1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer freezes a minute or two after login

Discussion in 'Virus & Other Malware Removal' started by muhrich, Sep 11, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. muhrich

    muhrich Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    3
    As the title says my computer has been freezing every time i login. It used to do it only once in a while but now every time unless i start in safe mode. Please help

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:55:56 PM, on 9/10/2012
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
    O4 - HKLM\..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Steam] "D:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15074 bytes

    Just ran OTL under the instructions given in another form on here (http://forums.techguy.org/virus-other-malware-removal/922027-computer-freezes-after-about-five.html) and this is what i got.

    OTL logfile created on: 9/10/2012 10:02:36 PM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Daddy\Documents
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 4.98 Gb Available Physical Memory | 83.17% Memory free
    11.98 Gb Paging File | 11.06 Gb Available in Paging File | 92.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 688.87 Gb Total Space | 553.93 Gb Free Space | 80.41% Space Free | Partition Type: NTFS
    Drive D: | 74.52 Gb Total Space | 14.83 Gb Free Space | 19.90% Space Free | Partition Type: NTFS

    Computer Name: THONE | User Name: Daddy | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/10 22:01:24 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Documents\OTL.exe
    PRC - [2012/08/14 19:14:09 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    PRC - [2012/08/07 08:46:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/02/22 10:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/04 20:52:28 | 000,112,318 | ---- | M] () -- C:\Users\Daddy\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
    MOD - [2012/08/14 19:14:09 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    MOD - [2012/08/07 08:46:09 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/07/31 22:25:27 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
    MOD - [2012/07/31 22:24:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/07/31 20:58:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/12 19:32:39 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
    MOD - [2012/05/12 19:32:39 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
    MOD - [2012/05/12 19:32:38 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
    MOD - [2012/05/12 19:32:37 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/05/12 19:31:49 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
    MOD - [2012/05/12 19:31:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/12 19:31:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/12 19:31:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 19:29:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/02/22 11:28:04 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\Client.XmlSerializers.dll
    MOD - [2011/02/16 13:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
    MOD - [2010/11/19 21:12:59 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/12 10:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
    SRV:64bit: - [2011/12/05 20:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
    SRV - [2012/08/14 19:14:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/07 08:46:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/20 21:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2011/12/24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
    SRV - [2011/10/01 15:54:08 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
    SRV - [2011/10/01 15:54:00 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/06/06 09:36:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/21 18:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/23 11:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2008/01/09 17:36:26 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/01/09 17:27:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/13 23:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/05 20:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/12/05 20:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/12/05 19:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
    DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
    DRV:64bit: - [2011/10/20 11:24:16 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
    DRV:64bit: - [2011/09/12 16:17:42 | 000,639,280 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/28 07:00:34 | 000,035,200 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
    DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/03/09 03:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/12/14 13:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
    DRV:64bit: - [2009/12/14 13:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
    DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009/09/22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/08/13 16:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/06/17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/09/23 17:19:04 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)
    DRV:64bit: - [2008/08/14 14:30:10 | 000,335,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
    DRV:64bit: - [2008/08/12 17:13:23 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/01/24 16:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2007/07/23 10:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
    DRV:64bit: - [2007/03/20 12:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/06/11 11:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Daddy\Desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {B4985BD2-9802-47DE-8361-B03D07E81A8A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{ADEFEFA8-0FB6-45D5-B947-36529536ED31}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKCU\..\SearchScopes\{B4985BD2-9802-47DE-8361-B03D07E81A8A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
    FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
    FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.9
    FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.1
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - prefs.js..extensions.enabledItems: [email protected]:4.0.23.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44172
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
    FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
    FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
    FF - prefs.js..extensions.enabledItems: [email protected]:4.51
    FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/04 13:58:24 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/04 13:58:24 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.70351: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Daddy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/09/04 14:32:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/09/04 14:32:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/09/04 15:18:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 08:46:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/04 14:22:09 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Daddy\AppData\Roaming\Move Networks [2009/11/21 13:55:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    [2009/10/24 13:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\Extensions
    [2009/07/18 11:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\Extensions\[email protected]
    [2012/09/10 21:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\pivlyd7l.default\extensions
    [2010/05/26 17:38:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\pivlyd7l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/27 10:57:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\pivlyd7l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/02/04 18:12:22 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\pivlyd7l.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2009/10/24 13:43:17 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\pivlyd7l.default\extensions\[email protected]
    [2011/12/25 13:10:56 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\pivlyd7l.default\extensions\[email protected]
    [2012/02/08 23:28:21 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Daddy\AppData\Roaming\mozilla\Firefox\Profiles\pivlyd7l.default\extensions\[email protected]
    [2011/07/03 16:58:08 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\firefox\profiles\pivlyd7l.default\extensions\[email protected]
    [2012/08/13 08:15:47 | 000,340,132 | ---- | M] () (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\firefox\profiles\pivlyd7l.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
    [2012/02/10 02:38:15 | 000,265,651 | ---- | M] () (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\firefox\profiles\pivlyd7l.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}.xpi
    [2012/09/10 21:25:42 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\firefox\profiles\pivlyd7l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2012/08/13 08:15:47 | 000,045,226 | ---- | M] () (No name found) -- C:\Users\Daddy\AppData\Roaming\mozilla\firefox\profiles\pivlyd7l.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
    [2012/09/04 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/31 22:35:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/09/04 14:27:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/08/07 08:46:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/05/12 19:30:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/05/12 19:30:09 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATICustomerCare] c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
    O4 - HKCU..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
    O4 - HKCU..\Run: [DriverMax_RESTART] File not found
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKCU..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
    O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
    O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab (Battlefield Play4Free Updater)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81FE98A4-F98A-4484-A475-18947697DAA5}: DhcpNameServer = 10.0.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2006/02/28 12:35:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{c6f18b06-f7ea-11de-8882-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{c6f18b06-f7ea-11de-8882-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe
    O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Unable to start System Restore Service. Error code 1084

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/10 22:01:24 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Daddy\Documents\OTL.exe
    [2012/09/10 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\ElevatedDiagnostics
    [2012/09/10 21:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/09/10 21:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2012/09/10 21:35:21 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Daddy\Documents\HJTInstall.exe
    [2012/09/04 16:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2012/09/04 16:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/09/04 16:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ideazon Z Engine
    [2012/09/04 16:05:48 | 058,958,416 | ---- | C] (Ideazon ) -- C:\Users\Daddy\Documents\ZE_25030_NA_64.exe
    [2012/09/04 14:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/09/04 14:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/09/04 14:41:46 | 000,000,000 | R--D | C] -- C:\Backup
    [2012/09/04 14:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
    [2012/09/04 14:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

