066358BE912}</em:id> <em:version>1.9.1</em:version> <em:creator>Mozilla Corp.</em:creator> <em:description>XULRunner is a Mozilla runtime package</em:description> <em:type>2</em:type> <em:hidden>true</em:hidden> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>1.5</em:minVersion> <em:maxVersion>3.*.*.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Users\Austin\AppData\Local\{C0B62AAB-8E55-4B42-8670-E066358BE912}\Chrome:=======CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No FileCHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No FileCHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No FileCHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No FileCHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Default Plug-in) - default_plugin No File==================== Services (Whitelisted) =================S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-08] (Anvisoft)S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-01-22] (Symantec Corporation)S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2360584 2009-03-05] (Sensible Vision )S2 gupdate1ca70abb4bf12a0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-11-29] (Google Inc.)S3 HcwDevCentralService; C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [401232 2013-02-07] (Hauppauge Computer Works, Inc.)S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation)S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.)S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.)S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-07-25] ()S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.)S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-22] ()S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3081544 2009-01-22] (Symantec Corporation)S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [388424 2009-01-22] (Symantec Corporation)S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe [268288 2009-03-19] (IDT, Inc.)S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-01-22] (Symantec Corporation)S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]==================== Drivers (Whitelisted) ====================S4 ahcix64; C:\Windows\system32\drivers\ahcix64.sys [146944 2008-07-29] (ATI Technologies Inc.)S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft)S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-15] (Symantec Corporation)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.)R0 JGOGO; C:\Windows\System32\drivers\jgogo.sys [8704 2006-02-07] (JMicron )S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)S4 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [163736 2007-06-15] (Marvell Semiconductor, Inc.)S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)S3 OA007Vid; C:\Windows\System32\DRIVERS\OA007Vid.sys [310208 2008-12-27] (Creative Technology Ltd.)S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [441904 2009-01-22] (Symantec Corporation)S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [480816 2009-01-22] (Symantec Corporation)S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-01-22] (Symantec Corporation)S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2009-07-28] (Symantec Corporation)S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)S3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-03-05] (CyberLink Corp.)S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]S4 LMIRfsClientNP; No ImagePathS3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]S3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-07-03 01:22 - 2013-07-03 01:22 - 00282680 ____A C:\Windows\Minidump\070313-28828-01.dmp2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp2013-07-02 10:17 - 2013-07-02 10:18 - 00001448 ____A C:\AdwCleaner[s4].txt2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt2013-07-02 00:35 - 2013-07-02 00:36 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft2013-06-30 18:02 - 2012-11-07 03:16 - 00023376 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys2013-06-30 18:02 - 2012-11-07 03:16 - 00018768 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys2013-06-30 18:02 - 2012-11-07 03:16 - 00017232 ____A C:\Windows\System32\Drivers\asdws.sys2013-06-30 17:55 - 2013-06-30 17:57 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini2013-06-30 17:25 - 2013-06-30 17:26 - 00023306 ____A C:\AdwCleaner[s1].txt2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill2013-06-30 17:16 - 2013-07-02 11:33 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group2013-06-30 12:31 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys2013-06-30 12:30 - 2013-06-30 12:31 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan2013-06-30 11:51 - 2013-07-03 00:00 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job2013-06-30 11:51 - 2013-06-30 17:23 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad2013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-06-23 01:35 - 2013-06-23 13:48 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps32013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url2013-06-16 03:02 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-16 03:02 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-16 03:02 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-16 03:02 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-16 03:02 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-16 03:02 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-16 03:02 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-06-16 03:02 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-06-16 03:02 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-06-16 03:02 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-06-16 03:02 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-06-16 03:02 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-06-13 03:03 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-06-13 03:03 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-06-13 03:03 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-06-13 03:03 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-06-13 03:03 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-06-13 03:03 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-06-13 03:03 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-06-13 03:03 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-06-13 03:03 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-06-12 10:04 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-06-12 10:04 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-06-12 10:04 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll2013-06-12 10:02 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll2013-06-12 10:02 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll2013-06-12 10:01 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-06-12 10:01 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-06-12 09:59 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-06-12 09:59 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-06-12 09:59 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-06-12 09:59 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll2013-06-12 09:59 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-06-12 09:59 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-06-12 09:59 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-06-12 09:59 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe2013-06-12 09:59 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe2013-06-12 09:59 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll2013-06-12 09:58 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll2013-06-12 09:58 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-06-05 09:43 - 2013-06-05 09:50 - 00008121 ____A C:\Windows\IE10_main.log==================== One Month Modified Files and Folders =======2013-07-03 01:22 - 2013-07-03 01:22 - 00282680 ____A C:\Windows\Minidump\070313-28828-01.dmp2013-07-03 01:22 - 2011-04-21 10:07 - 00000000 ____D C:\Windows\Minidump2013-07-03 01:22 - 2009-12-12 04:29 - 599587703 ____A C:\Windows\MEMORY.DMP2013-07-03 01:17 - 2011-09-05 23:37 - 00000000 ____D C:\Users\Austin\AppData\Local\LogMeIn Hamachi2013-07-03 01:16 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-03 01:15 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job2013-07-03 01:15 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job2013-07-03 01:15 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-07-03 01:14 - 2009-07-14 00:51 - 01935559 ____A C:\Windows\setupact.log2013-07-03 01:14 - 2009-07-10 19:58 - 00000000 ____D C:\ProgramData\NVIDIA2013-07-03 00:53 - 2009-07-14 01:13 - 00797670 ____A C:\Windows\System32\PerfStringBackup.INI2013-07-03 00:40 - 2013-07-03 00:40 - 00000000 ____D C:\FRST2013-07-03 00:04 - 2013-07-03 00:04 - 00284080 ____A C:\Windows\Minidump\070313-30997-01.dmp2013-07-03 00:01 - 2010-07-23 21:24 - 00000000 ____D C:\Users\Austin\AppData\Local\PMB Files2013-07-03 00:01 - 2010-05-07 10:46 - 00000000 ____D C:\Users\Austin\AppData\Roaming\uTorrent2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job2013-07-03 00:00 - 2013-03-22 00:34 - 00000000 ____D C:\ProgramData\LogMeIn2013-07-03 00:00 - 2009-12-17 00:41 - 01892612 ____A C:\Windows\WindowsUpdate.log2013-07-02 23:54 - 2012-02-05 14:55 - 00000000 ____D C:\Users\Austin\.jedit2013-07-02 23:54 - 2009-07-23 12:36 - 00000000 ____D C:\Program Files (x86)\Steam2013-07-02 23:45 - 2009-12-17 00:29 - 00391708 ____A C:\Windows\PFRO.log2013-07-02 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat2013-07-02 18:25 - 2013-05-23 14:53 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-07-02 18:25 - 2011-12-22 01:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-02 18:25 - 2010-07-23 21:23 - 00000000 ____D C:\ProgramData\PMB Files2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\sysprep2013-07-02 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration2013-07-02 14:42 - 2009-12-16 23:57 - 00000000 ____D C:\users\Austin2013-07-02 14:37 - 2013-07-02 14:37 - 00270864 ____A C:\Windows\Minidump\070213-24788-01.dmp2013-07-02 11:35 - 2012-07-10 12:03 - 00007594 ____A C:\Users\Austin\AppData\Local\Resmon.ResmonCfg2013-07-02 11:33 - 2013-06-30 17:16 - 00002432 ____A C:\Users\Austin\Desktop\Rkill.txt2013-07-02 11:06 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV2013-07-02 10:18 - 2013-07-02 10:17 - 00001448 ____A C:\AdwCleaner[s4].txt2013-07-02 00:52 - 2013-07-02 00:52 - 00000340 ____A C:\AdwCleaner[s3].txt2013-07-02 00:36 - 2013-07-02 00:35 - 00000288 ____A C:\Users\Austin\Desktop\RootkitRemover20130702003526.txt2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-07-01 07:43 - 2009-12-16 23:56 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-30 19:34 - 2013-06-30 19:34 - 00000000 ____D C:\ProgramData\hvbhp2013-06-30 18:33 - 2013-06-30 18:33 - 00001268 ____A C:\AdwCleaner[R3].txt2013-06-30 18:33 - 2013-06-30 18:33 - 00000340 ____A C:\AdwCleaner[s2].txt2013-06-30 18:02 - 2013-06-30 18:02 - 00001186 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\ProgramData\Anvisoft2013-06-30 18:02 - 2013-06-30 18:02 - 00000000 ____D C:\Program Files (x86)\Anvisoft2013-06-30 17:57 - 2013-06-30 17:55 - 00000004 ____A C:\Users\Austin\AppData\Roaming\skype.ini2013-06-30 17:26 - 2013-06-30 17:25 - 00023306 ____A C:\AdwCleaner[s1].txt2013-06-30 17:25 - 2013-06-30 17:25 - 00022764 ____A C:\AdwCleaner[R2].txt2013-06-30 17:24 - 2013-06-30 17:24 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64-23471.exe2013-06-30 17:23 - 2013-06-30 11:51 - 00000793 ____A C:\Users\Austin\Desktop\Internet Security Pro.lnk2013-06-30 17:22 - 2013-06-30 17:22 - 00022703 ____A C:\AdwCleaner[R1].txt2013-06-30 17:18 - 2013-06-30 17:18 - 00991872 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill64.exe2013-06-30 17:18 - 2013-06-30 17:18 - 00648201 ____A C:\Users\Austin\Desktop\AdwCleaner.exe2013-06-30 17:17 - 2013-06-30 17:17 - 00000000 ____D C:\Users\Austin\Desktop\rkill2013-06-30 17:16 - 2013-06-30 17:16 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Austin\Desktop\rkill.exe2013-06-30 12:31 - 2013-06-30 12:31 - 00002258 ____A C:\Users\Austin\Desktop\SpyHunter.lnk2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\sh4ldr2013-06-30 12:31 - 2013-06-30 12:31 - 00000000 ____D C:\Program Files\Enigma Software Group2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP2013-06-30 12:17 - 2013-06-30 12:17 - 00000040 ____A C:\Users\Austin\AppData\Roaming\mbam.context.scan2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 ____D C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad2013-06-29 11:30 - 2010-05-07 11:05 - 00000404 ___AH C:\Windows\Tasks\Norton Security Scan for Austin.job2013-06-29 01:11 - 2010-12-21 20:24 - 00000000 ____D C:\Users\Austin\AppData\Roaming\vlc2013-06-27 02:20 - 2010-09-05 11:09 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job2013-06-23 13:51 - 2009-07-23 12:51 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Adobe2013-06-23 13:48 - 2013-06-23 01:35 - 00000000 ____D C:\Users\Austin\AppData\Local\Fraps32013-06-23 13:33 - 2013-06-23 13:33 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-06-23 13:33 - 2009-07-10 20:45 - 00000000 ____D C:\Program Files (x86)\Adobe2013-06-23 13:32 - 2009-07-30 19:07 - 00000000 ____D C:\Users\Austin\AppData\Local\Adobe2013-06-23 13:31 - 2009-07-10 20:45 - 00000000 ____D C:\ProgramData\Adobe2013-06-23 01:35 - 2012-03-06 14:24 - 00000000 ____D C:\Users\Austin\AppData\Local\Amazon2013-06-18 12:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2013-06-16 23:25 - 2013-06-16 23:25 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Program Files (x86)\OpenAL2013-06-16 23:24 - 2009-07-10 20:47 - 00531797 ____A C:\Windows\DirectX.log2013-06-16 23:10 - 2013-06-16 23:10 - 00000195 ____A C:\Users\Austin\Desktop\Hotline Miami.url2013-06-13 03:14 - 2009-07-30 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help2013-06-13 03:06 - 2010-08-05 12:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-06-11 23:17 - 2012-05-09 17:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-06-11 23:17 - 2012-01-20 13:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-06-11 23:16 - 2013-06-11 23:16 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-06-10 12:30 - 2013-06-10 12:30 - 00000221 ____A C:\Users\Austin\Desktop\Saints Row The Third.url2013-06-08 10:54 - 2013-03-22 00:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn2013-06-08 10:53 - 2013-03-22 00:35 - 00107368 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll2013-06-08 10:53 - 2013-03-22 00:35 - 00035656 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll2013-06-08 10:53 - 2013-03-22 00:34 - 00100680 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll2013-06-08 10:08 - 2013-06-16 03:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-08 10:07 - 2013-06-16 03:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-08 10:06 - 2013-06-16 03:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-08 10:06 - 2013-06-16 03:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-08 10:06 - 2013-06-16 03:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-08 08:28 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-08 07:42 - 2013-06-16 03:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-06-08 07:40 - 2013-06-16 03:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-06-08 07:40 - 2013-06-16 03:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-06-08 07:40 - 2013-06-16 03:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-06-08 07:40 - 2013-06-16 03:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-06-08 07:13 - 2013-06-16 03:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-06-06 03:35 - 2012-05-21 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-06-06 03:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-06-06 01:53 - 2013-06-06 01:53 - 00000220 ____A C:\Users\Austin\Desktop\Garry's Mod.url2013-06-05 09:50 - 2013-06-05 09:43 - 00008121 ____A C:\Windows\IE10_main.log2013-06-05 09:47 - 2013-06-05 09:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-06-05 09:47 - 2013-06-05 09:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-06-05 09:47 - 2013-06-05 09:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-06-05 09:47 - 2013-06-05 09:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-06-05 09:47 - 2013-06-05 09:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-06-05 09:47 - 2013-06-05 09:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exeZeroAccess:C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0Files to move or delete:====================C:\Users\Austin\AppData\Roaming\skype.iniC:\ProgramData\hash.datC:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-06-23 14:31==================== End Of Log ============================ Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698153 Share Posted July 3, 2013 Let's try a slightly different fixlist. Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txtC:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\LC:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\UC:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0C:\Users\Austin\AppData\Roaming\skype.iniC:\ProgramData\hash.datC:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.jobS3 X6va001; \??\C:\Users\Austin\AppData\Local\Temp\001724B.tmp [x]S3 X6va005; \??\C:\Users\Austin\AppData\Local\Temp\0053D8C.tmp [x]HKCU\...\Run: [Temp] rundll32 "C:\Users\Austin\AppData\Local\Amazon\Temp\fbiadppl.dll",DllRegisterServer [1810944 2013-06-23] () <===== ATTENTIONHKCU\...\Run: [Fraps3] rundll32.exe C:\Users\Austin\AppData\Local\Fraps3\garmgewv.dll,JXhHYSSCCEqMdWIlJVRUWCnVUqS [593408 2013-06-23] (?????????? ??????????) <===== ATTENTIONHKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONHKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Austin\AppData\Local\adaa6f88-ff87-4fc9-b22e-35a108e2205aad\adaaffffcbeaeaad.exe [172544 2013-06-30] () <===== ATTENTIONHKCU\...\Winlogon: [shell] C:\Users\Austin\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTIONHKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\n. ATTENTION! ====> ZeroAccess?HKU\UpdatusUser\...\Winlogon: [shell] Explorer.exe <==== ATTENTION2013-06-30 12:31 - 2013-06-30 12:30 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP2013-07-01 07:20 - 2012-05-09 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-07-01 07:44 - 2009-11-29 00:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-03 00:00 - 2013-06-30 11:51 - 00000336 ___AH C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job2013-07-03 01:16 - 2009-11-29 00:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-03 01:15 - 2013-04-11 11:52 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job2013-07-03 01:15 - 2012-01-29 23:37 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job2013-07-03 01:15 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DATHKLM-x32\...\Run: [] [x]Startup: C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnkShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (No File)NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system It's around 1AM here so I'll call it a night. I will check back here in the morning. Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698158 Share Posted July 3, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013Ran by Austin at 2013-07-03 01:51:24 Run:2Running from G:\Boot Mode: Safe Mode (minimal)==============================================C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => File/Directory not found. X6va001 => Service not found. X6va005 => Service not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Temp => Value not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ Fraps3 => Value not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Adobe CSS5.1 Manager => Value not found.HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.HKU\ UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => Moved successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698329 Share Posted July 3, 2013 Something isn't right. Here, I've uploaded the fixlist for you here- save that directly to the flash drive and try running it. fixlist.txt Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698356 Share Posted July 3, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013Ran by Austin at 2013-07-03 11:59:10 Run:3Running from G:\Boot Mode: Safe Mode (minimal)==============================================C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0} => File/Directory not found.C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\@ => File/Directory not found.C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\L => File/Directory not found.C:\Users\Austin\AppData\Local\{afe4b345-aebc-1cf6-ffff-527fce0e88d0}\U => File/Directory not found.C:\$Recycle.Bin\S-1-5-21-2975216493-871587154-3665915270-1003\$afe4b345aebc1cf6ffff527fce0e88d0 => Moved successfully.C:\Users\Austin\AppData\Roaming\skype.ini => Moved successfully.C:\ProgramData\hash.dat => Moved successfully.C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => Moved successfully.X6va001 => Service deleted successfully.X6va005 => Service deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Temp => Value deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Fraps3 => Value deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value not found.HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.HKU\UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => File/Directory not found.C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => File/Directory not found.C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => Moved successfully.C:\Windows\Tasks\RegistryBooster.job => Moved successfully.C:\Windows\Tasks\SA.DAT => Moved successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => File/Directory not found.C:\Windows\Tasks\Adobe Flash Player Updater.job => File/Directory not found.C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => File/Directory not found.C:\Windows\Tasks\{D9F027EC-CD7B-4EC4-A8DC-931A2D7DC0DD}.job => File/Directory not found.C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => File/Directory not found.C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => File/Directory not found.C:\Windows\Tasks\RegistryBooster.job => File/Directory not found.C:\Windows\Tasks\SA.DAT => File/Directory not found.C:\ProgramData\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk => Moved successfully.C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698357 Share Posted July 3, 2013 Did that do the trick? Are you able to boot into Normal Mode now? Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698361 Share Posted July 3, 2013 so after 12 minutes which thankfully was shorter than the 20 minutes it took last night i got to the desktop in normal mode. Then my computer detected a problem and gave me a blue screen and restarted. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698362 Share Posted July 3, 2013 Are you able to boot to Safe Mode by any chance? Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698367 Share Posted July 3, 2013 yes Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698369 Share Posted July 3, 2013 Let's start getting rid of the rest of it. Save the following to a flash drive, and I'll need you to run them from within Safe Mode: 1. TDSS Rootkit Removing Tool (TDSSKiller.exe)2. Malwarebytes Anti-Rootkit from HERE3. ComboFix from HERE4. Security Check by screen317 from here or here. ----------Step 1----------------Please locate (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please locate where you saved Malwareytes Anti-RootkitUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please locate ComboFix.exe.http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please locate Security Check...Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698422 Share Posted July 3, 2013 12:38:41.0010 0568 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:1912:38:41.0384 0568 ============================================================12:38:41.0384 0568 Current date / time: 2013/07/03 12:38:41.038412:38:41.0384 0568 SystemInfo:12:38:41.0384 0568 12:38:41.0384 0568 OS Version: 6.1.7601 ServicePack: 1.012:38:41.0384 0568 Product type: Workstation12:38:41.0384 0568 ComputerName: AUSTIN-PC12:38:41.0384 0568 UserName: Austin12:38:41.0384 0568 Windows directory: C:\Windows12:38:41.0384 0568 System windows directory: C:\Windows12:38:41.0384 0568 Running under WOW6412:38:41.0384 0568 Processor architecture: Intel x6412:38:41.0384 0568 Number of processors: 212:38:41.0384 0568 Page size: 0x100012:38:41.0384 0568 Boot type: Safe boot12:38:41.0384 0568 ============================================================12:38:42.0320 0568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004012:38:42.0320 0568 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115800 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'12:38:50.0198 0568 Drive \Device\Harddisk2\DR3 - Size: 0xEF1A8000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'12:38:50.0198 0568 ============================================================12:38:50.0198 0568 \Device\Harddisk0\DR0:12:38:50.0198 0568 MBR partitions:12:38:50.0198 0568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37FEF80012:38:50.0198 0568 \Device\Harddisk1\DR1:12:38:50.0198 0568 MBR partitions:12:38:50.0198 0568 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E0780012:38:50.0198 0568 \Device\Harddisk2\DR3:12:38:50.0198 0568 MBR partitions:12:38:50.0198 0568 \Device\Harddisk2\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x776DC012:38:50.0198 0568 ============================================================12:38:50.0261 0568 C: <-> \Device\Harddisk0\DR0\Partition112:38:50.0292 0568 E: <-> \Device\Harddisk1\DR1\Partition112:38:50.0292 0568 ============================================================12:38:50.0292 0568 Initialize success12:38:50.0292 0568 ============================================================12:38:53.0006 1008 ============================================================12:38:53.0006 1008 Scan started12:38:53.0006 1008 Mode: Manual;12:38:53.0006 1008 ============================================================12:38:53.0053 1008 ================ Scan system memory ========================12:38:53.0053 1008 System memory - ok12:38:53.0053 1008 ================ Scan services =============================12:38:53.0318 1008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys12:38:53.0318 1008 1394ohci - ok12:38:53.0412 1008 ACDaemon - ok12:38:53.0443 1008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys12:38:53.0443 1008 ACPI - ok12:38:53.0490 1008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys12:38:53.0490 1008 AcpiPmi - ok12:38:53.0584 1008 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe12:38:53.0599 1008 AdobeARMservice - ok12:38:53.0771 1008 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe12:38:53.0786 1008 AdobeFlashPlayerUpdateSvc - ok12:38:53.0833 1008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys12:38:53.0833 1008 adp94xx - ok12:38:53.0864 1008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys12:38:53.0864 1008 adpahci - ok12:38:53.0880 1008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys12:38:53.0880 1008 adpu320 - ok12:38:53.0927 1008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll12:38:53.0927 1008 AeLookupSvc - ok12:38:54.0067 1008 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\AESTSr64.exe12:38:54.0098 1008 AESTFilters - ok12:38:54.0176 1008 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys12:38:54.0176 1008 Afc - ok12:38:54.0254 1008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys12:38:54.0254 1008 AFD - ok12:38:54.0301 1008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys12:38:54.0301 1008 agp440 - ok12:38:54.0332 1008 [ 8F4121EB79C000F53331BA836EAFD3D6 ] ahcix64 C:\Windows\system32\drivers\ahcix64.sys12:38:54.0332 1008 ahcix64 - ok12:38:54.0348 1008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe12:38:54.0348 1008 ALG - ok12:38:54.0504 1008 [ DAE4E931AAA2CC2229D6EE9D1E040963 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe12:38:54.0504 1008 AlienFusionService - ok12:38:54.0551 1008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys12:38:54.0551 1008 aliide - ok12:38:54.0582 1008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys12:38:54.0582 1008 amdide - ok12:38:54.0629 1008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys12:38:54.0629 1008 AmdK8 - ok12:38:54.0644 1008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys12:38:54.0644 1008 AmdPPM - ok12:38:54.0676 1008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys12:38:54.0691 1008 amdsata - ok12:38:54.0707 1008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys12:38:54.0707 1008 amdsbs - ok12:38:54.0722 1008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys12:38:54.0722 1008 amdxata - ok12:38:54.0785 1008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys12:38:54.0785 1008 AppID - ok12:38:54.0800 1008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll12:38:54.0800 1008 AppIDSvc - ok12:38:54.0863 1008 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll12:38:54.0863 1008 Appinfo - ok12:38:54.0941 1008 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe12:38:54.0941 1008 Apple Mobile Device - ok12:38:54.0956 1008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys12:38:54.0956 1008 arc - ok12:38:54.0972 1008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys12:38:54.0972 1008 arcsas - ok12:38:55.0050 1008 [ 44837F1CB5BD166A7BD8869F9E86E907 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys12:38:55.0050 1008 asdrm - ok12:38:55.0112 1008 [ 88390FE440DCC3F10556AE41F4EDFCA1 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys12:38:55.0112 1008 asdrs - ok12:38:55.0206 1008 [ ACF9720EFB9B2D5128446F2291F07A7A ] asdsrv C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe12:38:55.0222 1008 asdsrv - ok12:38:55.0268 1008 [ 2D6D1BCBE6B7D0688681CE71C4A4C828 ] asdws C:\Windows\system32\DRIVERS\asdws.sys12:38:55.0268 1008 asdws - ok12:38:55.0393 1008 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe12:38:55.0409 1008 aspnet_state - ok12:38:55.0456 1008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys12:38:55.0456 1008 AsyncMac - ok12:38:55.0518 1008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys12:38:55.0518 1008 atapi - ok12:38:55.0580 1008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll12:38:55.0596 1008 AudioEndpointBuilder - ok12:38:55.0612 1008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll12:38:55.0612 1008 AudioSrv - ok12:38:55.0705 1008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll12:38:55.0705 1008 AxInstSV - ok12:38:55.0752 1008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys12:38:55.0752 1008 b06bdrv - ok12:38:55.0768 1008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys12:38:55.0783 1008 b57nd60a - ok12:38:55.0846 1008 [ 57E58BCD31D8C34CB75649910FFD6D64 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys12:38:55.0892 1008 BCM43XX - ok12:38:55.0939 1008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll12:38:55.0939 1008 BDESVC - ok12:38:55.0939 1008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys12:38:55.0955 1008 Beep - ok12:38:56.0017 1008 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll12:38:56.0033 1008 BFE - ok12:38:56.0095 1008 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll12:38:56.0111 1008 BITS - ok12:38:56.0158 1008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys12:38:56.0158 1008 blbdrive - ok12:38:56.0236 1008 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe12:38:56.0236 1008 Bonjour Service - ok12:38:56.0298 1008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys12:38:56.0298 1008 bowser - ok12:38:56.0329 1008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys12:38:56.0329 1008 BrFiltLo - ok12:38:56.0360 1008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys12:38:56.0360 1008 BrFiltUp - ok12:38:56.0407 1008 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll12:38:56.0423 1008 Browser - ok12:38:56.0438 1008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys12:38:56.0438 1008 Brserid - ok12:38:56.0454 1008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys12:38:56.0454 1008 BrSerWdm - ok12:38:56.0485 1008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys12:38:56.0485 1008 BrUsbMdm - ok12:38:56.0516 1008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys12:38:56.0516 1008 BrUsbSer - ok12:38:56.0579 1008 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys12:38:56.0626 1008 BthEnum - ok12:38:56.0641 1008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys12:38:56.0657 1008 BTHMODEM - ok12:38:56.0672 1008 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys12:38:56.0688 1008 BthPan - ok12:38:56.0704 1008 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys12:38:56.0704 1008 BTHPORT - ok12:38:56.0766 1008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll12:38:56.0766 1008 bthserv - ok12:38:56.0766 1008 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys12:38:56.0766 