    ========== Files - Modified Within 30 Days ==========

    [2012/09/10 22:01:24 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Documents\OTL.exe
    [2012/09/10 21:49:30 | 000,000,989 | ---- | M] () -- C:\Users\Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2012/09/10 21:37:16 | 000,002,095 | ---- | M] () -- C:\Users\Daddy\Desktop\HijackThis.lnk
    [2012/09/10 21:35:21 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Daddy\Documents\HJTInstall.exe
    [2012/09/10 21:28:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/10 21:28:49 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/10 20:14:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/04 20:51:02 | 005,003,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/04 16:26:06 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/09/04 16:25:37 | 001,606,656 | ---- | M] () -- C:\Users\Daddy\Documents\SteamInstall.msi
    [2012/09/04 16:06:17 | 058,958,416 | ---- | M] (Ideazon ) -- C:\Users\Daddy\Documents\ZE_25030_NA_64.exe
    [2012/09/04 15:14:38 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
    [2012/09/04 15:14:37 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
    [2012/09/04 14:46:01 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/04 14:46:01 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/04 14:44:04 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/09/04 14:22:59 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/08/12 23:05:53 | 000,743,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/12 23:05:53 | 000,635,834 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/12 23:05:53 | 000,111,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2012/09/10 21:49:30 | 000,000,989 | ---- | C] () -- C:\Users\Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2012/09/10 21:37:16 | 000,002,095 | ---- | C] () -- C:\Users\Daddy\Desktop\HijackThis.lnk
    [2012/09/04 16:26:06 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/09/04 16:25:36 | 001,606,656 | ---- | C] () -- C:\Users\Daddy\Documents\SteamInstall.msi
    [2012/09/04 14:44:04 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/09/04 14:34:38 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
    [2012/09/04 14:34:38 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
    [2012/08/15 12:26:31 | 005,003,776 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/11/09 19:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/11/09 19:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/09/05 18:54:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/07/22 19:26:04 | 000,162,548 | ---- | C] () -- C:\Windows\hpoins33.dat
    [2011/07/22 19:26:04 | 000,000,820 | ---- | C] () -- C:\Windows\hpomdl33.dat
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/12/27 22:33:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/12/26 21:49:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/10/04 18:14:32 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
    [2010/01/23 13:54:33 | 000,007,619 | ---- | C] () -- C:\Users\Daddy\AppData\Local\Resmon.ResmonCfg
    [2010/01/06 21:54:04 | 000,000,580 | ---- | C] () -- C:\Users\Daddy\AppData\Roaming\wklnhst.dat
    [2010/01/05 20:45:12 | 000,004,608 | ---- | C] () -- C:\Users\Daddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/21 13:33:39 | 000,001,756 | ---- | C] () -- C:\Users\Daddy\Counter-Strike Source.lnk

    ========== LOP Check ==========

    [2012/09/10 21:50:53 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\BitTorrent
    [2011/08/27 22:05:31 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/10/04 19:02:43 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\com.cricut.Cricut-CraftRoom
    [2011/03/12 17:05:01 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Command and Conquer 4
    [2012/08/05 09:43:19 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Dropbox
    [2009/10/24 13:43:07 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Ideazon
    [2010/07/13 23:58:36 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\LolClient
    [2010/12/17 21:50:12 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\OnLive App
    [2011/10/23 22:46:57 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Origin
    [2009/10/24 13:43:21 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\PACE Anti-Piracy
    [2011/03/12 17:12:09 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Red Alert 3
    [2009/12/26 10:59:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Red Alert 3 Demo
    [2011/02/28 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Red Alert 3 Uprising
    [2010/01/03 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\runic games
    [2011/07/23 10:46:12 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Softland
    [2010/09/04 15:34:17 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\SPORE
    [2010/01/06 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Template
    [2009/12/25 18:27:10 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\The Creative Assembly
    [2009/10/24 13:43:21 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\TomTom
    [2010/10/23 12:26:58 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Tropico 3
    [2009/11/11 19:21:07 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Tropico 3 Demo
    [2009/11/11 23:43:22 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Tropico3
    [2010/10/30 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Windows Live Writer
    [2012/01/26 11:46:55 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\YosemiteSync
    [2012/09/04 20:51:13 | 000,004,096 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >
    [2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

    < MD5 for: AGP440.SYS >
    [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
    [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
    [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
    [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
    [2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: IASTOR.SYS >
    [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
    [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
    [2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
    [2008/07/20 02:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel RAID imsm\F6 Install Floppy Create for 32 and 64 bit Windows\IaStor.sys
    [2008/07/20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
    [2008/07/20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b713da3dc2c70b47\iaStor.sys

    < MD5 for: IASTORV.SYS >
    [2010/11/20 06:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
    [2010/11/20 06:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
    [2011/03/10 23:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
    [2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
    [2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
    [2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
    [2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
    [2011/03/10 23:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
    [2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [2010/11/20 06:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
    [2010/11/20 06:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
    [2010/11/20 05:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
    [2010/11/20 05:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
    [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
    [2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
    [2011/03/10 23:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
    [2011/03/10 23:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
    [2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
    [2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
    [2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
    [2010/11/20 06:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
    [2010/11/20 06:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
    [2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
    [2010/11/20 05:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
    [2010/11/20 05:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
    [2011/05/23 19:11:44 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
    [2011/05/23 19:11:44 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:FqMHKVSL6sHdOZbxQuUaP
    @Alternate Data Stream - 1206 bytes -> C:\ProgramData\Microsoft:uO6nkdydN6ZoIHojHqIuO

    < End of report >



    OTL Extras logfile created on: 9/10/2012 10:02:36 PM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Daddy\Documents
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 4.98 Gb Available Physical Memory | 83.17% Memory free
    11.98 Gb Paging File | 11.06 Gb Available in Paging File | 92.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 688.87 Gb Total Space | 553.93 Gb Free Space | 80.41% Space Free | Partition Type: NTFS
    Drive D: | 74.52 Gb Total Space | 14.83 Gb Free Space | 19.90% Space Free | Partition Type: NTFS