1008 BTHUSB - ok12:38:56.0797 1008 [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys12:38:56.0797 1008 btwaudio - ok12:38:56.0813 1008 [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt C:\Windows\system32\drivers\btwavdt.sys12:38:56.0813 1008 btwavdt - ok12:38:56.0891 1008 [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe12:38:56.0922 1008 btwdins - ok12:38:56.0969 1008 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys12:38:56.0969 1008 btwl2cap - ok12:38:57.0016 1008 [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys12:38:57.0016 1008 btwrchid - ok12:38:57.0078 1008 [ 93A45B3F2403670A6D14A0B466D97698 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe12:38:57.0078 1008 ccEvtMgr - ok12:38:57.0094 1008 [ 93A45B3F2403670A6D14A0B466D97698 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe12:38:57.0094 1008 ccSetMgr - ok12:38:57.0094 1008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys12:38:57.0094 1008 cdfs - ok12:38:57.0140 1008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys12:38:57.0140 1008 cdrom - ok12:38:57.0203 1008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll12:38:57.0203 1008 CertPropSvc - ok12:38:57.0281 1008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys12:38:57.0281 1008 circlass - ok12:38:57.0328 1008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys12:38:57.0343 1008 CLFS - ok12:38:57.0421 1008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe12:38:57.0437 1008 clr_optimization_v2.0.50727_32 - ok12:38:57.0499 1008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe12:38:57.0515 1008 clr_optimization_v2.0.50727_64 - ok12:38:57.0593 1008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe12:38:57.0780 1008 clr_optimization_v4.0.30319_32 - ok12:38:57.0827 1008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe12:38:57.0874 1008 clr_optimization_v4.0.30319_64 - ok12:38:57.0936 1008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys12:38:57.0936 1008 CmBatt - ok12:38:57.0967 1008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys12:38:57.0967 1008 cmdide - ok12:38:58.0014 1008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys12:38:58.0014 1008 CNG - ok12:38:58.0061 1008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys12:38:58.0061 1008 Compbatt - ok12:38:58.0076 1008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys12:38:58.0076 1008 CompositeBus - ok12:38:58.0108 1008 COMSysApp - ok12:38:58.0123 1008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys12:38:58.0139 1008 crcdisk - ok12:38:58.0186 1008 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll12:38:58.0186 1008 CryptSvc - ok12:38:58.0232 1008 [ 6A56407675844CB11E65964EE35E0B46 ] CustomSvc C:\Program Files\OSD\Service1.exe12:38:58.0248 1008 CustomSvc - ok12:38:58.0279 1008 [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys12:38:58.0279 1008 DAdderFltr - ok12:38:58.0342 1008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll12:38:58.0342 1008 DcomLaunch - ok12:38:58.0388 1008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll12:38:58.0388 1008 defragsvc - ok12:38:58.0435 1008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys12:38:58.0435 1008 DfsC - ok12:38:58.0482 1008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll12:38:58.0482 1008 Dhcp - ok12:38:58.0498 1008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys12:38:58.0498 1008 discache - ok12:38:58.0544 1008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys12:38:58.0544 1008 Disk - ok12:38:58.0591 1008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll12:38:58.0591 1008 Dnscache - ok12:38:58.0638 1008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll12:38:58.0638 1008 dot3svc - ok12:38:58.0669 1008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll12:38:58.0685 1008 DPS - ok12:38:58.0732 1008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys12:38:58.0747 1008 drmkaud - ok12:38:58.0778 1008 dump_wmimmc - ok12:38:58.0825 1008 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys12:38:58.0856 1008 DXGKrnl - ok12:38:58.0872 1008 EagleX64 - ok12:38:58.0919 1008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll12:38:58.0919 1008 EapHost - ok12:38:59.0012 1008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys12:38:59.0075 1008 ebdrv - ok12:38:59.0168 1008 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys12:38:59.0184 1008 eeCtrl - ok12:38:59.0231 1008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe12:38:59.0231 1008 EFS - ok12:38:59.0324 1008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe12:38:59.0324 1008 ehRecvr - ok12:38:59.0371 1008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe12:38:59.0371 1008 ehSched - ok12:38:59.0402 1008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys12:38:59.0402 1008 elxstor - ok12:38:59.0449 1008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys12:38:59.0449 1008 ErrDev - ok12:38:59.0527 1008 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys12:38:59.0527 1008 EsgScanner - ok12:38:59.0574 1008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll12:38:59.0574 1008 EventSystem - ok12:38:59.0590 1008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys12:38:59.0590 1008 exfat - ok12:38:59.0683 1008 [ BCCB1252F5F310C54991888C4B80D997 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe12:38:59.0746 1008 FAService - ok12:38:59.0761 1008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys12:38:59.0777 1008 fastfat - ok12:38:59.0839 1008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe12:38:59.0839 1008 Fax - ok12:38:59.0855 1008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys12:38:59.0855 1008 fdc - ok12:38:59.0902 1008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll12:38:59.0902 1008 fdPHost - ok12:38:59.0917 1008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll12:38:59.0917 1008 FDResPub - ok12:38:59.0917 1008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys12:38:59.0917 1008 FileInfo - ok12:38:59.0933 1008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys12:38:59.0933 1008 Filetrace - ok12:38:59.0948 1008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys12:38:59.0948 1008 flpydisk - ok12:38:59.0995 1008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys12:38:59.0995 1008 FltMgr - ok12:39:00.0058 1008 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll12:39:00.0073 1008 FontCache - ok12:39:00.0167 1008 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe12:39:00.0167 1008 FontCache3.0.0.0 - ok12:39:00.0182 1008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys12:39:00.0182 1008 FsDepends - ok12:39:00.0229 1008 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys12:39:00.0229 1008 fssfltr - ok12:39:00.0338 1008 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe12:39:00.0416 1008 fsssvc - ok12:39:00.0448 1008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys12:39:00.0448 1008 Fs_Rec - ok12:39:00.0510 1008 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys12:39:00.0510 1008 fvevol - ok12:39:00.0526 1008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys12:39:00.0526 1008 gagp30kx - ok12:39:00.0572 1008 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys12:39:00.0572 1008 GEARAspiWDM - ok12:39:00.0619 1008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll12:39:00.0650 1008 gpsvc - ok12:39:00.0744 1008 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca70abb4bf12a0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe12:39:00.0760 1008 gupdate1ca70abb4bf12a0 - ok12:39:00.0806 1008 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe12:39:00.0806 1008 gupdatem - ok12:39:00.0838 1008 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys12:39:00.0838 1008 hamachi - ok12:39:00.0947 1008 [ B1E3F445943F06E36DC079AF28D0F86B ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe12:39:01.0009 1008 Hamachi2Svc - ok12:39:01.0056 1008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys12:39:01.0056 1008 hcw85cir - ok12:39:01.0165 1008 [ 1D3719A2693816261FB8A0D7EC2E7931 ] HcwDevCentralService C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE12:39:01.0181 1008 HcwDevCentralService - ok12:39:01.0228 1008 [ 1DC06A88220FBF4DBED7D352BDA93A26 ] hcwE5bda C:\Windows\system32\drivers\hcwE5bda.sys12:39:01.0243 1008 hcwE5bda - ok12:39:01.0306 1008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys12:39:01.0321 1008 HDAudBus - ok12:39:01.0337 1008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys12:39:01.0337 1008 HidBatt - ok12:39:01.0352 1008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys12:39:01.0352 1008 HidBth - ok12:39:01.0368 1008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys12:39:01.0368 1008 HidIr - ok12:39:01.0415 1008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll12:39:01.0415 1008 hidserv - ok12:39:01.0493 1008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys12:39:01.0493 1008 HidUsb - ok12:39:01.0555 1008 [ 6C92CA750A30650AD73ACA88F5A0CC32 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe12:39:01.0571 1008 HiPatchService - ok12:39:01.0618 1008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll12:39:01.0618 1008 hkmsvc - ok12:39:01.0664 1008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll12:39:01.0664 1008 HomeGroupListener - ok12:39:01.0711 1008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll12:39:01.0711 1008 HomeGroupProvider - ok12:39:01.0805 1008 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll12:39:01.0820 1008 hpqcxs08 - ok12:39:01.0852 1008 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll12:39:01.0852 1008 hpqddsvc - ok12:39:01.0867 1008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys12:39:01.0867 1008 HpSAMD - ok12:39:01.0930 1008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys12:39:01.0945 1008 HTTP - ok12:39:01.0992 1008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys12:39:01.0992 1008 hwpolicy - ok12:39:02.0023 1008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys12:39:02.0023 1008 i8042prt - ok12:39:02.0086 1008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys12:39:02.0086 1008 iaStorV - ok12:39:02.0148 1008 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe12:39:02.0164 1008 idsvc - ok12:39:02.0210 1008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys12:39:02.0210 1008 iirsp - ok12:39:02.0257 1008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll12:39:02.0273 1008 IKEEXT - ok12:39:02.0288 1008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys12:39:02.0304 1008 intelide - ok12:39:02.0335 1008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys12:39:02.0335 1008 intelppm - ok12:39:02.0398 1008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll12:39:02.0398 1008 IPBusEnum - ok12:39:02.0444 1008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys12:39:02.0444 1008 IpFilterDriver - ok12:39:02.0507 1008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys12:39:02.0522 1008 IPMIDRV - ok12:39:02.0522 1008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys12:39:02.0538 1008 IPNAT - ok12:39:02.0616 1008 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe12:39:02.0647 1008 iPod Service - ok12:39:02.0663 1008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys12:39:02.0663 1008 IRENUM - ok12:39:02.0678 1008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys12:39:02.0678 1008 isapnp - ok12:39:02.0694 1008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys12:39:02.0710 1008 iScsiPrt - ok12:39:02.0756 1008 [ 5FEF11C18EC25CDCB27E6C8680690B69 ] itecir C:\Windows\system32\DRIVERS\itecir.sys12:39:02.0772 1008 itecir - ok12:39:02.0803 1008 [ 7FF7DB8466DA74DA7AD64A55F31221F6 ] JGOGO C:\Windows\system32\drivers\jgogo.sys12:39:02.0803 1008 JGOGO - ok12:39:02.0819 1008 [ F8D19D891C60213FAB6DB93EEF2DA2A5 ] JRAID C:\Windows\system32\drivers\jraid.sys12:39:02.0819 1008 JRAID - ok12:39:02.0834 1008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys12:39:02.0834 1008 kbdclass - ok12:39:02.0881 1008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys12:39:02.0881 1008 kbdhid - ok12:39:02.0897 1008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe12:39:02.0897 1008 KeyIso - ok12:39:02.0944 1008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys12:39:02.0944 1008 KSecDD - ok12:39:02.0959 1008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys12:39:02.0959 1008 KSecPkg - ok12:39:02.0975 1008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys12:39:02.0975 1008 ksthunk - ok12:39:03.0022 1008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll12:39:03.0037 1008 KtmRm - ok12:39:03.0068 1008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll12:39:03.0068 1008 LanmanServer - ok12:39:03.0115 1008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll12:39:03.0131 1008 LanmanWorkstation - ok12:39:03.0271 1008 [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE12:39:03.0334 1008 LiveUpdate - ok12:39:03.0380 1008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys12:39:03.0380 1008 lltdio - ok12:39:03.0412 1008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll12:39:03.0412 1008 lltdsvc - ok12:39:03.0427 1008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll12:39:03.0427 1008 lmhosts - ok12:39:03.0552 1008 [ 8F2CFF01F12955477450DA5E572D4001 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe12:39:03.0568 1008 LMIGuardianSvc - ok12:39:03.0630 1008 [ 0F28935ECF1FBDEC22BAF720A5A94564 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys12:39:03.0630 1008 LMIInfo - ok12:39:03.0692 1008 [ CA86C7042E406070B905AE6CA45D22EA ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe12:39:03.0692 1008 LMIMaint - ok12:39:03.0755 1008 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys12:39:03.0755 1008 lmimirr - ok12:39:03.0755 1008 LMIRfsClientNP - ok12:39:03.0770 1008 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys12:39:03.0770 1008 LMIRfsDriver - ok12:39:03.0817 1008 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe12:39:03.0817 1008 LogMeIn - ok12:39:03.0864 1008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys12:39:03.0880 1008 LSI_FC - ok12:39:03.0911 1008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys12:39:03.0911 1008 LSI_SAS - ok12:39:03.0926 1008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys12:39:03.0942 1008 LSI_SAS2 - ok12:39:03.0958 1008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys12:39:03.0973 1008 LSI_SCSI - ok12:39:04.0004 1008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys12:39:04.0004 1008 luafv - ok12:39:04.0051 1008 [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe12:39:04.0051 1008 Macromedia Licensing Service - ok12:39:04.0098 1008 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys12:39:04.0114 1008 MBAMProtector - ok12:39:04.0223 1008 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe12:39:04.0223 1008 MBAMScheduler - ok12:39:04.0254 1008 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe12:39:04.0285 1008 MBAMService - ok12:39:04.0316 1008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll12:39:04.0316 1008 Mcx2Svc - ok12:39:04.0348 1008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys12:39:04.0348 1008 megasas - ok12:39:04.0379 1008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys12:39:04.0379 1008 MegaSR - ok12:39:04.0472 1008 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe12:39:04.0519 1008 Microsoft Office Groove Audit Service - ok12:39:04.0566 1008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll12:39:04.0566 1008 MMCSS - ok12:39:04.0582 1008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys12:39:04.0582 1008 Modem - ok12:39:04.0628 1008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys12:39:04.0628 1008 monitor - ok12:39:04.0675 1008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys12:39:04.0675 1008 mouclass - ok12:39:04.0722 1008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys12:39:04.0738 1008 mouhid - ok12:39:04.0784 1008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys12:39:04.0784 1008 mountmgr - ok12:39:04.0894 1008 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe12:39:04.0909 1008 MozillaMaintenance - ok12:39:04.0909 1008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys12:39:04.0925 1008 mpio - ok12:39:04.0940 1008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys12:39:04.0940 1008 mpsdrv - ok12:39:05.0018 1008 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll12:39:05.0034 1008 MpsSvc - ok12:39:05.0081 1008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys12:39:05.0081 