    Computer Name: THONE | User Name: Daddy | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02C3252D-D0DF-43C5-902D-B0776DE49C98}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{03C3DEB9-230D-4056-8ED7-A9CFADDA6555}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
    "{23F7E5BE-23B1-44A2-8943-DE97A52743B0}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
    "{2E7D2D2D-FC9A-4F68-82E5-6A23775CF861}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{444104FC-A561-4346-BAE2-D0C48C55EDB8}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
    "{5A926D58-A003-402C-A9AD-DC1D044E1805}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
    "{5E9F0733-17B7-46A0-8637-443E3D5354EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{902E35AF-96D7-43AE-9D01-3E4D8A67DF7E}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
    "{AC86D7C1-BE34-4079-977D-1CA637726565}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{AEE6460D-F237-4F9A-AA56-4B6A5898451E}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
    "{B6BD6A8C-FA0C-454D-9F8F-4D540E3265BF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
    "{D112157D-B7AF-425C-8E2D-5CA77192ADB2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DB569DF9-F5B3-4D17-A29A-CCCF779BEE05}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
    "{DDB57E5B-8B19-4E88-AEED-D4F03DFBB3B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F85C84FD-2E4D-4906-B2D6-EFC668F56B7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{006E1FC9-13BE-49D0-B6C1-BAA7B096B0CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |
    "{00BECCE6-9A55-476C-ABC3-E7D7F4168E78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
    "{05ECDF17-0AC6-4D2A-BAC9-803863135152}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
    "{0762ADEC-D3FD-441A-B8EC-528690C09EA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
    "{07DAA824-D4D1-47B2-BD39-4FD65F99520E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |
    "{07E7717A-8E0E-4CD2-B29D-EA07D1A9CF91}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{088FE919-D221-4A5E-B830-F0F7F7F08373}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{09694294-9A5E-4993-A8FC-440582A6E7C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
    "{0BC17DDC-5587-4EC9-93C7-9DA850880C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
    "{0FF9C50F-D2A8-4A02-BCE9-C08BF32CDA0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
    "{101EAF4C-8364-44A2-A2CA-747DFF94E5D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal ii the awakening\system\unreal2.exe |
    "{111DF8AB-BD49-482A-9093-7D767AC71418}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{119217A0-621B-4F49-BCB8-16060635E82B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |
    "{11BBD40C-77EB-4DD5-9224-A554DEA0C644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
    "{12E1BE23-7176-4243-924E-32573C24CD36}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{1327F8A4-5190-461A-BBE1-15E48068363C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{142FE41F-2FD7-4D66-ABBF-45A3A197980F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{156E4E34-531D-4881-BEF8-2629690EC4D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{16C0A3A8-D43B-4184-9363-E4906DF29C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
    "{17548DBF-43BF-4A12-A997-1F3F7386D8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
    "{19B5E149-59E5-4F8F-9B1C-37D9C63DFCE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
    "{19F33B58-36C6-40DE-A0F3-B738729F44D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
    "{1C817E66-EC3D-4F6D-9A12-4EECC3B3FD72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm |
    "{1E045C97-AF86-4F0F-8397-797AA30A6360}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\runme.exe |
    "{1F38B1FD-01F9-402F-8E68-6092A21B9548}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
    "{1FD7FE46-DCAF-4590-8C24-AC0A74205712}" = protocol=6 | dir=in | app=c:\users\daddy\appdata\roaming\dropbox\bin\dropbox.exe |
    "{22E1DDD4-410B-40F4-91DC-7B0BF06BD916}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{25508655-D5CB-453F-A513-463FC870F099}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{25AFB737-1B0F-44CE-A649-CF7A2ED5E22A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\mohmpgame.exe |
    "{25B3DB22-A9DF-4DB4-9985-5472C8FDB9AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
    "{2642C05F-830F-4172-80BD-3E308965FA41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
    "{280544F6-7216-480B-8D32-41F06D825161}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{292566BD-4E60-42DD-B82F-75F3D5A5C19D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2A36A195-3917-4C67-BF02-243EE0B3FD28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{2C5587EF-27EA-450A-A21E-50289D7C7D85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
    "{2C90145A-C121-4CCE-BF90-CE0C971E7C4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
    "{2E82A968-332D-487D-9DEB-0F7963ABB3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
    "{2F0C72C5-AD72-4853-8A8A-43A1D21A402C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{2FCBAAB2-D7A4-478E-8BBE-CFEC9F5EC061}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zero gear\zerogear.bat |
    "{3150AECB-AFBC-49C9-8AD3-7106A0580977}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{31D10D9D-DC9C-4F2B-A200-D00B42312311}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{321ECFBC-5027-4A9D-9360-C8ADE9F7AD24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{330D593E-89D3-43F4-9C3D-E9DAEDA9EAA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm |
    "{33E1F389-50C4-4BA1-B253-27550044BEB9}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{35AB90BC-2FA9-4A26-B56A-78F2150134E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{35CA4C6C-76EA-44C7-A715-DE6561E3BF95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
    "{36125489-8731-40BD-94B1-A5416BF94224}" = protocol=6 | dir=in | app=d:\program files\valve\steam\steam.exe |
    "{3642BA0C-764B-4FFF-81DD-4DF61BD03D47}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{36C5D07A-75D2-430D-A34A-2D4495ACDC0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{385303CE-0779-4E65-AA4D-B94A0CAB4697}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{3A48BAB8-0022-4B19-92C6-760E9EF6C176}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{3B2B1A2C-B776-49CB-B57C-3A2DDEF54662}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
    "{3C30995E-C161-41C7-BF4B-0FC777DCA00C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal gold\system\unreal.exe |
    "{3D23DDDD-749F-47C5-946B-108C9E5FD350}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{3E45287D-CE42-4935-B6F1-4F582A064589}" = protocol=17 | dir=in | app=d:\program files\valve\steam\steam.exe |
    "{3EB3FF64-43FB-4539-81C7-283C794BE543}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
    "{3F6D44AE-D5AC-46EB-8FC6-1BE596A0124B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
    "{40EE5278-8D69-4659-BD22-2DD011F45AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
    "{432C0499-305B-48A0-982F-34D05AFAAC8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |
    "{44172E67-592C-4700-9B75-AE58BAACFF86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
    "{455E918D-1886-4D5C-A03E-402329409C89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
    "{4A40DB45-2CC1-4C95-A441-5BEEC412C30C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
    "{4CE82920-B007-49DE-BEC9-B8B9CFE4ABC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{4D0993EB-3B7E-4F0F-AFE1-CBF4E6768C4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{4DD189DB-A87C-430F-B074-859B062F9C59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
    "{4FD170F1-C218-4296-A6FF-DB0C78C76E2A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{51E3B320-2C5B-4A38-9E60-875786BF1F91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\mohmpgame.exe |