1008 MRxDAV - ok12:39:05.0128 1008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys12:39:05.0128 1008 mrxsmb - ok12:39:05.0159 1008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys12:39:05.0159 1008 mrxsmb10 - ok12:39:05.0174 1008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys12:39:05.0190 1008 mrxsmb20 - ok12:39:05.0221 1008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys12:39:05.0221 1008 msahci - ok12:39:05.0237 1008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys12:39:05.0252 1008 msdsm - ok12:39:05.0268 1008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe12:39:05.0268 1008 MSDTC - ok12:39:05.0315 1008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys12:39:05.0315 1008 Msfs - ok12:39:05.0330 1008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys12:39:05.0330 1008 mshidkmdf - ok12:39:05.0330 1008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys12:39:05.0330 1008 msisadrv - ok12:39:05.0393 1008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll12:39:05.0393 1008 MSiSCSI - ok12:39:05.0393 1008 msiserver - ok12:39:05.0424 1008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys12:39:05.0440 1008 MSKSSRV - ok12:39:05.0455 1008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys12:39:05.0455 1008 MSPCLOCK - ok12:39:05.0471 1008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys12:39:05.0471 1008 MSPQM - ok12:39:05.0518 1008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys12:39:05.0518 1008 MsRPC - ok12:39:05.0533 1008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys12:39:05.0533 1008 mssmbios - ok12:39:05.0564 1008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys12:39:05.0564 1008 MSTEE - ok12:39:05.0580 1008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys12:39:05.0580 1008 MTConfig - ok12:39:05.0627 1008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys12:39:05.0627 1008 Mup - ok12:39:05.0658 1008 [ 72BC95EAD29FAF301FDD4B733C30EE19 ] mv61xx C:\Windows\system32\drivers\mv61xx.sys12:39:05.0658 1008 mv61xx - ok12:39:05.0705 1008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll12:39:05.0720 1008 napagent - ok12:39:05.0767 1008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys12:39:05.0767 1008 NativeWifiP - ok12:39:05.0939 1008 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\ENG64.SYS12:39:05.0939 1008 NAVENG - ok12:39:06.0001 1008 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130630.003\EX64.SYS12:39:06.0048 1008 NAVEX15 - ok12:39:06.0126 1008 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys12:39:06.0142 1008 NDIS - ok12:39:06.0204 1008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys12:39:06.0204 1008 NdisCap - ok12:39:06.0251 1008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys12:39:06.0251 1008 NdisTapi - ok12:39:06.0298 1008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys12:39:06.0298 1008 Ndisuio - ok12:39:06.0360 1008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys12:39:06.0360 1008 NdisWan - ok12:39:06.0407 1008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys12:39:06.0407 1008 NDProxy - ok12:39:06.0500 1008 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe12:39:06.0516 1008 Nero BackItUp Scheduler 4.0 - ok12:39:06.0578 1008 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll12:39:06.0578 1008 Net Driver HPZ12 - ok12:39:06.0594 1008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys12:39:06.0594 1008 NetBIOS - ok12:39:06.0641 1008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys12:39:06.0656 1008 NetBT - ok12:39:06.0656 1008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe12:39:06.0656 1008 Netlogon - ok12:39:06.0719 1008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll12:39:06.0734 1008 Netman - ok12:39:06.0812 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe12:39:06.0859 1008 NetMsmqActivator - ok12:39:06.0875 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe12:39:06.0875 1008 NetPipeActivator - ok12:39:06.0906 1008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll12:39:06.0906 1008 netprofm - ok12:39:06.0906 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe12:39:06.0906 1008 NetTcpActivator - ok12:39:06.0922 1008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe12:39:06.0922 1008 NetTcpPortSharing - ok12:39:06.0922 1008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys12:39:06.0937 1008 nfrd960 - ok12:39:06.0984 1008 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll12:39:07.0000 1008 NlaSvc - ok12:39:07.0000 1008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys12:39:07.0000 1008 Npfs - ok12:39:07.0031 1008 npggsvc - ok12:39:07.0046 1008 NPPTNT2 - ok12:39:07.0062 1008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll12:39:07.0078 1008 nsi - ok12:39:07.0093 1008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys12:39:07.0093 1008 nsiproxy - ok12:39:07.0156 1008 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys12:39:07.0187 1008 Ntfs - ok12:39:07.0265 1008 [ 07953351A3424BAA50FC5C4A1434FB04 ] NTI BackupNowEZSvr C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe12:39:07.0265 1008 NTI BackupNowEZSvr - ok12:39:07.0280 1008 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys12:39:07.0280 1008 NTIDrvr - ok12:39:07.0296 1008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys12:39:07.0296 1008 Null - ok12:39:07.0374 1008 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys12:39:07.0374 1008 NVENETFD - ok12:39:07.0624 1008 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys12:39:07.0842 1008 nvlddmkm - ok12:39:07.0904 1008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys12:39:07.0904 1008 nvraid - ok12:39:07.0936 1008 [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys12:39:07.0936 1008 nvrd64 - ok12:39:07.0936 1008 [ 71C1C6F1D0E5F29E7BCD62411F5D9EB6 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys12:39:07.0951 1008 nvsmu - ok12:39:07.0951 1008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys12:39:07.0967 1008 nvstor - ok12:39:08.0014 1008 [ 581286807B5832503FD700A3217B589F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys12:39:08.0014 1008 nvstor64 - ok12:39:08.0060 1008 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe12:39:08.0092 1008 nvsvc - ok12:39:08.0170 1008 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe12:39:08.0201 1008 nvUpdatusService - ok12:39:08.0216 1008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys12:39:08.0216 1008 nv_agp - ok12:39:08.0263 1008 [ A884303EA5CD3D250B514FDD5CE92AC8 ] OA007Vid C:\Windows\system32\DRIVERS\OA007Vid.sys12:39:08.0263 1008 OA007Vid - ok12:39:08.0404 1008 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE12:39:08.0419 1008 odserv - ok12:39:08.0466 1008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys12:39:08.0466 1008 ohci1394 - ok12:39:08.0513 1008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE12:39:08.0513 1008 ose - ok12:39:08.0560 1008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll12:39:08.0560 1008 p2pimsvc - ok12:39:08.0622 1008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll12:39:08.0622 1008 p2psvc - ok12:39:08.0653 1008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys12:39:08.0653 1008 Parport - ok12:39:08.0700 1008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys12:39:08.0700 1008 partmgr - ok12:39:08.0716 1008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll12:39:08.0716 1008 PcaSvc - ok12:39:08.0731 1008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys12:39:08.0747 1008 pci - ok12:39:08.0762 1008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys12:39:08.0762 1008 pciide - ok12:39:08.0778 1008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys12:39:08.0778 1008 pcmcia - ok12:39:08.0794 1008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys12:39:08.0794 1008 pcw - ok12:39:08.0809 1008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys12:39:08.0825 1008 PEAUTH - ok12:39:08.0918 1008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe12:39:09.0106 1008 PerfHost - ok12:39:09.0152 1008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll12:39:09.0184 1008 pla - ok12:39:09.0215 1008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll12:39:09.0230 1008 PlugPlay - ok12:39:09.0293 1008 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll12:39:09.0293 1008 Pml Driver HPZ12 - ok12:39:09.0324 1008 PnkBstrA - ok12:39:09.0355 1008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll12:39:09.0371 1008 PNRPAutoReg - ok12:39:09.0386 1008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll12:39:09.0386 1008 PNRPsvc - ok12:39:09.0433 1008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll12:39:09.0449 1008 PolicyAgent - ok12:39:09.0496 1008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll12:39:09.0496 1008 Power - ok12:39:09.0542 1008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys12:39:09.0542 1008 PptpMiniport - ok12:39:09.0574 1008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys12:39:09.0574 1008 Processor - ok12:39:09.0620 1008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll12:39:09.0620 1008 ProfSvc - ok12:39:09.0636 1008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe12:39:09.0636 1008 ProtectedStorage - ok12:39:09.0683 1008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys12:39:09.0698 1008 Psched - ok12:39:09.0745 1008 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys12:39:09.0745 1008 PxHlpa64 - ok12:39:09.0776 1008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys12:39:09.0808 1008 ql2300 - ok12:39:09.0823 1008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys12:39:09.0839 1008 ql40xx - ok12:39:09.0854 1008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll12:39:09.0854 1008 QWAVE - ok12:39:09.0870 1008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys12:39:09.0870 1008 QWAVEdrv - ok12:39:09.0886 1008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys12:39:09.0886 1008 RasAcd - ok12:39:09.0917 1008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys12:39:09.0917 1008 RasAgileVpn - ok12:39:09.0932 1008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll12:39:09.0948 1008 RasAuto - ok12:39:09.0979 1008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys12:39:09.0979 1008 Rasl2tp - ok12:39:10.0026 1008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll12:39:10.0057 1008 RasMan - ok12:39:10.0073 1008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys12:39:10.0073 1008 RasPppoe - ok12:39:10.0088 1008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys12:39:10.0088 1008 RasSstp - ok12:39:10.0135 1008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys12:39:10.0135 1008 rdbss - ok12:39:10.0151 1008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys12:39:10.0151 1008 rdpbus - ok12:39:10.0166 1008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys12:39:10.0166 1008 RDPCDD - ok12:39:10.0213 1008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys12:39:10.0213 1008 RDPENCDD - ok12:39:10.0213 1008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys12:39:10.0213 1008 RDPREFMP - ok12:39:10.0260 1008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys12:39:10.0260 1008 RDPWD - ok12:39:10.0307 1008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys12:39:10.0322 1008 rdyboost - ok12:39:10.0385 1008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll12:39:10.0400 1008 RemoteAccess - ok12:39:10.0447 1008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll12:39:10.0463 1008 RemoteRegistry - ok12:39:10.0510 1008 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys12:39:10.0510 1008 RFCOMM - ok12:39:10.0556 1008 [ CB7C996F3878E936BFDD9CDFE6A3A987 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys12:39:10.0556 1008 rimmptsk - ok12:39:10.0603 1008 [ 2C543F0E04B5F6FD5C17509D0ECE6D1D ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys12:39:10.0603 1008 rimsptsk - ok12:39:10.0619 1008 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys12:39:10.0619 1008 rismxdp - ok12:39:10.0619 1008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll12:39:10.0634 1008 RpcEptMapper - ok12:39:10.0666 1008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe12:39:10.0666 1008 RpcLocator - ok12:39:10.0744 1008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll12:39:10.0744 1008 RpcSs - ok12:39:10.0759 1008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys12:39:10.0759 1008 rspndr - ok12:39:10.0775 1008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe12:39:10.0775 1008 SamSs - ok12:39:10.0822 1008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys12:39:10.0822 1008 sbp2port - ok12:39:10.0853 1008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll12:39:10.0853 1008 SCardSvr - ok12:39:10.0900 1008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys12:39:10.0900 1008 scfilter - ok12:39:10.0962 1008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll12:39:10.0993 1008 Schedule - ok12:39:11.0009 1008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll12:39:11.0009 1008 SCPolicySvc - ok12:39:11.0056 1008 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys12:39:11.0056 1008 sdbus - ok12:39:11.0102 1008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll12:39:11.0102 1008 SDRSVC - ok12:39:11.0149 1008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys12:39:11.0149 1008 secdrv - ok12:39:11.0196 1008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll12:39:11.0196 1008 seclogon - ok12:39:11.0212 1008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll12:39:11.0212 1008 SENS - ok12:39:11.0212 1008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll12:39:11.0212 1008 SensrSvc - ok12:39:11.0243 1008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys12:39:11.0243 1008 Serenum - ok12:39:11.0274 1008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys12:39:11.0274 1008 Serial - ok12:39:11.0305 1008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys12:39:11.0305 1008 sermouse - ok12:39:11.0352 1008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll12:39:11.0368 1008 SessionEnv - ok12:39:11.0414 1008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys12:39:11.0414 1008 sffdisk - ok12:39:11.0430 1008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys12:39:11.0430 1008 sffp_mmc - ok12:39:11.0430 1008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys12:39:11.0446 1008 sffp_sd - ok12:39:11.0461 1008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys12:39:11.0461 1008 sfloppy - ok12:39:11.0508 1008 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll12:39:11.0508 1008 SharedAccess - ok12:39:11.0570 1008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll12:39:11.0570 1008 ShellHWDetection - ok12:39:11.0586 1008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys12:39:11.0586 1008 SiSRaid2 - ok12:39:11.0617 1008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys12:39:11.0617 1008 SiSRaid4 - ok12:39:11.0680 1008 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe12:39:11.0680 1008 SkypeUpdate - ok12:39:11.0711 1008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys12:39:11.0711 1008 Smb - ok12:39:11.0820 1008 [ C5F27FC0503704946148A5E1BB97ADDB ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe12:39:11.0914 1008 SmcService - ok12:39:11.0945 1008 [ 86523066C79C7642CD0F08585A12E412 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE12:39:11.0960 1008 SNAC - ok12:39:12.0007 1008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe12:39:12.0007 1008 SNMPTRAP - ok12:39:12.0023 1008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys12:39:12.0023 1008 spldr - ok12:39:12.0070 1008 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe12:39:12.0070 1008 Spooler - ok12:39:12.0163 1008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe12:39:12.0257 1008 sppsvc - ok12:39:12.0288 1008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll12:39:12.0288 1008 sppuinotify - ok12:39:12.0460 1008 [ 623E4A909E759D73D1C9FA5059A49E9A ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE12:39:12.0491 1008 SpyHunter 4 Service - ok12:39:12.0522 1008 [ 569F8D9768A00AB9A5166997C88EFE42 ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS12:39:12.0538 1008 SRTSP - ok12:39:12.0569 1008 [ FB283AE148CC4C5A4954DAEFBB9DFFF0 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS12:39:12.0584 1008 SRTSPL - ok12:39:12.0584 1008 [ C9ECA0A26CEBADE5134BA01FD8EF86A6 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS12:39:12.0600 1008 SRTSPX - ok12:39:12.0678 1008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys12:39:12.0709 1008 srv - ok12:39:12.0740 1008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys12:39:12.0740 1008 srv2 - ok12:39:12.0756 1008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys12:39:12.0772 1008 srvnet - ok12:39:12.0834 1008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll12:39:12.0834 1008 SSDPSRV - ok12:39:12.0850 1008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll12:39:12.0850 1008 SstpSvc - ok12:39:12.0974 1008 [ FF84750B1AB2F0FCC494DFD41D9656B5 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_41ddbdc34da78989\STacSV64.exe12:39:12.0990 1008 STacSV - ok12:39:13.0021 1008 Steam Client Service - ok12:39:13.0099 1008 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe12:39:13.0115 1008 Stereo Service - ok12:39:13.0146 1008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys12:39:13.0146 1008 stexstor - ok12:39:13.0208 1008 [ DDE4B46E0E91EC78808766EA449457B8 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys12:39:13.0208 1008 STHDA - ok12:39:13.0271 1008 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys12:39:13.0271 1008 StillCam - ok12:39:13.0318 1008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll12:39:13.0333 1008 stisvc - ok12:39:13.0380 1008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys12:39:13.0380 1008 swenum - ok12:39:13.0520 1008 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe12:39:13.0536 1008 SwitchBoard - ok12:39:13.0583 1008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll12:39:13.0583 1008 swprv - ok12:39:13.0645 1008 [ AB135C5739D0AB8CBAAF1D4B23E3C259 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe12:39:13.0723 1008 Symantec AntiVirus - ok12:39:13.0754 1008 [ 70C8D165063EB76F1A373B74456D2AAB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS12:39:13.0754 1008 SymEvent - ok12:39:13.0817 1008 [ 2F240094AFFC3D5AA8BF3060B22FE7ED ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys12:39:13.0817 1008 SynTP - ok12:39:13.0879 1008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll12:39:13.0910 1008 SysMain - ok12:39:13.0957 1008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll12:39:13.0957 1008 TabletInputService - ok12:39:14.0004 1008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll12:39:14.0004 1008 TapiSrv - ok12:39:14.0020 1008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll12:39:14.0020 1008 TBS - ok12:39:14.0082 1008 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys12:39:14.0129 1008 Tcpip - ok12:39:14.0191 1008 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys12:39:14.0207 1008 TCPIP6 - ok12:39:14.0238 1008 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys12:39:14.0254 1008 tcpipreg - ok12:39:14.0300 1008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys12:39:14.0300 1008 TDPIPE - ok12:39:14.0332 1008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys12:39:14.0347 1008 TDTCP - ok12:39:14.0394 1008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys12:39:14.0410 1008 tdx - ok12:39:14.0456 1008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys12:39:14.0456 1008 TermDD - ok12:39:14.0519 1008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll12:39:14.0534 1008 TermService - ok12:39:14.0550 1008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll12:39:14.0550 1008 Themes - ok12:39:14.0597 1008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll12:39:14.0597 1008 THREADORDER - ok12:39:14.0612 1008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll12:39:14.0612 1008 TrkWks - ok12:39:14.0690 1008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe12:39:14.0690 1008 TrustedInstaller - ok12:39:14.0737 1008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys12:39:14.0737 1008 tssecsrv - ok12:39:14.0800 1008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys12:39:14.0800 1008 TsUsbFlt - ok12:39:14.0846 1008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys12:39:14.0846 1008 tunnel - ok12:39:14.0862 1008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys12:39:14.0878 1008 uagp35 - ok12:39:14.0940 1008 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys12:39:14.0940 1008 UBHelper - ok12:39:14.0971 1008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys12:39:14.0987 1008 udfs - ok12:39:14.0987 1008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe12:39:15.0002 1008 UI0Detect - ok12:39:15.0018 1008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys12:39:15.0018 1008 uliagpkx - ok12:39:15.0065 1008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys12:39:15.0065 1008 umbus - ok12:39:15.0080 1008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys12:39:15.0080 1008 UmPass - ok12:39:15.0143 1008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll12:39:15.0143 1008 upnphost - ok12:39:15.0205 1008 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys12:39:15.0205 1008 USBAAPL64 - ok12:39:15.0221 1008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys12:39:15.0221 1008 usbccgp - ok12:39:15.0268 1008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys12:39:15.0268 1008 usbcir - ok12:39:15.0283 1008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys12:39:15.0283 1008 usbehci - ok12:39:15.0299 1008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys12:39:15.0299 1008 usbhub - ok12:39:15.0314 1008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys12:39:15.0314 1008 usbohci - ok12:39:15.0330 1008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys12:39:15.0330 1008 usbprint - ok12:39:15.0346 1008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS12:39:15.0346 1008 USBSTOR - ok12:39:15.0361 1008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys12:39:15.0361 1008 usbuhci - ok12:39:15.0377 1008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll12:39:15.0377 1008 UxSms - ok12:39:15.0392 1008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe12:39:15.0392 1008 VaultSvc - ok12:39:15.0392 1008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys12:39:15.0392 1008 vdrvroot - ok12:39:15.0439 1008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe12:39:15.0455 1008 vds - ok12:39:15.0502 1008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys12:39:15.0502 1008 vga - ok12:39:15.0517 1008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys12:39:15.0517 1008 VgaSave - ok12:39:15.0564 1008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys12:39:15.0564 1008 vhdmp - ok12:39:15.0580 1008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys12:39:15.0580 1008 viaide - ok12:39:15.0595 1008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys12:39:15.0595 1008 volmgr - ok12:39:15.0642 1008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys12:39:15.0658 1008 volmgrx - ok12:39:15.0658 1008 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys12:39:15.0673 1008 volsnap - ok12:39:15.0689 1008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys12:39:15.0689 1008 vsmraid - ok12:39:15.0751 1008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe12:39:15.0798 1008 VSS - ok12:39:15.0814 1008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys12:39:15.0814 1008 vwifibus - ok12:39:15.0860 1008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll12:39:15.0876 1008 W32Time - ok12:39:15.0892 1008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys12:39:15.0892 1008 WacomPen - ok12:39:15.0938 1008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys12:39:15.0938 1008 WANARP - ok12:39:15.0938 1008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys12:39:15.0938 1008 Wanarpv6 - ok12:39:16.0032 1008 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe12:39:16.0048 1008 WatAdminSvc - ok12:39:16.0110 1008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe12:39:16.0141 1008 wbengine - ok12:39:16.0157 1008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll12:39:16.0157 1008 WbioSrvc - ok12:39:16.0204 1008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll12:39:16.0204 1008 wcncsvc - ok12:39:16.0219 1008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll12:39:16.0219 1008 WcsPlugInService - ok12:39:16.0250 1008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys12:39:16.0250 1008 Wd - ok12:39:16.0297 1008 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys12:39:16.0313 1008 Wdf01000 - ok12:39:16.0328 1008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll12:39:16.0328 1008 WdiServiceHost - ok12:39:16.0344 1008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll12:39:16.0344 1008 WdiSystemHost - ok12:39:16.0391 1008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll12:39:16.0391 1008 WebClient - ok12:39:16.0406 1008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll12:39:16.0422 1008 Wecsvc - ok12:39:16.0422 1008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll12:39:16.0422 1008 wercplsupport - ok12:39:16.0469 1008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll12:39:16.0484 1008 WerSvc - ok12:39:16.0516 1008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys12:39:16.0531 1008 WfpLwf - ok12:39:16.0547 1008 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys12:39:16.0562 1008 WimFltr - ok12:39:16.0562 1008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys12:39:16.0562 1008 WIMMount - ok12:39:16.0562 1008 WinHttpAutoProxySvc - ok12:39:16.0656 1008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll12:39:16.0672 1008 Winmgmt - ok12:39:16.0734 1008 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files\OSD\WinRing0x64.sys12:39:16.0734 1008 WinRing0_1_2_0 - ok12:39:16.0812 1008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll12:39:16.0859 1008 WinRM - ok12:39:16.0937 1008 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys12:39:16.0937 1008 WinUsb - ok12:39:16.0999 1008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll12:39:17.0015 1008 Wlansvc - ok12:39:17.0108 1008 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE12:39:17.0155 1008 wlidsvc - ok12:39:17.0202 1008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys12:39:17.0202 1008 WmiAcpi - ok12:39:17.0249 1008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe12:39:17.0249 1008 wmiApSrv - ok12:39:17.0311 1008 WMPNetworkSvc - ok12:39:17.0327 1008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll12:39:17.0327 1008 WPCSvc - ok12:39:17.0374 1008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll12:39:17.0374 1008 WPDBusEnum - ok12:39:17.0405 1008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys12:39:17.0420 1008 ws2ifsl - ok12:39:17.0467 1008 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys12:39:17.0467 1008 WSDPrintDevice - ok12:39:17.0467 1008 WSearch - ok12:39:17.0545 1008 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll12:39:17.0608 1008 wuauserv - ok12:39:17.0654 1008 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys12:39:17.0654 1008 WudfPf - ok12:39:17.0701 1008 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys12:39:17.0717 1008 WUDFRd - ok12:39:17.0748 1008 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll12:39:17.0748 1008 wudfsvc - ok12:39:17.0795 1008 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll12:39:17.0810 1008 WwanSvc - ok12:39:17.0873 1008 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys12:39:17.0873 1008 xusb21 - ok12:39:17.0935 1008 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl12:39:17.0951 1008 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok12:39:17.0951 1008 ================ Scan global ===============================12:39:17.0982 1008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll12:39:18.0044 1008 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll12:39:18.0044 1008 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll12:39:18.0091 1008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll12:39:18.0122 1008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe12:39:18.0138 1008 [Global] - ok12:39:18.0138 1008 ================ Scan MBR ==================================12:39:18.0154 1008 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR012:39:18.0154 1008 Suspicious mbr (Forged): \Device\Harddisk0\DR012:39:18.0232 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected12:39:18.0232 1008 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)12:39:18.0232 1008 [ 508F4A6A6A6B3DADC6D881D9948389D2 ] \Device\Harddisk1\DR112:39:19.0963 1008 \Device\Harddisk1\DR1 - ok12:39:19.0979 1008 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR312:39:19.0979 1008 \Device\Harddisk2\DR3 - ok12:39:19.0979 1008 ================ Scan VBR ==================================12:39:20.0026 1008 [ E763A24D024F94699947D3D82CAB5AF0 ] \Device\Harddisk0\DR0\Partition112:39:20.0026 1008 \Device\Harddisk0\DR0\Partition1 - ok12:39:20.0026 1008 [ 0E241EDDA96A71AE2BE25A8043495FDE ] \Device\Harddisk1\DR1\Partition112:39:20.0026 1008 \Device\Harddisk1\DR1\Partition1 - ok12:39:20.0026 1008 [ 7015487D7B17CDF5111DCACDE252E0E8 ] \Device\Harddisk2\DR3\Partition112:39:20.0026 1008 \Device\Harddisk2\DR3\Partition1 - ok12:39:20.0026 1008 ============================================================12:39:20.0026 1008 Scan finished12:39:20.0026 1008 ============================================================12:39:20.0041 0848 Detected object count: 112:39:20.0041 0848 Actual detected object count: 112:39:32.0287 0848 \Device\Harddisk0\DR0\# - copied to quarantine12:39:32.0287 0848 \Device\Harddisk0\DR0 - copied to quarantine12:39:32.0443 0848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot12:39:32.0443 0848 \Device\Harddisk0\DR0 - ok12:39:35.0017 0848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure12:39:41.0803 0780 Deinitialize success Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698423 Share Posted July 3, 2013 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 10.0.9200.16618File system is: FAT32Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.800000 GHzMemory total: 4024877056, free: 3371134976DNS errorDNS errorInitializing...------------ Kernel report ------------ 07/03/2013 12:43:26------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\41268209.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\nvstor64.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\drivers\jgogo.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\nvsmu.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\DRIVERS\rimmpx64.sys\SystemRoot\system32\DRIVERS\rimspx64.sys\SystemRoot\system32\DRIVERS\rixdpx64.sys\SystemRoot\SysWOW64\drivers\Afc.sys\??\C:\Windows\system32\drivers\UBHelper.sys\SystemRoot\system32\drivers\cdrom.sys\??\C:\Windows\system32\drivers\NTIDrvr.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\itecir.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\framebuf.dll\SystemRoot\system32\drivers\dadder.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor64.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imagehlp.dll\Windows\System32\Wldap32.dll\Windows\System32\comdlg32.dll\Windows\System32\imm32.dll\Windows\System32\gdi32.dll\Windows\System32\rpcrt4.dll\Windows\System32\difxapi.dll\Windows\System32\nsi.dll\Windows\System32\shell32.dll\Windows\System32\ws2_32.dll\Windows\System32\normaliz.dll\Windows\System32\shlwapi.dll\Windows\System32\msctf.dll\Windows\System32\msvcrt.dll\Windows\System32\user32.dll\Windows\System32\kernel32.dll\Windows\System32\usp10.dll\Windows\System32\psapi.dll\Windows\System32\advapi32.dll\Windows\System32\lpk.dll\Windows\System32\ole32.dll\Windows\System32\urlmon.dll\Windows\System32\oleaut32.dll\Windows\System32\clbcatq.dll\Windows\System32\wininet.dll\Windows\System32\sechost.dll\Windows\System32\iertutil.dll\Windows\System32\setupapi.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa800585b060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000086\Lower Device Object: 0xfffffa800585a060Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8005152790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007b\Lower Device Object: 0xfffffa800511b990Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004772760Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000071\Lower Device Object: 0xfffffa8004688060Lower Device Driver Name: \Driver\nvstor64\<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80047721b0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8003c6ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8004688060, DeviceName: \Device\00000071\, DriverName: \Driver\nvstor64\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: B64D5C06Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 939456512 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 939458560 Numsec = 37308416 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80051475c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800511b990, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: B323F410Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 2000398931968 bytesSector size: 512 bytesDone!Physical Sector Size: 512Drive: 2, DevicePointer: 0xfffffa800585b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8005864640, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800585b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800585a060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: C3072E18Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 8064 Numsec = 7826880 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 4011491328 bytesSector size: 512 bytesDone!