    "{5444221A-B1F6-4C53-AA95-BF3B08AC425B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklight tango down\binaries\win32\bltd.exe |
    "{54C60F29-73E9-4A41-B74C-D258E2907430}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
    "{55826515-F6AC-443A-BAE0-009EE08DF417}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{566DA48E-AAB9-40B3-A579-CEFBB6882FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{586732EE-6635-4827-9DC0-8C79CB19AAF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{5D50BD9D-7549-4E59-8083-928DFDFC017C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
    "{601954D0-73F1-4998-BD7B-33933B24F81A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
    "{606A4D8D-647C-41AA-A129-22EED03AFFAF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{60736EBF-0503-49BC-8B0C-405575954FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
    "{61321788-37A3-4302-AE1F-ED19821ED461}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe |
    "{61459F19-F351-4CD3-B45C-027589D0F092}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{618A3316-566F-4D46-9893-241D025BF6EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal gold\system\unreal.exe |
    "{63E16E8D-638D-4366-87BC-F1399C66B442}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
    "{64317FAB-9718-4890-981B-CA601CE289E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm |
    "{6519BA0A-5259-460C-846A-36ABF72B4E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
    "{6963EEDA-A27D-412A-B300-35D98871A88E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{6B8FA7D4-FE02-4322-A73A-055A5F645D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
    "{6D98AF9D-E4B5-4646-984A-CEE6829EC9DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
    "{6F13CD9A-D81F-481E-A84D-0D6F7FA951FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
    "{71269494-D39B-405B-84D5-067CB1C639A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7345803F-BBD9-4D04-B883-6965D326CEDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |
    "{7628F6F2-A385-4707-AB1A-1EFD4E453790}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm |
    "{7768EC4F-D263-4B5F-A5EB-94E4C712EF66}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{7A4CD824-54F2-4C8F-8E1A-DB4614D8DDA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
    "{7B0735D2-312D-4BB5-819B-4BFE02240147}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{7F4DD20B-611C-43B3-88F5-E71A0D9EDFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\take on helicopters demo\takeonhdemo.exe |
    "{805E87B6-DD80-479C-BC0F-392EDFE8B2F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
    "{817AF062-629D-419D-BD6D-B77E732D3567}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
    "{81E5022F-54F7-44CE-972D-5245E0B59A80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal ii the awakening\system\unreal2.exe |
    "{82FA2B65-AD53-4E35-9012-404534E6E9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\take on helicopters demo\takeonhdemo.exe |
    "{843C972D-3DB2-428A-84A7-5D08D51E9E61}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{86BF76E5-ECE1-4082-A231-E846CC92A0EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{86D01D90-2E48-4C37-B248-8700A853B719}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
    "{8962F3EB-D82F-42B2-BC23-80DF2435ABCC}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{8D3F1F12-3719-44C0-9AE6-7EE4C4C3FC78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
    "{8EA4FC12-95D4-49FA-B9FC-BFA94ED30227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
    "{90B0849E-5CDA-41C6-A258-FCDF6157E637}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
    "{97322475-7986-4403-BCAA-7F19CF7EFA73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\mission editor\missioneditor.exe |
    "{98774DD0-700E-4519-9D26-2031D4BF4607}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{98A00C6E-24E4-4D2C-9F58-369DAF2E58B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
    "{98D7E187-8A8F-4690-860A-0C68F0F40BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
    "{99F5E31E-815D-4B01-8B76-952673559748}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
    "{9DD8ECA7-891F-4D96-88FB-2F4A7FA5417B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
    "{9E49CE98-A663-4BCA-8173-E5952D603EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
    "{9EB05197-5802-40F2-9383-C72393F62540}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
    "{9FA33FAF-AE54-4FEC-8454-BA3E2469A61A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |
    "{9FA504C8-F28A-4559-B9A4-1D776778E54F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
    "{A012EF0F-9256-4F31-828E-6AF31B897308}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
    "{A1AC82AA-6E6E-4D6E-B0FE-8AEC4000B71F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{A5314810-3177-440B-AF70-8AE60F537A4E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{A87CA9C3-1680-406F-9E29-CDD262633A9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
    "{A9A9E512-1CD7-4266-82A5-A3E8E1C18F07}" = protocol=17 | dir=in | app=c:\users\daddy\appdata\roaming\dropbox\bin\dropbox.exe |
    "{A9C6D595-B171-4EE4-8B8B-0905BC555776}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{AA2E0F81-860A-494F-85A5-CFF2A00F1405}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklight tango down\binaries\win32\bltd.exe |
    "{AC596A47-5434-4BEE-83DB-CE951E7665FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
    "{ADE8617A-E2D7-45D9-A368-01BE313678B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{AE9E7168-BD63-49F2-9870-F8EBF50B5929}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{B0373AF6-17BE-49F0-8E89-56AAF8AD73CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
    "{B0C2F5E6-F946-45D7-8B91-12DEB9E0BB8B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
    "{B183E55B-AE8E-4488-B1E8-92E0295F1FA9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{B228C123-E723-40B2-A1D2-596B4DB51678}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{B22ADAD2-54A1-4EA6-A6ED-CC8E50C4FF03}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{B4D711E1-F3A0-41C8-A875-C855E9D07404}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
    "{B529E698-18F8-48B1-85DF-22094145BB9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3loader.exe |
    "{B67DEE41-3229-4429-999F-B273AED31962}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\secret of the magic crystal\secret of the magic crystal.exe |
    "{B710B76E-0B08-438F-B241-18AD72EEF73C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
    "{B74BD280-9FB6-4179-8083-2F36B2A233AF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe |
    "{B83939EB-4E42-487F-972A-37CC1D802E06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
    "{BAF55F68-9009-4682-AFAE-A9AE6CBA80D5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe |
    "{BCB32413-A447-458C-8E36-9CF348E5F1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{C0215465-89D0-4AA7-976A-A11F679FA1C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
    "{C0C81E44-3F9C-44EB-9B13-87EDA2B57737}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
    "{C27B0B9B-3521-47AA-9DA2-35B89B55AD23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
    "{C4EFA116-73D1-468C-A28F-A376859DA9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe |
    "{C6DAD45D-3A68-4F9C-A85D-81C8FA622480}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe |
    "{C6E16FD7-F25E-4AB8-9607-D83928A96CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
    "{C84F6806-75CF-4EE3-9C4E-96A65C15B81D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{C995DE1F-C6F7-4035-949A-44A5E577984A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{CA903554-3A0C-4892-9E50-D6B82CDB128B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
    "{CB741930-4D6B-470E-B05B-156BEDF85F08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{CF76AD2D-DC16-4A83-A15F-B288EA3796BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
    "{CFCD2B27-5B58-4A3E-BED8-3DBE3A2110AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frontlines fuel of war\binaries\ffow.exe |
    "{D05BDC73-2B05-43F1-8293-9BBC2E9241C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\secret of the magic crystal\secret of the magic crystal.exe |
    "{D0DC088C-4B8F-45F5-95F1-F2412B8510C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
    "{D2923A76-700A-4040-A489-371AC6C4CC80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe |
    "{D3987855-C3CA-4B0D-938A-148A89F5E30A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
    "{D96C0E3B-E50C-4032-9703-8621BBECF8FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |
    "{DA77F4B6-5F3B-4A29-9E53-0A1A51E97589}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DB633C76-32BF-4916-9FF0-09642C939701}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
    "{DC8688CE-5436-4FAD-8989-9B13D542E561}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{DDAAE282-DAD6-4104-A743-ABE99138EE2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{DED2410F-4AC0-4B81-A386-7959704E2E94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
    "{DF0FE488-66C6-4796-955C-5B4DFA9C6F3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
    "{E18E78B8-8319-49FD-AB0F-25B77AF230E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{E5460CE5-8FD2-4F85-BD8D-BDCE525668FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe |
    "{E557D0D1-2A4A-4DF2-AB37-72193D4EBA50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
    "{E5A669CC-75C5-499B-9128-D3AE1186C0C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
    "{E7CE263C-3B12-44A1-B983-E4A882E8D5FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
    "{E82C4EA5-BF2E-4680-AB89-9BAF5B8FA154}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
    "{E9A408EB-D966-4F08-8C8D-57289CE7CC13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{EB61C2B2-54F4-485A-B016-B2708E20E54A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
    "{EC356730-F14E-48A8-98A7-13C55B07AE59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
    "{EC8B8EA8-AFC1-48C2-ABF8-222B40B32487}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zero gear\zerogear.bat |
    "{ED202013-6B42-4385-BE19-0AD2EB47505D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{ED4B98CD-C4F2-49A0-BAAF-A3E6BBD8BEF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{ED5EC914-1486-4C83-8AEA-89B5634065C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{ED9E1735-55EC-41E9-9715-F3E602694CB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{EEB70D68-0A8F-49C7-8C74-39B21577BF43}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{F07E68C1-1008-41C9-9C51-BF2BB46550D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\runme.exe |
    "{F07FB90D-5EC6-4BBB-BF0C-A64B0163F09C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frontlines fuel of war\binaries\ffow.exe |
    "{F286A67D-ED32-4B26-8014-751674CEE6FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
    "{F2DDC98E-3792-47A2-BE27-19D58DEF2FCB}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{F375DA2A-B1C6-46AF-B985-50F7F49FD869}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
    "{F56A6504-072B-41F9-827A-5E54BBB0A3A1}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe |
    "{F8D25371-E41E-4510-A92C-6FE350694E7F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
    "{FA461087-D8A6-4BB9-A613-FD6369A2D186}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
    "{FC165BE4-D591-4587-8631-F1B8DFDD6A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
    "{FCF07B2F-893F-4E6C-B582-F4825029F8F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
    "{FD745607-33E7-41C1-B28A-A3D5B480B666}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
    "{FE71BB36-6137-4032-AE97-6516B90B568D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
    "{FF78AA3B-D444-4EC2-820A-923825D0C6C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
    "TCP Query User{5508ED93-5B4A-49E9-B426-F55B8796F1C5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{894F99A7-7A9D-4450-AD7C-F38335C18F2B}C:\program files\d-link\shareport utility\connect.exe" = protocol=6 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
    "TCP Query User{9B39E336-B2F4-4D38-81FD-BF4CD1F96BB1}C:\program files (x86)\electronic arts\battlefield 2142\bf2142pace.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142pace.exe |
    "TCP Query User{A01BE209-F272-4C8F-B9D0-DCA4276C45B4}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "TCP Query User{AFA2C647-DBF5-4A54-9556-AC1767D7A703}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
    "UDP Query User{5B5131AF-62B3-4C50-998C-2C7266B290B5}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
    "UDP Query User{8BA0F55F-F6D5-483C-9F36-F742DAC95B8E}C:\program files (x86)\electronic arts\battlefield 2142\bf2142pace.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142pace.exe |
    "UDP Query User{AAF564AC-300F-4259-9CC9-0E4871BB47EA}C:\program files\d-link\shareport utility\connect.exe" = protocol=17 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
    "UDP Query User{AB7B4A9D-2177-4D5F-972A-B3ABB85820F1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{D0989EC6-A8CD-4279-9FC3-BFA037D32BFC}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{47D73AFC-EC15-4B22-96D8-FC4487EBBE57}" = Intel(R) Network Connections 17.1.55.0
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}" = HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7B475B52-8C5B-16F9-20A0-A01DCD1A6EF2}" = ATI AVIVO64 Codecs
    "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
    "{825C7AAC-C5D5-B89B-EBA1-D4DFC5E46D6C}" = AMD Drag and Drop Transcoding
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
    "Defraggler" = Defraggler
    "doPDF 7 printer_is1" = doPDF 7.2 printer
    "F2113B6DA5013A2F764FDB4C8A187CF2DB1F025C" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PROSetDX" = Intel(R) Network Connections 17.1.55.0
    "Speccy" = Speccy
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{354D401F-05B6-4A1D-8E92-47C1BBC5302C}" = C5500
    "{35C98EB9-C39E-F602-D980-59355711CD37}" = Catalyst Control Center InstallProxy
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
    "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63B07463-2E1B-4B7F-AF79-4D4D3E98F03B}" = Sound Blaster X-Fi MB
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6DD5A7FC-0DC3-4BCC-BCDF-3A4EBE565799}" = PS_AIO_04_C5500_Software_Min
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
    "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A443DF0-5B01-F3A4-D5C4-6C3E89D99061}" = Cricut CraftRoom
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{9F9647AC-5C02-2812-E2E1-898ED8F83F9A}" = CricutSync
    "{A0C32A95-848F-73FD-ACFC-C66EF566B91B}" = HydraVision
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7E99FEB-A620-40B0-9B37-4410738B351E}" = Sound Blaster X-Fi MB
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
    "{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}" = Realtek Card Reader
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.cricut.Cricut-CraftRoom" = Cricut CraftRoom
    "Diablo II" = Diablo II
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DMX5_is1" = DriverMax 5
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ESN Sonar-0.70.0" = ESN Sonar
    "FLV Player" = FLV Player 2.0 (build 25)
    "GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OnLive" = OnLive
    "OpenAL" = OpenAL
    "Origin" = Origin
    "OUTLOOKR" = Microsoft Office Outlook 2007
    "PunkBusterSvc" = PunkBuster Services
    "Starcraft" = Starcraft
    "StarCraft II" = StarCraft II
    "TomTom HOME" = TomTom HOME 2.8.2.2264
    "Warcraft III" = Warcraft III
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WinZip Self-Extractor" = WinZip Self-Extractor
    "YosemiteSync" = CricutSync