---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 10.0.9200.16618File system is: FAT32Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXEDCPU speed: 2.800000 GHzMemory total: 4024877056, free: 3399745536Initializing...------------ Kernel report ------------ 07/03/2013 13:06:09------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\41268209.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\nvstor64.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\drivers\jgogo.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\nvsmu.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\DRIVERS\rimmpx64.sys\SystemRoot\system32\DRIVERS\rimspx64.sys\SystemRoot\system32\DRIVERS\rixdpx64.sys\SystemRoot\SysWOW64\drivers\Afc.sys\??\C:\Windows\system32\drivers\UBHelper.sys\SystemRoot\system32\drivers\cdrom.sys\??\C:\Windows\system32\drivers\NTIDrvr.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\itecir.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\framebuf.dll\SystemRoot\system32\drivers\dadder.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor64.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imagehlp.dll\Windows\System32\Wldap32.dll\Windows\System32\comdlg32.dll\Windows\System32\imm32.dll\Windows\System32\gdi32.dll\Windows\System32\rpcrt4.dll\Windows\System32\difxapi.dll\Windows\System32\nsi.dll\Windows\System32\shell32.dll\Windows\System32\ws2_32.dll\Windows\System32\normaliz.dll\Windows\System32\shlwapi.dll\Windows\System32\msctf.dll\Windows\System32\msvcrt.dll\Windows\System32\user32.dll\Windows\System32\kernel32.dll\Windows\System32\usp10.dll\Windows\System32\psapi.dll\Windows\System32\advapi32.dll\Windows\System32\lpk.dll\Windows\System32\ole32.dll\Windows\System32\urlmon.dll\Windows\System32\oleaut32.dll\Windows\System32\clbcatq.dll\Windows\System32\wininet.dll\Windows\System32\sechost.dll\Windows\System32\iertutil.dll\Windows\System32\setupapi.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk2\DR12Upper Device Object: 0xfffffa8005b7b060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000009a\Lower Device Object: 0xfffffa8005d571c0Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8005152790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007b\Lower Device Object: 0xfffffa800511b990Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004772760Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000071\Lower Device Object: 0xfffffa8004688060Lower Device Driver Name: \Driver\nvstor64\<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80047721b0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004772760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8003c6ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8004688060, DeviceName: \Device\00000071\, DriverName: \Driver\nvstor64\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: B64D5C06Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 939456512 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 939458560 Numsec = 37308416 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80051475c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8005152790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800511b990, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: B323F410Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 2000398931968 bytesSector size: 512 bytesDone!Physical Sector Size: 512Drive: 2, DevicePointer: 0xfffffa8005b7b060, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800593a7c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8005b7b060, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005d571c0, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: C3072E18Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 8064 Numsec = 7826880 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 4011491328 bytesSector size: 512 bytesDone!Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svidete --> [Trojan.Agent.U]Scan finishedCreating System Restore point...Could not create restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...Removal finished Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.orgDatabase version: v2013.06.01.01Windows 7 Service Pack 1 x64 FAT32 (Safe Mode)Internet Explorer 10.0.9200.16618Austin :: AUSTIN-PC [administrator]7/3/2013 1:06:18 PMmbar-log-2013-07-03 (13-06-18).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 289452Time elapsed: 30 minute(s), 41 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svidete (Trojan.Agent.U) -> Data: rundll32.exe "C:\Users\Austin\AppData\Local\achzFamg.dll",Startup -> Delete on reboot.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698426 Share Posted July 3, 2013 combofix attached because it was too longComboFix.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698441 Share Posted July 3, 2013 Things look a whole lot better. Let's run some more scans to verify there isn't anything left: ----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.----------Step 3----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main MirrorSave it to your desktop.Double click on the OTL icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the Run Scan button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 5----------------Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
Hellsing Posted July 3, 2013 Author ID:698449 Share Posted July 3, 2013 I've got to leave for work so i will post what i have done and will do the rest tonight. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Home Premium x64Ran by Austin on Wed 07/03/2013 at 15:22:53.81~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} ~~~ FilesSuccessfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" ~~~ Folders ~~~ FireFoxSuccessfully deleted: [File] C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\extensions\wdfopjxrea@wdfopjxrea.org.xpi [Tracur]Successfully deleted: [Folder] C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}Successfully deleted the following from C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\prefs.jsuser_pref("aim_toolbar.search.searchtype", "web");user_pref("extensions.crossrider.bic", "13c367a68d7b1403b41dee10dddf90ec");user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/Emptied folder: C:\Users\Austin\AppData\Roaming\mozilla\firefox\profiles\3iesvlyx.default\minidumps [127 files] ~~~ ChromeDumping contents of C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\DefaultC:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgfC:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf\background.jsC:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default\aadddigfgfddgfgddadadddcdedjdhgf\manifest.jsonSuccessfully deleted: [Folder] C:\Users\Austin\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/03/2013 at 15:24:57.80End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.303 - Logfile created 07/03/2013 at 15:14:53# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Austin - AUSTIN-PC# Boot Mode : Safe mode# Running from : C:\Users\Austin\Desktop\AdwCleaner.exe# Option [search]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Mozilla Firefox v21.0 (en-US)File : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\3iesvlyx.default\prefs.js[OK] File is clean.-\\ Google Chrome v27.0.1453.116File : C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [22703 octets] - [30/06/2013 17:22:09]AdwCleaner[R2].txt - [22764 octets] - [30/06/2013 17:25:03]AdwCleaner[R3].txt - [1268 octets] - [30/06/2013 18:33:05]AdwCleaner[R4].txt - [1000 octets] - [03/07/2013 15:14:53]AdwCleaner[s1].txt - [23306 octets] - [30/06/2013 17:25:27]AdwCleaner[s2].txt - [340 octets] - [30/06/2013 18:33:44]AdwCleaner[s3].txt - [340 octets] - [02/07/2013 00:52:44]AdwCleaner[s4].txt - [1448 octets] - [02/07/2013 10:17:54]########## EOF - C:\AdwCleaner[R4].txt - [1299 octets] ########## OTL Extras logfile created on: 7/3/2013 3:26:37 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 68.18% Memory free7.50 Gb Paging File | 6.76 Gb Available in Paging File | 90.16% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 447.97 Gb Total Space | 96.83 Gb Free Space | 21.61% Space Free | Partition Type: NTFSDrive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDFDrive E: | 1863.01 Gb Total Space | 911.19 Gb Free Space | 48.91% Space Free | Partition Type: NTFS Computer Name: AUSTIN-PC | User Name: Austin | Logged in as Administrator.Boot Mode: SafeMode | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2975216493-871587154-3665915270-1003\SOFTWARE\Classes\<extension>].cmd [@ = cmdfile] -- Reg Error: Key error. File not found.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation).pif [@ = piffile] -- Reg Error: Key error. File not found.txt [@ = txtfile] -- Reg Error: Key error. File not found.vbs [@ = VBSFile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htafile [open] -- "%1" %*htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htafile [open] -- "%1" %*htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 0"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{03FD6151-720E-48B1-8653-EC6439D09865}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{17F00CCA-D824-4F64-B6E9-692D1B524394}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{3422AFB4-6A44-492C-B454-F8DA6DA701DF}" = lport=445 | protocol=6 | dir=in | app=system |"{39329055-C6F1-4A72-933A-8AFBFA4BD563}" = lport=139 | protocol=6 | dir=in | app=system |"{4A44BE1F-28D4-468E-8977-80D610921840}" = rport=138 | protocol=17 | dir=out | app=system |"{5570E5A3-264A-4B56-9A05-11832B4A5A96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{5ADC1B27-EC92-4A37-A185-8425FD5020A7}" = rport=10243 | protocol=6 | dir=out | app=system |"{5C4FCAF6-3329-493D-B07C-EC9D93C56412}" = lport=138 | protocol=17 | dir=in | app=system |"{5C607A8D-951B-4FD9-AB6D-13B84C5FE4AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{6026AAD7-D9E9-4F7C-8E27-C2827CC0A9BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{607CCD35-EF71-4713-A162-902403C9FE79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{67DF1E49-9EAF-47E1-BFE2-D24BD2C3F801}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{6930BCF6-92E2-4C72-8981-632B3DBA8C54}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |"{8197A6DB-C9A4-4D85-8361-41788AC5A3A0}" = rport=137 | protocol=17 | dir=out | app=system |"{915FC868-0F5A-4BF5-A2A8-CDBC31B4A04C}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |"{92AF7DE5-81CA-4176-8E65-01082E05B002}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{95255B4C-35D0-4078-83FB-D119C88D0071}" = lport=137 | protocol=17 | dir=in | app=system |"{A664DDE1-E0D7-40F2-AAEC-FE0281F55BAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{B5755706-36C7-4A1A-B7BB-E1F07F158336}" = rport=139 | protocol=6 | dir=out | app=system |"{B73C632A-8A8A-4A19-97E7-002A123AF8DD}" = lport=10243 | protocol=6 | dir=in | app=system |"{BF953460-80B1-4C12-B3FC-BE4BF962765B}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |"{BFE8A581-C19E-43D9-BE89-C9DECA3E3A5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{D22D6297-CB8D-457D-AEFB-0D20A26C963C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{D46A21BA-4470-44C2-9933-5CDAC0C8C2D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |"{D55154D4-D4E6-4205-80AA-59A10780819A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |"{DCF8F04E-178B-45C3-8416-9951D1010992}" = rport=445 | protocol=6 | dir=out | app=system |"{E1211257-2304-4CB5-9A26-8786A12F4897}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |"{E87D054E-D415-4529-81F4-AE34176CFCA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{F1D22AD1-477E-4E9C-9436-5EA2E29E16DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{F45EF06A-7C14-4A81-8D54-D3F5DF6F2B9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{FE695B7B-FA94-412A-89E2-E70DD56C6809}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00968847-1B7A-47B0-B076-518C533B223E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{01AF58B6-076B-4C3E-A920-D617F65FC71A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |"{0396A993-2FAC-4E02-A9E6-E52F0DA57096}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{0453785A-C84C-4E06-BC11-601E99538312}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |"{045E196D-8875-475E-A359-A85E931473BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |"{04D4B01D-004F-4312-89B6-00D66A1EBA9D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |"{058B4200-137B-4CEC-A38D-3A42AD2DBA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |"{060EAC78-3F47-4096-93D5-2DE66FCCF5AD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |"{0621383C-81D5-4541-A08D-8CD2FA31FF10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |"{07251191-D00C-4604-95E6-A3AF35819187}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |"{07353631-4D5B-4FB9-A54A-5E4A65131829}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |"{0814A83F-F347-4F0E-BC5E-52840B80CDE0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{0851D790-A380-4848-A184-F880262CA738}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |"{0971DFB4-8DA9-4294-9296-0B75D2A1D43D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |"{0C8C8FD1-959F-42C2-ACF9-57378F132593}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |"{0E89D171-9192-4B21-982A-67CD267EC860}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |"{103EB53B-B009-4F88-9424-3A26B73230D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{11D7B27B-23B2-4D3A-868F-EBB4F8D37FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |"{1235F50A-824B-4FF1-ADB3-3AC22914E12B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |"{129CE38F-E0E4-4600-9F9F-899DE58D67B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |"{142CDDAB-281F-4F14-93E0-EF07AEAC8359}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |"{15FB015B-0878-4EFF-BEB9-284DE7536264}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{17513AFC-026E-412B-B811-B0E228E030CB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |"{1762F4A6-80AF-427A-88AE-70BD6D3ECEAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |"{18662066-8941-4CAA-85A6-31EE64990081}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |"{1A1A64C7-7FA4-4E33-80F5-0C2B0AE4F36D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |"{1A904ED9-8E5B-490F-A8B8-5A4BF61FFAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |"{1DB49775-BFDC-4906-84EA-CFC35FFB5F52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |"{1E15D57E-B743-465E-A952-B5E4F8734CDE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |"{1EF22A77-6FFF-49A9-B0F1-126608948AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |"{20A10DDE-14F6-420A-AD0F-466A35368576}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{22191B72-AD75-4002-8BFD-F2C814C96EBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |"{2286F86D-DC6D-4B0B-92FE-B6A47AD8B7EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |"{23471422-BC00-40E5-A704-D3E044AD56F6}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |"{24DA75ED-03F0-4978-BADE-207ED1CEDC8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |"{28F3B765-6D55-4C8A-B16B-78EFEED818F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{29FA10A3-2D01-4116-B156-E338BE7CEC16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |"{2B45B68B-7AA0-4938-A4F7-D08A4436D640}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe |"{2B8F1582-544A-4462-9D48-28537505B629}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\zombie panic! source\hl2.exe |"{2CD1DE59-216F-44A5-9F16-88949FD762EE}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |"{2D9AFEEC-99AE-4E06-95C5-606FC81EA341}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{2E7A426B-7ABA-493F-91E8-1DF27D1DD711}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |"{2E98A220-5002-4477-B509-7FFBC737E2BC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |"{2F0B9899-B36E-49CA-8AE9-01EB0FB7BE6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |"{2F830DE5-F38A-4477-B005-0AA29303D5E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |"{2FEE4D13-E9B3-474A-A8E1-8345CC42CC08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |"{300E18CB-1531-4338-8EF6-931FC14BE72A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |"{334F7ECE-8533-4501-BA42-F95C1DAA9E50}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |"{3556EB61-EBDF-446F-8E3F-B78B034830B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |"{374490DC-2211-4EE0-AAD9-27775769C586}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |"{38C8076D-4387-4F3D-985B-57AB12E5B628}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |"{3A3FCF18-8D26-4A37-B17A-619166CCDB95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |"{3CFF34C9-B631-48C5-81B9-A43E80048689}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |"{3DA9F498-5DD1-4F34-B40C-9C6A1C6241AA}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"{3DB00AF9-7868-4773-B7A2-89D9C7AFAE5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |"{3DB041EA-5F73-4790-8777-65B5834D5DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\hitman.exe |"{3F14C0B2-F7E8-4491-BCC6-11384F90E3B7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |"{3F71CD11-06CD-4469-992B-73F2689662E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |"{3FD46C20-5195-4FFE-BCFC-6C358607172D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |"{3FE1BA70-54FB-4ABB-864C-7515C0622E4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{3FFAAB65-CBD8-49C5-8DAE-6AF0B6530A2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |"{420B5F09-B628-442E-9323-715C133F100E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |"{429D48F9-7473-4311-86E0-722B3867797A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |"{42C672B0-CAEB-42E1-8393-75E7FBD2A0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |"{43387F27-D2C3-415D-8827-DEB0D711C346}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |"{43BDC9DA-043C-4DB3-AAC2-63BB986611E8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{44AB057C-B215-4C37-9ACD-E600E02ABC80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{46ACB9F7-34B5-44E1-87B5-C5B06BAECB4A}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |"{478B64D4-D577-4211-AFD5-9C74F43125B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |"{48318C97-277B-426F-9BAF-CE3461658660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |"{48C25AAE-19C2-491E-9FDC-D05233AD5D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |"{4A1B51D0-E206-48A1-B622-4E3D1F318048}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |"{4AA0E8BE-E83D-475A-B473-1D88DD029C91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{4AD4B1BF-B58E-46EF-80A5-D11B964AE6C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{4C32343C-96B2-44D7-8AAA-958DFBE350C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |"{4D509693-42B9-4A16-88CA-DCF1DA24DD84}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |"{4EDBE0D1-C6E5-4E98-B66E-7672B2C06579}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |"{4FC483E0-FAE6-4DD9-AE18-851901EAFC48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |"{4FC96618-795C-482C-82CF-6734AC53302F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |"{4FFFD9E1-5334-40C9-B491-474029D82191}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |"{501120BA-18F2-435B-A0F2-300CF9840B14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |"{50511F8A-697D-4618-90D6-F0ABAE838101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |"{515BF168-EB7E-4C06-9F43-B5481A5280F6}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |"{5293DA3F-B17E-430F-9C76-B45A5A91C981}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{531ECD3F-2E11-4375-AC84-72DBF0A458F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{53407BD3-194A-41EF-B313-B955606013D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |"{54F607A9-7902-4A66-BE81-514BAB40295B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |"{552BB5EA-EC31-4311-B257-90050321EAA9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |"{582E6C47-79A7-457A-9B73-3BE52BE0CC5A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |"{58D25627-DFBB-4771-92CD-03FCC6357741}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |"{5C8DE266-BAB5-4D52-972F-093D321EEAB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |"{5D52B2A7-51D3-4FC2-B48D-BF5D01AB1321}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |"{5EB0FA35-37B5-41B0-811C-E82DD9078C80}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |"{5FAF1253-21DD-43F1-84B2-47A5276D324B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |"{5FD173C8-815E-4397-9ED5-F6136CAA53A5}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |"{600F2516-0DEB-42A1-BF55-60863A7B8BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{618928B8-1FF2-47E0-A981-9C1BCB79E2C9}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |"{61BDE505-5397-4E6D-9F13-E5385E1B7896}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |"{61D1B2AF-7F6B-4267-944C-4CF933E157C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |"{63719DFA-61A9-40A4-A316-230302DD15FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |"{670FD7C5-8BB4-40AF-9575-34249194426E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |"{68DF308C-7B61-446A-8EBC-6A4763630414}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |"{69C99B15-5BBE-4604-9827-E2705CEAD918}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |"{69F52415-6E48-4561-B9BD-67F664DDCBDF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{6AB1E573-A6EF-4FBE-BEE7-BAE0109A3A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\little inferno beta\little inferno.exe |"{6DF7C88B-0076-4F6A-B72C-DB2E0CCB9015}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |"{6E33188A-260E-48DE-B1DD-09DF516321DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\counter-strike source\hl2.exe |"{6F2A1B08-9382-4E78-9BFA-6B3FD7D24B46}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |"{6F5D260B-2A86-4767-80C7-FD6AD3E1D578}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |"{6FDDF6AD-4987-41A9-91D1-32ECADFA7E51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |"{74A5E302-E03D-47E2-BEBF-2E5062685E54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |"{757EC728-A4CE-43C1-A247-F3B2C9334B00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |"{76F4F1A2-172A-4F97-B50B-99E38030A837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |"{774CCDBF-85E3-4E20-A52E-1946E107BA05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |"{77C1FE65-1B84-41DE-B87A-30A2E5918653}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\hitman2.exe |"{78006569-3418-4EAC-ABFD-17F02A59A31E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |"{786CB0A3-9FEB-4D3A-ABE6-6AD835A4B8D0}" = protocol=17 | dir=in | app=c:\gpotato\rappelz\launcher.exe |"{795C3B0A-B325-411A-8D6D-2D3BBD486A04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |"{7A247DB6-F8F5-4D17-820D-81286BB13589}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |"{7A47C4F2-37A6-412E-B1DC-0EE50909FABF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\zombie panic! source\hl2.exe |"{7D58D211-B4AD-436B-BCAA-5F0DE07EC567}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |"{7F1A1459-FAFB-45EF-9B94-7DB31B8675B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{806172A8-AF6C-4EEA-BC95-28954E087319}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |"{8095DE65-854D-47D2-BB75-77C8CEF12D19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |"{80D2413A-E03E-4D16-85D3-1CDF963B7835}" = protocol=6 | dir=out | app=system |"{8158BA83-B193-4F6D-9A1A-49A3248DB9BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |"{82185158-1B5D-4C9F-95AA-C17546775F36}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |"{826DD2E1-8283-4455-B9F0-58C7456F0B88}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{85586046-9295-4530-AAD1-EE85F6F96D50}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{85D22268-44DC-45A2-912B-66FBAF79E195}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{85EA82CF-1D4A-4880-9515-498A74C9CC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |"{86AE9F47-C16E-4DCD-9792-95FF527B78DD}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |"{87E7E523-FFBA-45BA-ABC1-5C135815AA88}" = dir=in | app=c:\users\austin\appdata\local\microsoft\skydrive\skydrive.exe |"{886960AC-B810-43CF-BF6B-25BC819B916C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |"{8B1D18B5-B30F-4DC3-8EB2-54270BD93795}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\eternal-silence\hl2.exe |"{8C38ECEA-9C33-4682-B1DA-B9DA1A73B29E}" = protocol=58 | dir=in | app=system |"{8D02BD89-37BD-455A-9C76-7B218E4F395C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |"{8F16470E-79DA-4813-8F3D-5E65A7D76933}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |"{8FAC3CFA-47BE-494A-BD67-B2D9B824FA13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |"{917E035B-E40C-4078-B3C7-00D1558E237E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |"{91899F3E-1C89-4936-B7E6-86734CA4A8D0}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |"{928C2219-1604-4F6F-B364-1631AD2C6074}" = protocol=6 | dir=in | app=c:\gpotato\rappelz\launcher.exe |"{945671CA-77F4-432E-8937-490C29EE7DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |"{95C59588-0A3B-458A-9A60-937290A0C3CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |"{98720BBD-2542-4A8F-82E7-C13FF54DA5A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |"{9B338E21-3E6D-4FFD-9D96-67F34D91F53F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |"{9C5B8898-5CAC-41B0-B1E8-FCEEDFD26355}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |"{9D0E5694-E55E-4D6C-8688-7BF84B2BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |"{9F7025F6-985A-4756-9483-57F58F528853}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{9FE99FF7-4027-4B70-A8CB-99E346BAEB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |"{A0B52B96-8479-42A4-8BF3-DCF66656A074}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |"{A0EC131F-8243-436B-8EC1-03F2F15FCDC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |"{A12C5580-DCAB-48BA-9F86-7FA8848FC2C0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |"{A1B35937-3FB5-433B-905F-73C6E53BFD20}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |"{A31AA887-8630-4352-B581-43284A74BE07}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{A33BF414-2359-441B-97AC-D347C8DD51DD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{A5076D16-0526-4155-B45A-9D8261EC77E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |"{A5BF996B-66F0-4122-B9DD-7C60B649C03E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |"{A7626EA6-5B99-49B1-A648-811FD6B3DC96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |"{A7F023FC-A4D2-4DB7-808A-F8D32A638E61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |"{A97671CB-284E-4B20-B935-5C828C4ABE87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |"{A9B18348-E8E6-4063-9122-C5085A6A32E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{AA34E37A-85F8-499B-B8EB-17BA24CAEB27}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |"{AA99EB54-8BE6-40CD-9C7A-D79E47F324F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red demo\nationred.exe |"{AB0721C9-525F-4E1B-96AA-5F1B71916CCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |"{ABC65834-15C7-42F4-9956-88DAFB2E21F3}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |"{AF821224-DE32-4E8C-BFFD-C89DED210DE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |"{AFED2E52-32B8-4176-AD59-D584D94932C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |"{B0C03719-1DC3-4DA0-8FF3-A97B8D9FF704}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{B248A74F-34BD-4036-B930-456855AE90AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |"{B25D7E75-D709-4706-80C9-C019CF05B6D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |"{B4CE3C3A-65D9-4544-95A5-5775F913149B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |"{B58BCA16-3E0A-4ED3-9483-36475D9C7F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe |"{B5DC3577-33B0-41D1-8B7C-A38ADF4D0D0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{B8037421-5A21-4DD1-BDA8-B57C9CCDC363}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |"{B89D7BD8-7BE1-40CF-B8CB-DBDF10D06201}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |"{B8AA9E97-A125-46C9-A768-F411BCA9F5C3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |"{BDC8EF23-2206-49F3-A27C-DA46DFD6B0C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |"{BEA3A2A4-CBAF-4678-B0CF-DB75443A1287}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |"{BF324FBE-EFA2-48C5-9580-C1F2AE68D177}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |"{C0391F63-EA1E-4D75-846D-359477677B71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |"{C1DCFF4A-4610-463F-A05D-C84DC4398BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |"{C4DA0031-CC29-4798-894D-9B8D131B5D26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |"{C52A14A1-1302-4A64-B8D6-62C0EEFBFBCE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{C5E607E3-A859-4035-9688-1A8D0FB7625D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |"{C861FE3F-FEB0-441C-9BA8-70E8EBE8243D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |"{C961B871-B459-43FB-9FF5-5A3D1D2536AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |"{CA77994F-2C92-48C4-8811-01159D504223}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv beta version\ffxivboot.exe |"{CAC20328-A54A-4E8B-8BFD-99CD515EE805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |"{CD701828-B59C-4761-A3E2-15AECB359638}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"{CDA9A806-06EC-4544-99C6-132F79F07EA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{CF1A6560-79FD-4B83-AFC3-493F6ABAF732}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |"{D03CECC2-D320-4CC7-B5B4-4717D3CEF89C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |"{D0885D3C-8834-4B1D-9D3D-BC2E5B15D3C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{D0CE759B-277A-4753-BCE9-F7537A8C667A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deadhorde\deadhorde.exe |"{D1F69485-CB92-423B-9565-A10FE689EF52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |"{D31B06DC-F174-4C72-A26C-0221728C1D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red demo\nationred.exe |"{D336D1C9-E1C7-4B8F-AB18-8645574195BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\eternal-silence\hl2.exe |"{D4E58B4C-2F4A-4D42-A53A-281D4D09E249}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman codename 47\setup.exe |"{D51D793E-9684-4282-8820-C360183369AF}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |"{D58F4388-0376-4137-ABC2-00A81E9051E7}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |"{D8CC53D5-B020-4847-A5A9-2E4C6970D956}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{DB5C7DEC-09B4-4944-956B-3A8A0E290DB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |"{DC8D07B0-CCFB-4F62-81A1-21381BAA3CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |"{DD6F7E45-CD87-4E46-8D5D-FD266FF43550}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |"{DDA64F0F-B37A-493D-B2F9-AA24F1088A10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |"{DDAA3DC9-8E85-4BD6-B82A-410C97189C9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |"{DF1B4623-901B-4534-9610-C10EBF9DDAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman 2 silent assassin\config.exe |"{E30E549E-14BF-4C58-BB96-2EA5A58BB096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |"{E4842386-82D4-4BDE-8D8A-1739B24EB829}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |"{E4B1D8B1-1B8A-4AC0-B8AD-534F55F66527}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{E4F7C2D9-5757-4EDF-884E-84F06268A77E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |"{E6100732-3267-4FC6-8B74-893D8E7CF3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |"{E695421A-7882-4AFF-93E0-1BBC0ACC71D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |"{E721A4D1-93DC-48DA-9B15-BEEE7EE1A393}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |"{EC0D815B-6412-4AF7-A8A0-1A69F99474D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{EEA0455D-B33F-401C-9B7B-8440344ADC70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |"{EEC3C6CE-1C67-448D-B29F-3B9EE85768D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garry's mod beta\hl2.exe |"{EED44FFF-24C4-49F8-814B-9C87B5F87879}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv beta version\ffxivboot.exe |"{EFD513EF-FA0B-443C-B872-445A08BF1913}" = protocol=17 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |"{F07DEF57-D6EA-4E2F-B348-E86CD7FEFA3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |"{F189CA07-43C6-40B6-BDD2-FFFE9AAC252A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |"{F43592F6-928B-4890-A7ED-EF7BE61217B9}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{F6548E3A-338D-486F-9C08-14BC7CE4992E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |"{F76194A8-ECCD-4689-8A37-4938BCA60EA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |"{F79F1C3D-A67B-498D-943E-12772EC64807}" = dir=in | app=d:\setup\hpznui40.exe |"{F9E8E479-B13E-467D-BDEA-6D524F5AB518}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |"{FA5E7CC4-8922-4CF0-BF88-B2A86E48576C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{FA74AA0F-0780-4E28-8E66-81A7BB9AD660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |"{FA9525CB-1C35-48A9-8DEB-825198441A74}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{FEAC0C6D-B264-4DF8-9151-4C38C542E2FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\garrysmod\hl2.exe |"{FEC8E989-90DD-4638-9E76-68FDAB9A3094}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |"TCP Query User{039DC8D6-EAE6-44C4-81E1-55633D099563}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"TCP Query User{0E9F768C-491C-4DC4-9993-175E4DFB53CD}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |"TCP Query User{0FF4CE6B-5C0D-4FDC-9909-CFD140775FC6}C:\users\austin\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\austin\downloads\championsonlinef2p.exe |"TCP Query User{1583F3A4-FD9B-48A5-A658-D4B8413C403B}C:\users\austin\downloads\drjava-stable-20040326.exe" = protocol=6 | dir=in | app=c:\users\austin\downloads\drjava-stable-20040326.exe |"TCP Query User{1D2B7EDF-68D6-4428-8CF4-14C95951BD60}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |"TCP Query User{21B1A929-1AE8-4A2C-BFDD-24B24F661D64}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |"TCP Query User{2ABDA84E-F64A-4728-8EDA-C606F0E9ABEB}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |"TCP Query User{377BE962-5964-4446-9BB8-3BDDAFCE6F4C}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |"TCP Query User{38C38BE6-A486-40AE-A88D-AFFE4AB45AA8}C:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe |"TCP Query User{38FD10DF-7AAE-43C8-A683-7B746A0467E7}C:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe |"TCP Query User{3DE22CE6-71D4-465B-B134-823453C3A9AF}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |"TCP Query User{420A2BA5-D760-41E4-BDE4-501081D21233}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |"TCP Query User{43910CC6-936B-41E3-976E-8CD784D6651D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |"TCP Query User{49D2D984-C950-42EE-B802-901944842800}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |"TCP Query User{49FC721C-2450-434C-8D57-3E731EF1D3FE}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |"TCP Query User{4F208C18-B096-480F-93FB-2FAAF9322AAE}C:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe |"TCP Query User{5C2B0A3E-25B4-47D5-81CE-15F47D01D2F5}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |"TCP Query User{6CE3B008-1793-49ED-801B-E323F2B68752}C:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe |"TCP Query User{719316F8-1271-4277-B3E1-61DCED25F985}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |"TCP Query User{8685BD4F-A2C6-421E-8009-7FE43ED153D3}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |"TCP Query User{878484D7-DB7E-4491-AA06-4D3843CB6917}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |"TCP Query User{8A90F198-07B7-4A3B-821E-164EC372A306}C:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe |"TCP Query User{92B1A3A0-7277-4447-AF65-003757B1DF32}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |"TCP Query User{94B88380-E1FD-4DC1-B62E-16DF196DD9E6}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |"TCP Query User{966EA829-68B8-46FA-82D9-C0C86C292F95}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |"TCP Query User{9DFC726A-7B38-4D3A-8F76-3B0DEE1DA90E}C:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe |"TCP Query User{9F3690E9-23E4-465C-AB3A-D0B81CCD0B48}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |"TCP Query User{BC1B1150-1C0F-4FFF-B6B1-AF61923323B6}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe |"TCP Query User{C0B81D66-0CDC-4D47-B8C3-24264760D3D5}C:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe |"TCP Query User{C4B35EA2-EA4E-4062-8F3C-EE719E8DEBA9}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |"TCP Query User{D1DBFC01-F27D-4DF9-91D4-FF9B2BF2A0F6}C:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe |"TCP Query User{D9048816-C6F6-48B3-B622-342BAD991BEF}C:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe" = protocol=6 | dir=in | app=c:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe |"TCP Query User{DB1CB208-7F0C-422A-B30D-31EF68B9A5C7}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |"TCP Query User{E1372322-5A55-4104-A11B-07B719858187}C:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe |"TCP Query User{E25D0AD6-1833-43DE-9485-12DCE902FFE4}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |"TCP Query User{ECB2A876-9641-4772-9560-E7043570890C}C:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe |"TCP Query User{F1C7A3C5-5E03-40CF-81CE-E0D53614AF85}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |"TCP Query User{F6C6202A-028B-4104-9839-899D27E57E56}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |"TCP Query User{F9871369-BACD-439D-B648-9776EAD1EFC6}C:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe |"UDP Query User{023C0698-405D-4E8A-9D87-70D288B10F22}C:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex29.711\terrariaserver.exe |"UDP Query User{05C3C86A-51D8-46B3-BC17-967B855EEDC7}C:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\day of defeat source\hl2.exe |"UDP Query User{0DBD9B46-5BB8-499E-A76F-91A9B529BBE1}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |"UDP Query User{10410D63-65FF-42B9-A63E-9EDF35CEA564}C:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex10.981\terrariaserver.exe |"UDP Query User{286FFBFF-27B2-4923-83E0-77484804BEEC}C:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex38.437\terrariaserver.exe |"UDP Query User{2A686B04-BE53-4345-A494-E7B784F45ED9}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |"UDP Query User{2D187F19-236E-4E91-9557-18670D581248}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |"UDP Query User{2DBFD858-5DEA-464A-9982-B8492CCB5A17}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |"UDP Query User{353472CB-6141-4118-BC9C-73DF8D371CE4}C:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex24.990\terrariaserver.exe |"UDP Query User{43349F91-D7E7-48B8-BD10-6A8CFF3600A7}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |"UDP Query User{46E35F69-70E1-4F8A-AE5F-D4E1BCE98B2E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |"UDP Query User{47A089B5-C6D1-4B97-A904-E7E4723A65C1}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |"UDP Query User{4E484F41-0308-4444-B92A-F787B2D77572}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |"UDP Query User{59B1C217-9BC8-4CBB-979C-D9632FD2703B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |"UDP Query User{5FA1BDD0-4DDE-4105-B4DE-9FF7B4369DFC}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |"UDP Query User{6C9370CC-A5F7-494E-A9E7-521BB49520EA}C:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex12.427\terrariaserver.exe |"UDP Query User{799B4879-A844-4A05-BADA-71200BA4F1D7}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |"UDP Query User{7E480AD3-1B94-4428-A159-72C48B2F8353}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |"UDP Query User{895063FD-1716-4D75-89FA-F13A71A0C765}C:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\team fortress 2\hl2.exe |"UDP Query User{9421E55C-7CFE-4731-B39E-131AF3583756}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |"UDP Query User{9D45249D-30FD-438C-BEF5-AD5382B9EF55}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |"UDP Query User{9D708A7A-DA07-4FF3-9F04-49DE0626D4B0}C:\users\austin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\akamai\netsession_win.exe |"UDP Query User{A42ADAD5-9074-4E22-B331-D2EBB3D8D55E}C:\users\austin\downloads\drjava-stable-20040326.exe" = protocol=17 | dir=in | app=c:\users\austin\downloads\drjava-stable-20040326.exe |"UDP Query User{A76960A1-B307-4CCB-9BCB-DC6B2371AF79}C:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\source sdk base\hl2.exe |"UDP Query User{B27B25CE-B78B-4392-9C5D-96E07B6A2889}C:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex01.829\terrariaserver.exe |"UDP Query User{B483F1D5-58D7-4730-B25D-0CC490AB57F3}C:\users\austin\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\eclipse.exe |"UDP Query User{C132ED16-5C3E-47A3-A4B8-783CBA7BF620}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |"UDP Query User{C714D3C1-FCCC-46A9-9CF5-7C9F824DABD9}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |"UDP Query User{CDE751F8-D0CD-46EB-BBDF-EBD244D374A0}C:\users\austin\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\austin\downloads\championsonlinef2p.exe |"UDP Query User{D405BD94-FE3A-4D60-8CE7-A066D656BE67}C:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe" = protocol=17 | dir=in | app=c:\users\austin\desktop\eclipse\plugins\drjava-stable-20040326.exe |"UDP Query User{D44D866E-0F93-46E5-ABAA-BDBBA553518C}C:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex14.909\terrariaserver.exe |"UDP Query User{D5AF9C07-D304-4537-9241-F95A9BF8AEE6}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |"UDP Query User{DD1E039D-E117-44A3-8AD7-678C5BC8EAC6}C:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xparanoiaagentx\killing floor\system\killingfloor.exe |"UDP Query User{DD6185E1-BA53-4F2F-8EBF-9D385C4ADEDE}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |"UDP Query User{E12ABAB7-1313-48BC-9AFE-C8CBB0FC1FED}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |"UDP Query User{EDA422F4-C5D7-4BA3-89A3-2133BEA3F6A9}C:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\austin\appdata\local\temp\rar$ex89.795\terrariaserver.exe |"UDP Query User{EF691517-B49F-4B90-AC37-5CAF8C559E06}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe |"UDP Query User{F0BECE94-C901-4C88-862E-FD36AF1B3AE1}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |"UDP Query User{F1F2DA1E-6DAD-4E3D-8065-D205FBF8B771}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402"{12F5D482-1F43-4708-BCC5-031F10A08949}" = Symantec Endpoint Protection"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit)"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{BCD55450-77AC-4347-B24F-654B1189F8D4}" = SpyHunter"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant"{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}" = HP Officejet 6500 E710n-z Product Improvement Study"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes"{E110DEF3-6022-436C-8290-A681CEDFF01C}" = Command Center"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter"Blender" = Blender"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter"Creative OA007" = Integrated Webcam Driver (1.01.01.1227) "HP Imaging Device Functions" = HP Imaging Device Functions 11.0"HP Photosmart Essential" = HP Photosmart Essential 3.0"HP Smart Web Printing" = HP Smart Web Printing 4.60"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0"HPExtendedCapabilities" = HP Customer Participation Program 11.0"HPOCR" = OCR Software by I.R.I.S. 11.0"jEdit_is1" = jEdit 4.5.0"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"NVIDIA Drivers" = NVIDIA Drivers"Shop for HP Supplies" = Shop for HP Supplies"SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java 7 Update 3"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java SE Development Kit 6 Update 16"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR"{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer"{54510837-BD04-4C32-9676-DB1000038201}" = Red Faction: Guerrilla"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{e460c2b8-962b-4780-bd63-6bbfcc28827d}" = Nero 9 Essentials"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi"{FBA1239D-189F-4855-88B6-4DBE606D30A5}" = Fiesta"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE"4Story" = 4Story (4STORY)"7-Zip" = 7-Zip 4.65"8461-7759-5462-8226" = Vuze"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Advanced Audio FX Engine" = Advanced Audio FX Engine"AIM Toolbar" = AOL Messaging Toolbar"AIM_7" = AIM 7"AlienRespawn20_AD" = AlienRespawn v2.0"Anvi Smart Defender" = Anvi Smart Defender 1.9"APB Reloaded" = APB Reloaded"Atlantica" = Atlantica"Audacity_is1" = Audacity 1.2.6"AVerMedia MCE Encoder x64" = AVerMedia MCE Encoder x64 3.0.1.0"AVS Image Converter_is1" = AVS Image Converter 2.2.2.218"AVS Update Manager_is1" = AVS Update Manager 1.0"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4"BattlEye for A2" = BattlEye Uninstall"BattlEye for OA" = BattlEye for OA Uninstall"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"Cisco Connect" = Cisco Connect"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player"com.adobe.dmp.contentviewer" = Adobe Content Viewer"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows"DFO" = DFOLauncher"Diablo III" = Diablo III"Diablo III Beta" = Diablo III Beta"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters"DragonNest" = DragonNest"Dynasty Warriors Online" = Dynasty Warriors Online"ENTERPRISE" = Microsoft Office Enterprise 2007"EVE" = EVE Online (remove only)"Fraps" = Fraps (remove only)"GamersFirst LIVE!" = GamersFirst LIVE!"GameSpy Arcade" = GameSpy Arcade"GameStop App" = GameStop App"Google Chrome" = Google Chrome"Guild Wars" = Guild Wars"Guild Wars 2" = Guild Wars 2"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool"Hauppauge Device Central" = Hauppauge Device Central"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ"InstallShield_{E110DEF3-6022-436C-8290-A681CEDFF01C}" = Command Center"KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.5 (Standard)"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)"LogMeIn Hamachi" = LogMeIn Hamachi"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"NSS" = Norton Security Scan"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"OpenAL" = OpenAL"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator"PunkBusterSvc" = PunkBuster Services"Steam App 105600" = Terraria"Steam App 113200" = The Binding of Isaac"Steam App 12210" = Grand Theft Auto IV"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City"Steam App 1250" = Killing Floor"Steam App 17550" = Eternal Silence"Steam App 200710" = Torchlight II"Steam App 212220" = Dungeon Fighter Online"Steam App 212680" = FTL: Faster Than Light"Steam App 215" = Source SDK Base"Steam App 219150" = Hotline Miami"Steam App 220" = Half-Life 2"Steam App 221260" = Little Inferno"Steam App 22380" = Fallout: New Vegas"Steam App 22480" = GECK - New Vegas Edition"Steam App 240" = Counter-Strike: Source"Steam App 27940" = Dead Horde"Steam App 300" = Day of Defeat: Source"Steam App 320" = Half-Life 2: Deathmatch"Steam App 340" = Half-Life 2: Lost Coast"Steam App 35420" = Killing Floor Mod: Defence Alliance 2"Steam App 36620" = Forsaken World"Steam App 380" = Half-Life 2: Episode One"Steam App 400" = Portal"Steam App 4000" = Garry's Mod"Steam App 4010" = Garry's Mod 13 Beta"Steam App 420" = Half-Life 2: Episode Two"Steam App 42910" = Magicka"Steam App 440" = Team Fortress 2"Steam App 550" = Left 4 Dead 2"Steam App 55230" = Saints Row: The Third"Steam App 6850" = Hitman 2: Silent Assassin"Steam App 6860" = Hitman: Blood Money"Steam App 6900" = Hitman: Codename 47"Steam App 8190" = Just Cause 2"Steam App 8980" = Borderlands"Steam App 91600" = Sanctum"Steam App 99900" = Spiral Knights"SystemRequirementsLab" = System Requirements Lab"The Secret World_is1" = The Secret World"Uniblue RegistryBooster" = Uniblue RegistryBooster"uTorrent" = µTorrent"uTorrent Acceleration Tool" = uTorrent Acceleration Tool"VLC media player" = VLC media player 2.0.5"Warhammer 40,000 Boltgun1.0" = Warhammer 40,000 Boltgun"WinLiveSuite" = Windows Live Essentials"WinRAR archiver" = WinRAR archiver"World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2975216493-871587154-3665915270-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Amazon Kindle" = Amazon Kindle"AOL Messaging Toolbar" = AOL Messaging Toolbar"SkyDriveSetup.exe" = Microsoft SkyDrive < End of report > Link to post Share on other sites More sharing options...
Recommended Posts