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Diablo II" = Diablo II
    "Dropbox" = Dropbox
    "insparia - Interior Inspirations" = insparia - Interior Inspirations
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/9/2012 2:02:44 AM | Computer Name = Thone | Source = HiRezSoftwareManagerSvc | ID = 0
    Description = Service cannot be started. System.Xml.XmlException: Root element is
    missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

    at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

    at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String
    filename) at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

    at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

    at Hirez.Patcher.PatchNetworkClient. (NewMessageCallback ) at Hirez.Patcher.PatchNetworkClient..ctor(String
    appConfigFilePath, NewMessageCallback logCallback) at Hirez.Patcher.HiPatchService.InternalStart()

    at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 9/10/2012 11:11:02 PM | Computer Name = Thone | Source = HiRezSoftwareManagerSvc | ID = 0
    Description = Service cannot be started. System.Xml.XmlException: Root element is
    missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

    at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

    at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String
    filename) at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

    at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

    at Hirez.Patcher.PatchNetworkClient. (NewMessageCallback ) at Hirez.Patcher.PatchNetworkClient..ctor(String
    appConfigFilePath, NewMessageCallback logCallback) at Hirez.Patcher.HiPatchService.InternalStart()

    at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 9/10/2012 11:11:09 PM | Computer Name = Thone | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_EventSystem, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: es.dll, version: 2001.12.8530.16385,
    time stamp: 0x4a5bdf7a Exception code: 0xc0000005 Fault offset: 0x000000000000c5d7
    Faulting
    process id: 0x534 Faulting application start time: 0x01cd8fcaf996d128 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\es.dll
    Report
    Id: 54c2f3b2-fbbe-11e1-86d1-002268384150

    Error - 9/10/2012 11:14:02 PM | Computer Name = Thone | Source = HiRezSoftwareManagerSvc | ID = 0
    Description = Service cannot be started. System.Xml.XmlException: Root element is
    missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

    at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

    at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String
    filename) at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

    at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

    at Hirez.Patcher.PatchNetworkClient. (NewMessageCallback ) at Hirez.Patcher.PatchNetworkClient..ctor(String
    appConfigFilePath, NewMessageCallback logCallback) at Hirez.Patcher.HiPatchService.InternalStart()

    at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 9/10/2012 11:25:58 PM | Computer Name = Thone | Source = HiRezSoftwareManagerSvc | ID = 0
    Description = Service cannot be started. System.Xml.XmlException: Root element is
    missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

    at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

    at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String
    filename) at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

    at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

    at Hirez.Patcher.PatchNetworkClient. (NewMessageCallback ) at Hirez.Patcher.PatchNetworkClient..ctor(String
    appConfigFilePath, NewMessageCallback logCallback) at Hirez.Patcher.HiPatchService.InternalStart()

    at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 9/10/2012 11:27:38 PM | Computer Name = Thone | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time
    stamp: 0x4ce7abf9 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
    stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x00000000000011cb Faulting
    process id: 0x460 Faulting application start time: 0x01cd8fcd0a540e21 Faulting application
    path: C:\Windows\system32\AUDIODG.EXE Faulting module path: C:\Windows\System32\msvcrt.dll
    Report
    Id: a21fddb6-fbc0-11e1-a4fc-002268384150

    Error - 9/10/2012 11:32:42 PM | Computer Name = Thone | Source = HiRezSoftwareManagerSvc | ID = 0
    Description = Service cannot be started. System.Xml.XmlException: Root element is
    missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

    at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

    at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String
    filename) at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

    at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

    at Hirez.Patcher.PatchNetworkClient. (NewMessageCallback ) at Hirez.Patcher.PatchNetworkClient..ctor(String
    appConfigFilePath, NewMessageCallback logCallback) at Hirez.Patcher.HiPatchService.InternalStart()

    at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 9/10/2012 11:49:03 PM | Computer Name = Thone | Source = HiRezSoftwareManagerSvc | ID = 0
    Description = Service cannot be started. System.Xml.XmlException: Root element is
    missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

    at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

    at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String
    filename) at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

    at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

    at Hirez.Patcher.PatchNetworkClient. (NewMessageCallback ) at Hirez.Patcher.PatchNetworkClient..ctor(String
    appConfigFilePath, NewMessageCallback logCallback) at Hirez.Patcher.HiPatchService.InternalStart()

    at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 9/11/2012 12:00:52 AM | Computer Name = Thone | Source = Outlook | ID = 34
    Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

    Error - 9/11/2012 12:00:52 AM | Computer Name = Thone | Source = Outlook | ID = 35
    Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

    Error - 9/11/2012 12:00:53 AM | Computer Name = Thone | Source = Outlook | ID = 34
    Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

    Error - 9/11/2012 12:00:53 AM | Computer Name = Thone | Source = Outlook | ID = 35
    Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

    Error - 9/11/2012 12:24:26 AM | Computer Name = Thone | Source = HiRezSoftwareManagerSvc | ID = 0
    Description = Service cannot be started. System.Xml.XmlException: Root element is
    missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

    at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

    at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String
    filename) at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

    at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

    at Hirez.Patcher.PatchNetworkClient. (NewMessageCallback ) at Hirez.Patcher.PatchNetworkClient..ctor(String
    appConfigFilePath, NewMessageCallback logCallback) at Hirez.Patcher.HiPatchService.InternalStart()

    at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 9/11/2012 12:47:02 AM | Computer Name = Thone | Source = System Restore | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 2/23/2009 6:37:37 PM | Computer Name = Thone | Source = McrMgr | ID = 109
    Description =

    Error - 5/17/2009 6:57:37 PM | Computer Name = Thone | Source = McrMgr | ID = 109
    Description =

    Error - 6/26/2011 1:35:04 AM | Computer Name = Thone | Source = Microsoft-Windows-Media Center Extender | ID = 301
    Description =

    [ OSession Events ]
    Error - 12/22/2008 2:18:14 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 54
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/24/2009 11:42:59 AM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/24/2010 11:42:01 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 38
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/1/2010 1:24:28 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 378
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 9/14/2010 8:06:44 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/14/2010 8:06:57 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 10/7/2010 6:54:43 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/17/2011 10:13:14 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/17/2011 10:13:27 PM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/1/2011 11:44:45 AM | Computer Name = Thone | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/11/2012 12:30:56 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/11/2012 12:30:56 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/11/2012 12:30:56 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/11/2012 12:30:56 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/11/2012 12:30:56 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/11/2012 12:30:56 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/11/2012 12:30:56 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1068

    Error - 9/11/2012 12:31:12 AM | Computer Name = Thone | Source = Service Control Manager | ID = 7001
    Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
    Provider Host service which failed to start because of the following error: %%1068

    Error - 9/11/2012 12:35:25 AM | Computer Name = Thone | Source = DCOM | ID = 10005
    Description =

    Error - 9/11/2012 12:35:26 AM | Computer Name = Thone | Source = DCOM | ID = 10005
    Description =


    < End of report >
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, my name is Mark and I will be helping you.

    IMPORTANT: Please take the time to read this first.
    For the benefit of others that are waiting for help please try to respond as fast as you can and make sure you read all of the instructions I will be giving you to follow. Time spent waiting for replies or having to repeat questions keeps other people waiting in the queue for help.

    I am in Spain at GMT+1 hour, I check my emails several times a day so will usually reply to your responses within a few hours or less unless it is night time here. During the evening here I will usually reply within minutes. Please try to do the same for a swift clean up. Some Malware needs to be dealt with quickly or it will multiply and become deeply embedded in your system and more difficult to find and remove, so quick replies will have more than one benefit.

    Keep in mind that I cannot see your PC, so please give as much detail as possible if something goes wrong or you receive any error messages.

    Malware can be unpredictable and often time consuming to remove, on rare occasions something can go awry and your system may need to have Windows re-installed. Please make sure before we start that you have copies of all your important data saved to an external hard drive or CD/DVD's. Please make sure you disconnect any external hard drives and/or Flash drives during the clean up.

    If you have run any scans that found an infection please let me know.

    DO NOT run any scans or make any changes that I have not asked you to do as this can cause misleading results and make my job much harder in trying to help you. Please also uninstall any file sharing software i.e. uTorrent, BitTorrent, etc, if you insist on keeping it do not use it until we are finished. Use of file sharing software is one of the easiest ways to get your PC infected.

    If I get no reply from you for three days I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.

    Please don't abandon the thread as soon as your PC starts to work normally again as there will be other important checks to make to help protect your system from re-infection. It is also important to follow the correct procedure when removing the tools used to ensure all quarantined infections are completely removed and infected Restore Points are safely deleted.

    Stick with me and we can quickly clean up your PC, if you cannot dedicate the time then a Reformat and Re-install will be your quickest option.

    __________________________________________________________________

    You should have followed this Here when you started your thread. You have used an outdated version of HJT, but with a 64bit system it is full of errors due to incomatability. Please read the advice and follow the instructions in that link to post both the logs from DDS. It is never advisable to follow what you may see in other threads as every situation is different.

    As you can only run in Safe Mode with Networking at present, then please continue to do so unless otherwise instructed.

    Please follow this to run Malwarebytes:


    Please download Malwarebytes Anti-Malware [​IMG] and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
    • Malwarebytes will automatically check for updates as soon as it is launched.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Double click on the Malwarebytes icon on your desktop to launch the program
    • Under the Scanner tab, make sure the Perform Quick Scan option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
    • NOTE: If no detections are found a log will automatically open in Notepad, please copy and paste the log back here and close all windows, in this case you do not need to continue.
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.
    NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
     
  3. muhrich

    muhrich Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    3
    I was able to install and run both programs however i was unable to find a way to rename the Malwarebytes .exe file before saving. The only options i saw and could find were save file and then also to use FlashGot or DownThemAll!. Here are the logs i got after running the two programs. * Sorry i did read your message but there is a drive that i had deactivated. i reactivated the drive so it could be included in the scans. Both scans were done after reactivation of drive. I will not do anything else that you don't specify in your directions. Thank you for helping.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:01:18 PM, on 9/11/2012
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - HKCU\..\Run: [Steam] "D:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15452 bytes











    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.11.09

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Daddy :: THONE [administrator]

    Protection: Disabled

    9/11/2012 7:03:12 PM
    mbam-log-2012-09-11 (19-03-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 297563
    Time elapsed: 5 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, thanks for those logs, but I didn't ask for another log from HJT.

    I did ask you for logs from DDS following instructions in the link I provided.

    Make sure you read my instructions more carefully, some things that we may have to do to get your PC's performance back to normal could have disastrous effects if you don't follow the instructions carefully. I hope you have read everything in my introductory post and followed all advice given. The golden rule is, If in doubt ask.

    Please now follow the instructions in that link and post both the logs produced by running DDS.

    I would also like you to run a scan with this tool and post that log also.

    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]
    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.
    [​IMG]
     
  5. muhrich

    muhrich Thread Starter

    Joined:
    Sep 10, 2012
    Messages:
    3
    Here are the logs you asked for plus the attached one. While i was trying to download then post these firefox and other things like flash player kept crashing and i got the blue screen of death three times. here are the details
    Crash Dump Analysis

    Crash dump directory: C:\Windows\Minidump

    Crash dumps are enabled on your computer.


    On Thu 9/13/2012 3:11:30 AM GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091212-24616-01.dmp
    This was probably caused by the following module: ntfs.sys (Ntfs+0x5A88)
    Bugcheck code: 0x24 (0x1904FB, 0xFFFFF88005411F58, 0xFFFFF880054117B0, 0xFFFFF80002DF69BC)
    Error: NTFS_FILE_SYSTEM
    file path: C:\Windows\system32\drivers\ntfs.sys
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT File System Driver
    Bug check description: This indicates a problem occurred in the NTFS file system.
    The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


    On Thu 9/13/2012 3:06:17 AM GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091212-26785-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x34 (0x50853, 0xFFFFF88002B4A808, 0xFFFFF88002B4A060, 0xFFFFF80002F7990A)
    Error: CACHE_MANAGER
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that a problem occurred in the file system's cache manager.
    This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Thu 9/13/2012 1:30:41 AM GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091212-24663-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002F651CF, 0xFFFFF88005FC4E80, 0x0)
    Error: SYSTEM_SERVICE_EXCEPTION
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.





    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
    Run by Daddy at 19:49:32 on 2012-09-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.3365 [GMT -7:00]
    .
    AV: Kaspersky PURE 2.0 *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
    SP: Kaspersky PURE 2.0 *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 2.0 *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=fx6800-01e&c=BB
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    uRun: [Steam] "D:\Program Files\Valve\Steam\Steam.exe" -silent
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
    mRun: [eRecoveryService]
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [LedKey] CNYHKey.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Daddy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTL~1.LNK - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{81FE98A4-F98A-4484-A475-18947697DAA5} : DhcpNameServer = 10.0.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO-X64: Skype add-on (mastermind) - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [eRecoveryService]
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [LedKey] CNYHKey.exe
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\pivlyd7l.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\abhelperxpcom.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
    FF - component: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\pivlyd7l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\pivlyd7l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\pivlyd7l.default\extensions\[email protected]\components\cooliris.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Daddy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\pivlyd7l.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
    FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\system32\DRIVERS\CSCrySec.sys --> C:\Windows\system32\DRIVERS\CSCrySec.sys [?]
    R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -r [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 250056]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-1-9 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-1-9 79360]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gwfilt64;gwfilt64;C:\Windows\system32\drivers\gwfilt64.sys --> C:\Windows\system32\drivers\gwfilt64.sys [?]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]
    S3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
    S4 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-30 24576]
    S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-17 8704]
    S4 Symantec Core LC;Symantec Core LC;C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-1-9 1245064]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-12 01:13:51 -------- d-----w- C:\Users\Daddy\AppData\Roaming\Malwarebytes
    2012-09-12 01:13:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-12 01:13:45 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-12 01:13:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-11 05:32:40 -------- d-----w- C:\Program Files\WhoCrashed
    2012-09-11 04:48:22 -------- d-----w- C:\Users\Daddy\AppData\Local\ElevatedDiagnostics
    2012-09-11 04:37:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-09-04 23:26:05 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-09-04 21:41:46 -------- d-----r- C:\Backup
    2012-09-04 21:29:03 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-09-04 16:02:35 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A4F8DA5-724D-46C3-9A7A-BEA53A190305}\mpengine.dll
    2012-08-15 03:03:34 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 03:03:34 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 03:03:32 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 03:03:32 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 03:03:32 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 03:03:32 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 03:03:30 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 03:03:30 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 03:03:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 03:03:30 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 03:03:29 956928 ----a-w- C:\Windows\System32\localspl.dll
    .
    ==================== Find3M ====================
    .
    2012-09-09 00:28:27 3524608 ----a-w- C:\Windows\System32\sppsvc.exe
    2012-09-09 00:24:07 594432 ----a-w- C:\Windows\System32\comdlg32.dll
    2012-09-08 03:33:41 123904 ----a-w- C:\Windows\System32\bcrypt.dll
    2012-09-08 03:33:40 642944 ----a-w- C:\Windows\System32\winload.efi
    2012-09-08 03:33:40 518672 ----a-w- C:\Windows\System32\winresume.exe
    2012-08-29 03:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-08-29 03:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-18 03:45:23 298104 ----a-w- C:\Windows\System32\bcryptprimitives.dll
    2012-08-16 17:23:11 569344 ----a-w- C:\Windows\System32\ddraw.dll
    2012-08-15 02:14:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 02:14:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-07 16:13:16 100352 ----a-w- C:\Windows\System32\dfboottime.exe
    2012-08-05 17:27:19 460800 ----a-w- C:\Windows\System32\certcli.dll
    2012-08-05 01:57:35 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2012-08-05 01:57:35 1065984 ----a-w- C:\Windows\System32\cryptui.dll
    2012-08-05 01:57:34 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-08-05 01:57:22 92160 ----a-w- C:\Windows\System32\drivers\cdfs.sys
    2012-08-02 02:39:17 512000 ----a-w- C:\Windows\System32\rpcss.dll
    2012-08-01 04:08:49 317952 ----a-w- C:\Windows\System32\dhcpcore.dll
    2012-07-28 05:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-07-28 05:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-07-28 05:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-07-28 05:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-07-28 05:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-07-28 05:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-07-28 05:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 19:49:40.67 ===============




    RogueKiller V8.0.2 [08/31/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : Daddy [Admin rights]
    Mode : Scan -- Date : 09/12/2012 20:14:59

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND
    [Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FOUND
    [Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST380817AS +++++
    --- User ---
    [MBR] ea17899fa0137b090622befff6cc556d
    [BSP] 24bcdafbfc2b0acb04f26606f86ed50d : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDS721075KLA330 +++++
    --- User ---
    [MBR] d578d4f7f4b62d86962ae52f5bdd8b13
    [BSP] 7ce63a4de46845b29594f8b91f4e6a4c : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     

    Attached Files:

  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Looking at the crash dumps and the various logs I suspect this is not a Malware issue and you either have a bad driver or a hardware fault, most likely hardware problem would be faulty hard drive or memmory.

    RogueKiller has detected two blacklisted items which I believe to be legitimate but these should be checked as follows:


    Go to one of the following online services that analyzes suspicious files:
    In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

    C:\Windows\system32\AmbRunE.dll <- this file
    C:\Windows\SysWOW64\drivers\int15_64.sys <- this file

    Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
    -- Post back with the results of the file analysis in your next reply.
    _________________________________________________________________

    Please run this as a final check for a Malware issue:

    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
    _________________________________________________________________

    Please run this to check the file system for errors:


    • Windows 7 System File Checker
    • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
    • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
    • Let the check run to completion.
      To find the log
    • Copy & Paste the following command at the Command Prompt and press Enter:
      findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
    • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
    • Zip up the file and attach it to your next post.

    _________________________________________________________________

    Please run this to do a preliminary test on the hard drive:

    Disk Check
    • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
    • You will then see the following message:
      chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
    • Type Y for yes, and hit Enter. Then reboot the computer.
    • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
    • When the Disk Check is done, it will finish loading Windows.
    Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
    Windows 7 Disk Check log
    Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
    You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    As stated in my introduction:

    Three days have passed without a reply so I am now marking this thread as resolved. Take note that the clean-up is not complete so your PC may still be infected and/or vulnerable to further infection.

    If you do wish to continue then please post back and let me know.

    My spare time is limited for dealing with Malware problems so I will only subscribe to a certain number of threads at any one time to be sure I have sufficient time available to analyse logs without having to rush or delay my replies. All the time that I am waiting for replies is time I could be using to help someone else.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1068507

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice