Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Several Viruses are attacking my computer. [Closed]


  • Please log in to reply

#16
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
This is the securitycheck:


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Java 2 Runtime Environment, SE v1.4.1
Java version out of Date!
Adobe Flash Player 11.4.402.265
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 19.8.0.14 ccSvcHst.exe
Sather Desktop virus hel SecurityCheck (1).exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


When i go to windows firewall, it gives me one button that says "Use recommended settings" i click it, and it thinks for a while, then does nothing.



I attached the adwcleaner like you said.


Here is the OTL:


OTL logfile created on: 9/21/2012 4:31:05 PM - Run 4
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Sather\Desktop\virus hel
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 11.26 Gb Available Physical Memory | 70.82% Memory free
31.81 Gb Paging File | 25.54 Gb Available in Paging File | 80.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.22 Gb Total Space | 122.98 Gb Free Space | 26.96% Space Free | Partition Type: NTFS
Drive D: | 7.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SATHER-PC | User Name: Sather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/21 15:37:52 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/09/15 12:09:19 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/09/15 12:09:11 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/05 22:33:30 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/05 22:06:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Sather\Desktop\virus hel\OTL.exe
PRC - [2012/08/16 10:21:34 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2012/03/27 21:52:34 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHdaSvc.exe
PRC - [2012/03/23 15:01:00 | 002,014,208 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
PRC - [2012/03/19 06:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 06:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/03/04 14:51:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/02/21 19:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/02/17 01:33:34 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/16 12:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2012/02/09 11:21:20 | 000,014,152 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2012/02/09 11:14:02 | 000,069,448 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2012/02/09 11:09:02 | 000,016,200 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2012/02/01 17:44:12 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/01 17:44:12 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/01 17:43:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/27 16:30:20 | 000,320,832 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 21:51:44 | 004,005,184 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2012/01/26 21:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/12/21 21:20:26 | 000,880,640 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/11/03 18:01:44 | 001,546,096 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2011/10/19 19:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/13 10:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
PRC - [2010/06/24 00:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/21 15:37:52 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/05 22:33:30 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/08/29 21:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 21:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 21:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 21:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/29 21:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/29 21:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 21:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 21:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/14 03:41:53 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/14 03:37:48 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012/06/14 03:21:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 03:21:11 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:21:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:21:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 03:20:59 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/14 03:03:16 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/14 03:03:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/14 03:03:07 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:03:03 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/14 03:03:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/20 20:59:02 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/20 20:59:00 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/05/20 20:58:27 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/20 20:58:08 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/20 20:58:08 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/20 20:58:07 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/20 20:58:06 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\676a0584b48c64d242d4ad3aa07d9214\System.ServiceModel.ni.dll
MOD - [2012/05/20 20:57:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012/05/20 19:23:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/20 19:23:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/20 19:23:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/20 19:23:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/20 19:23:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/20 19:23:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/20 19:23:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/18 16:31:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/18 16:30:34 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll
MOD - [2012/05/18 16:30:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 16:30:01 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/18 15:53:22 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/18 15:53:18 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/18 15:53:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/18 15:53:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/18 15:53:12 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/18 15:53:08 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/05/18 15:53:08 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
MOD - [2012/04/30 02:55:46 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/04/30 02:55:46 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/04/30 02:55:46 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/04/30 02:55:46 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2012/03/04 17:52:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012/01/26 21:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/11/03 18:01:44 | 001,546,096 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/12/18 11:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/16 10:23:17 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2012/06/22 07:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/09 11:09:02 | 000,014,664 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012/09/15 22:02:12 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/15 12:09:19 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/09/15 12:09:11 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/07 17:38:12 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/05 22:33:30 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/07/19 18:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe -- (NAV)
SRV - [2012/05/12 01:15:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/05/12 01:15:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/03/27 21:52:34 | 000,122,880 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
SRV - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/06 10:19:00 | 003,953,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/03/04 17:52:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/04 14:51:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/02/17 19:07:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/16 12:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2012/02/01 17:44:12 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/01 17:44:12 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/01 17:43:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/10/19 19:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011/05/09 13:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2011/03/21 12:41:18 | 000,178,224 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)
SRV - [2011/02/17 07:02:26 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe -- (RoxMediaDBGame1X)
SRV - [2010/06/24 00:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/06/14 11:00:48 | 000,270,848 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/05 22:33:30 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/09/01 18:18:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/22 07:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/06/22 07:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/06/22 07:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccSetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/05/12 02:55:50 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/12 02:55:50 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:13:22 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/27 21:58:10 | 001,052,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtHda.sys -- (cthda)
DRV:64bit: - [2012/03/15 23:12:20 | 000,426,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/04 18:31:18 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012/03/04 17:52:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/03/04 17:52:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/14 13:47:36 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/14 12:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/02/01 17:43:56 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/31 14:38:02 | 000,340,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/01/03 16:04:52 | 000,067,184 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2011/12/28 23:14:04 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/12/20 17:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 17:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/30 11:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/11/30 11:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/09/19 05:54:44 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/14 18:47:10 | 000,347,648 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWRmNet_001.sys -- (NWRmNet_001)
DRV:64bit: - [2011/06/14 18:47:10 | 000,261,120 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2011/06/14 18:47:10 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2_001.sys -- (NWUSBPort2_001)
DRV:64bit: - [2011/06/14 18:47:10 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser_001.sys -- (NWUSBPort_001)
DRV:64bit: - [2011/06/14 18:47:10 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm_001.sys -- (NWUSBModem_001)
DRV:64bit: - [2011/01/26 19:38:28 | 000,683,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2011/01/26 19:37:44 | 001,063,552 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/12/23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/10/02 12:53:48 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/26 15:43:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/09/15 22:30:09 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\VirusDefs\20120915.008\ex64.sys -- (NAVEX15)
DRV - [2012/09/15 22:30:09 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\VirusDefs\20120915.008\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\IPSDefs\20120914.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/09/03 22:45:31 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/31 17:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg....sa&d=2012-06-25 22:39:24&v=12.2.5.32&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-06-25 22:39:24&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sather\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sather\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sather\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/09/21 15:37:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/28 22:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\IPSFFPlgn\ [2012/09/20 00:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/09/06 15:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sather\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/05/28 17:35:02 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Sather\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://search.babylo...000685d4320e2d5
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylo...000685d4320e2d5
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sather\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sather\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Click 2 Save = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfbkhdpdndhaejllgoppclbkcngghcg\1.1_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Fast save = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdocjndfmmccgohapcbkddcnnncmme\1.1_0\
CHR - Extension: Google Search = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Speed Dial = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\
CHR - Extension: bloomind ct deepdark = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\djolekdiiojehgfggcjckachfgkkdmjd\1_0\
CHR - Extension: AdBlock = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: 1Click Downloader = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Mail Checker = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.6_0\
CHR - Extension: Facebook Notifications = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/20 16:51:51 | 000,001,289 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [Sound Blaster Recon3Di Control Panel] c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sather\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O4 - Startup: C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win32.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CC082A9-994A-4B82-8CF2-04529DA83EAC}: NameServer = 174.114.184.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD535A9E-FAE2-48C1-AB4A-0F1E6B077C91}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94E7494-6CFA-4D01-9607-797C55A0C4BB}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/01 14:44:05 | 000,000,027 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{383cb6c8-9c08-11e1-8ada-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{383cb6c8-9c08-11e1-8ada-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010/06/30 05:08:46 | 000,808,256 | R--- | M] (Acresso Software Inc. )
O33 - MountPoints2\{5e94a5fc-a09b-11e1-85b4-685d4320e2d8}\Shell - "" = AutoRun
O33 - MountPoints2\{5e94a5fc-a09b-11e1-85b4-685d4320e2d8}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{a90fe1e5-b279-11e1-8ab4-685d4320e2d8}\Shell - "" = AutoRun
O33 - MountPoints2\{a90fe1e5-b279-11e1-8ab4-685d4320e2d8}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 16:29:38 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\virus hel
[2012/09/21 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\AVG Secure Search
[2012/09/20 20:47:16 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Guitar Pro 6
[2012/09/20 20:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2012/09/20 20:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
[2012/09/20 20:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 6
[2012/09/20 19:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2012/09/20 19:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CrashPlan
[2012/09/20 19:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\CrashPlan
[2012/09/20 19:09:17 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\CrashPlan
[2012/09/20 17:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/20 17:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/09/20 17:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/09/20 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/20 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/09/20 17:15:11 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\iPad Help
[2012/09/20 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\redsn0w
[2012/09/20 16:55:24 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\redsn0w_win_0.9.14b1
[2012/09/20 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Sather\.shsh
[2012/09/19 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/19 20:27:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/19 17:16:38 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\Echobit
[2012/09/19 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Wippien
[2012/09/19 17:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Wippien
[2012/09/19 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Language
[2012/09/19 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2012/09/19 16:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2012/09/19 16:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012/09/19 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/09/19 16:45:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/09/19 16:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012/09/19 16:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/09/18 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unmechanical
[2012/09/18 20:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012/09/17 18:16:44 | 000,041,984 | ---- | C] (Gibbed) -- C:\Users\Sather\Desktop\Gibbed.Borderlands.SaveEdit.exe
[2012/09/17 18:16:44 | 000,020,992 | ---- | C] (Gibbed) -- C:\Users\Sather\Desktop\Gibbed.Borderlands.FileFormats.dll
[2012/09/15 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/15 21:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/15 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\Ubisoft Game Launcher
[2012/09/15 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Sather\Documents\Ubisoft
[2012/09/15 12:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/09/12 15:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/09/12 14:53:55 | 000,177,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/09/12 14:45:18 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\GarenaPlus
[2012/09/12 14:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012/09/12 14:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/09/12 14:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/09/11 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\IPMsg
[2012/09/11 18:40:31 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\MansionV110
[2012/09/11 18:26:45 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{63D0673E-6AA3-4B0A-8333-FFF22E7D0349}
[2012/09/11 18:21:29 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\Sanitorium
[2012/09/09 22:38:26 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\RotMG.Production
[2012/09/09 22:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sather\jagexcache1
[2012/09/09 22:24:37 | 000,000,000 | ---D | C] -- C:\Users\Sather\jagexcache
[2012/09/08 14:02:37 | 000,000,000 | ---D | C] -- C:\Users\Sather\Documents\EA Games
[2012/09/08 13:42:54 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\Shaders
[2012/09/06 16:05:06 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\RK_Quarantine
[2012/09/06 15:53:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/05 22:33:30 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/01 18:42:34 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\CrashDumps
[2012/09/01 18:33:29 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\NPE
[2012/09/01 18:18:50 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/09/01 18:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/09/01 18:18:48 | 001,129,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA64.sys
[2012/09/01 18:18:48 | 000,737,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys
[2012/09/01 18:18:48 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS64.sys
[2012/09/01 18:18:48 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys
[2012/09/01 18:18:48 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Ironx64.sys
[2012/09/01 18:18:48 | 000,167,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccSetx64.sys
[2012/09/01 18:18:48 | 000,037,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys
[2012/09/01 18:18:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/09/01 18:18:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E
[2012/09/01 18:18:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/09/01 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/08/30 22:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/30 15:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/08/29 14:38:34 | 000,000,000 | ---D | C] -- C:\Minecraft_Backup
[2012/08/29 01:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/08/29 01:06:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012/08/29 01:06:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012/08/29 01:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012/08/29 01:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/08/29 01:06:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2012/08/29 01:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/08/29 01:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/28 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\DivX
[2012/08/28 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/08/28 22:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/08/28 22:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/08/28 22:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/08/28 22:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/08/28 22:03:08 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{708ADA2D-C87C-42B1-8B85-F19010C73E5D}
[2012/08/28 21:35:55 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\UniversalThemePatcher_20090409
[2012/08/28 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\callofdutyblackopsw7theme
[2012/08/27 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MidiEditor
[2012/08/27 20:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MidiEditor
[2012/08/26 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\McAfee
[2012/08/26 15:34:58 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\Fabtasy
[2012/08/25 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{52DAD54D-5785-4A1B-86A5-0435CA2C3466}
[2012/08/25 19:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WEngineLite
[2012/08/25 19:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon Wireless
[2012/08/25 19:06:02 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\hpqLog
[2012/08/25 15:25:13 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Smith Micro
[2012/08/25 01:06:25 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{1E13D1BB-B324-4C06-AAAE-E3F25C50F975}
[2012/08/24 22:31:16 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{4963992C-EB83-4AD1-A3F9-333A1DCF5F69}
[2012/08/23 22:22:06 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{F7E3E906-8466-4476-A471-29DA243F5B80}
[2012/08/23 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\skyz
[2012/08/23 14:51:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlienAutopsy
[2012/08/23 14:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/08/23 10:27:17 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\Chromium
[2012/08/23 10:27:10 | 000,000,000 | ---D | C] -- C:\Users\Sather\Documents\Rockstar Games
[2012/08/23 09:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/21 16:09:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012/09/21 16:05:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002UA.job
[2012/09/21 15:57:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/21 15:44:42 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/21 15:44:42 | 000,661,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/21 15:44:42 | 000,121,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/21 15:44:22 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 15:44:22 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 15:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 15:37:04 | 4218,138,622 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/21 05:17:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002UA.job
[2012/09/21 00:41:20 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012/09/20 21:59:28 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat
[2012/09/20 20:47:14 | 000,000,998 | ---- | M] () -- C:\Users\Sather\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2012/09/20 20:47:14 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2012/09/20 19:09:34 | 000,001,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/09/20 18:05:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002Core.job
[2012/09/20 17:45:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/20 16:51:51 | 000,001,289 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012/09/20 16:51:51 | 000,001,289 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 16:47:18 | 000,001,261 | ---- | M] () -- C:\Users\Sather\Desktop\hosts
[2012/09/20 15:37:07 | 001,550,906 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
[2012/09/19 21:23:46 | 000,000,254 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/09/18 22:27:41 | 000,049,051 | ---- | M] () -- C:\Users\Sather\Desktop\5387752_700b_v1.jpg
[2012/09/18 22:24:18 | 000,073,814 | ---- | M] () -- C:\Users\Sather\Desktop\5392416_700b.jpg
[2012/09/18 20:24:37 | 000,002,352 | ---- | M] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/18 17:42:00 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sather.job
[2012/09/16 17:58:45 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002Core.job
[2012/09/15 21:05:18 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/15 12:09:19 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/15 12:09:11 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/14 21:27:24 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/14 21:27:24 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/09/14 17:05:32 | 000,062,938 | ---- | M] () -- C:\Users\Sather\Desktop\396085_437131792975076_816677859_n.jpg
[2012/09/14 17:04:41 | 000,032,557 | ---- | M] () -- C:\Users\Sather\Desktop\531638_447204401967815_1626097854_n.jpg
[2012/09/14 16:59:12 | 000,064,163 | ---- | M] () -- C:\Users\Sather\Desktop\524026_453602117994710_27970834_n.jpg
[2012/09/12 17:09:48 | 000,194,998 | ---- | M] () -- C:\Users\Sather\Desktop\slender.png
[2012/09/12 17:09:48 | 000,000,132 | ---- | M] () -- C:\Users\Sather\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/09/12 16:52:15 | 000,024,384 | ---- | M] () -- C:\Users\Sather\Desktop\slender.veg
[2012/09/12 16:50:03 | 427,560,799 | ---- | M] () -- C:\Users\Sather\Desktop\Mansion.wmv
[2012/09/12 14:45:17 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/09/11 23:37:46 | 000,001,497 | ---- | M] () -- C:\Users\Sather\Desktop\Borderlands.lnk
[2012/09/11 19:57:36 | 000,000,963 | ---- | M] () -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win32.lnk
[2012/09/11 19:57:36 | 000,000,927 | ---- | M] () -- C:\Users\Sather\Desktop\IPMSG for Win32.lnk
[2012/09/11 18:53:30 | 107,732,486 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 6.wav
[2012/09/11 18:53:30 | 000,420,888 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 6.sfk
[2012/09/11 18:43:44 | 001,426,411 | ---- | M] () -- C:\Users\Sather\AppData\Local\Tempmusic.ogg
[2012/09/11 18:42:50 | 001,123,102 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 5.wav
[2012/09/11 18:42:50 | 000,004,440 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 5.sfk
[2012/09/11 18:41:56 | 000,513,350 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 4.wav
[2012/09/11 18:41:56 | 000,002,064 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 4.sfk
[2012/09/11 18:41:36 | 000,413,262 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 3.wav
[2012/09/11 18:41:36 | 000,001,672 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 3.sfk
[2012/09/10 23:49:46 | 000,000,223 | ---- | M] () -- C:\Users\Sather\Desktop\Gotham City Impostors Free To Play.url
[2012/09/10 23:48:05 | 004,677,481 | ---- | M] () -- C:\Users\Sather\Desktop\apb unfished 2.wmv
[2012/09/09 22:38:17 | 000,000,001 | ---- | M] () -- C:\Users\Sather\random.dat
[2012/09/09 22:30:23 | 000,000,047 | ---- | M] () -- C:\Users\Sather\jagex_cl_loginapplet_LIVE.dat
[2012/09/09 22:29:44 | 000,000,046 | ---- | M] () -- C:\Users\Sather\jagex_cl_runescape_LIVE1.dat
[2012/09/09 22:29:44 | 000,000,045 | ---- | M] () -- C:\Users\Sather\jagex_cl_runescape_LIVE.dat
[2012/09/09 01:46:51 | 000,030,091 | ---- | M] () -- C:\Users\Sather\Desktop\4290384_460s.jpg
[2012/09/08 19:41:50 | 000,131,710 | ---- | M] () -- C:\Users\Sather\Desktop\sword.psd
[2012/09/08 13:59:57 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Mirror's Edge™.lnk
[2012/09/08 00:02:21 | 000,000,222 | ---- | M] () -- C:\Users\Sather\Desktop\Puzzle Pirates.url
[2012/09/06 16:04:57 | 001,378,816 | ---- | M] () -- C:\Users\Sather\Desktop\RogueKiller.exe
[2012/09/05 17:54:23 | 017,893,619 | ---- | M] () -- C:\Users\Sather\Desktop\unfinished apb.wmv
[2012/09/03 22:45:31 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\VT20120731.038
[2012/09/01 18:18:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/09/01 18:18:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/09/01 18:18:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/09/01 18:18:49 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/08/30 23:32:23 | 000,000,820 | ---- | M] () -- C:\Users\Sather\Desktop\LEGO® Batman™ 2 DC Super Heroes.lnk
[2012/08/29 01:06:43 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/08/28 22:08:57 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/28 22:08:57 | 000,001,619 | ---- | M] () -- C:\Users\Sather\Desktop\DivX Movies.lnk
[2012/08/28 22:08:41 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/28 13:01:54 | 886,275,156 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/27 20:53:28 | 000,001,923 | ---- | M] () -- C:\Users\Sather\Desktop\MidiEditor.lnk
[2012/08/27 20:49:02 | 000,041,502 | ---- | M] () -- C:\Users\Sather\Desktop\coldplay-paradise.mid
[2012/08/27 03:43:34 | 000,071,961 | ---- | M] () -- C:\Users\Sather\Desktop\nevergon_rickashley.mid
[2012/08/26 19:52:47 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/08/26 09:25:14 | 000,302,553 | ---- | M] () -- C:\Users\Sather\Desktop\OptiFine_1.3.2_HD_U_B2.zip
[2012/08/25 20:55:49 | 000,892,991 | ---- | M] () -- C:\Users\Sather\Desktop\614851_514975008528823_906330673_o.jpg
[2012/08/25 20:20:58 | 017,548,635 | ---- | M] () -- C:\Users\Sather\Desktop\transition.psd
[2012/08/25 19:48:21 | 022,949,940 | ---- | M] () -- C:\Users\Sather\Desktop\car.psd
[2012/08/25 19:14:01 | 000,268,459 | ---- | M] () -- C:\Users\Sather\Desktop\car.jpg
[2012/08/25 19:06:57 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2012/08/23 21:25:22 | 000,178,311 | ---- | M] () -- C:\Users\Sather\Desktop\ModLoader (2).zip
[2012/08/23 20:40:51 | 000,000,223 | ---- | M] () -- C:\Users\Sather\Desktop\APB Reloaded.url
[2012/08/23 03:25:30 | 000,002,337 | ---- | M] () -- C:\Users\Sather\Desktop\Xpadder.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 21:59:28 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat
[2012/09/20 20:47:14 | 000,000,998 | ---- | C] () -- C:\Users\Sather\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2012/09/20 20:47:14 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2012/09/20 19:09:34 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/09/20 17:45:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/20 17:42:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/20 16:40:45 | 000,001,261 | ---- | C] () -- C:\Users\Sather\Desktop\hosts
[2012/09/18 22:27:43 | 000,049,051 | ---- | C] () -- C:\Users\Sather\Desktop\5387752_700b_v1.jpg
[2012/09/18 22:24:24 | 000,073,814 | ---- | C] () -- C:\Users\Sather\Desktop\5392416_700b.jpg
[2012/09/18 20:24:37 | 000,002,352 | ---- | C] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/17 18:16:44 | 000,022,016 | ---- | C] () -- C:\Users\Sather\Desktop\Gibbed.Helpers.dll
[2012/09/15 21:05:18 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/14 17:05:34 | 000,062,938 | ---- | C] () -- C:\Users\Sather\Desktop\396085_437131792975076_816677859_n.jpg
[2012/09/14 17:04:42 | 000,032,557 | ---- | C] () -- C:\Users\Sather\Desktop\531638_447204401967815_1626097854_n.jpg
[2012/09/14 16:59:15 | 000,064,163 | ---- | C] () -- C:\Users\Sather\Desktop\524026_453602117994710_27970834_n.jpg
[2012/09/12 17:09:47 | 000,194,998 | ---- | C] () -- C:\Users\Sather\Desktop\slender.png
[2012/09/12 16:52:15 | 000,024,384 | ---- | C] () -- C:\Users\Sather\Desktop\slender.veg
[2012/09/12 16:24:06 | 427,560,799 | ---- | C] () -- C:\Users\Sather\Desktop\Mansion.wmv
[2012/09/12 14:45:17 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/09/11 23:37:46 | 000,001,497 | ---- | C] () -- C:\Users\Sather\Desktop\Borderlands.lnk
[2012/09/11 19:57:36 | 000,000,963 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win32.lnk
[2012/09/11 19:57:36 | 000,000,957 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IPMSG for Win32.lnk
[2012/09/11 19:57:36 | 000,000,927 | ---- | C] () -- C:\Users\Sather\Desktop\IPMSG for Win32.lnk
[2012/09/11 18:53:30 | 000,420,888 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 6.sfk
[2012/09/11 18:42:50 | 107,732,486 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 6.wav
[2012/09/11 18:42:50 | 000,004,440 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 5.sfk
[2012/09/11 18:41:56 | 001,123,102 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 5.wav
[2012/09/11 18:41:56 | 000,002,064 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 4.sfk
[2012/09/11 18:41:36 | 000,513,350 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 4.wav
[2012/09/11 18:41:36 | 000,001,672 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 3.sfk
[2012/09/11 18:41:26 | 000,413,262 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 3.wav
[2012/09/11 18:22:21 | 001,426,411 | ---- | C] () -- C:\Users\Sather\AppData\Local\Tempmusic.ogg
[2012/09/10 23:49:46 | 000,000,223 | ---- | C] () -- C:\Users\Sather\Desktop\Gotham City Impostors Free To Play.url
[2012/09/10 23:47:55 | 004,677,481 | ---- | C] () -- C:\Users\Sather\Desktop\apb unfished 2.wmv
[2012/09/09 22:29:44 | 000,000,046 | ---- | C] () -- C:\Users\Sather\jagex_cl_runescape_LIVE1.dat
[2012/09/09 22:26:15 | 000,000,047 | ---- | C] () -- C:\Users\Sather\jagex_cl_loginapplet_LIVE.dat
[2012/09/09 22:24:37 | 000,000,045 | ---- | C] () -- C:\Users\Sather\jagex_cl_runescape_LIVE.dat
[2012/09/09 22:24:37 | 000,000,001 | ---- | C] () -- C:\Users\Sather\random.dat
[2012/09/09 01:46:40 | 000,030,091 | ---- | C] () -- C:\Users\Sather\Desktop\4290384_460s.jpg
[2012/09/08 19:41:50 | 000,131,710 | ---- | C] () -- C:\Users\Sather\Desktop\sword.psd
[2012/09/08 13:59:56 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Mirror's Edge™.lnk
[2012/09/08 13:52:04 | 2239,692,799 | ---- | C] () -- C:\Users\Sather\Desktop\rld-mirk.iso
[2012/09/08 13:41:51 | 000,302,553 | ---- | C] () -- C:\Users\Sather\Desktop\OptiFine_1.3.2_HD_U_B2.zip
[2012/09/08 00:10:43 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/09/08 00:02:21 | 000,000,222 | ---- | C] () -- C:\Users\Sather\Desktop\Puzzle Pirates.url
[2012/09/07 18:40:50 | 008,073,421 | ---- | C] () -- C:\Users\Sather\Desktop\Escapecraft3 v5 map.zip
[2012/09/06 16:04:55 | 001,378,816 | ---- | C] () -- C:\Users\Sather\Desktop\RogueKiller.exe
[2012/09/05 17:53:34 | 017,893,619 | ---- | C] () -- C:\Users\Sather\Desktop\unfinished apb.wmv
[2012/09/03 22:45:37 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\VT20120731.038
[2012/09/01 18:18:50 | 001,550,906 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
[2012/09/01 18:18:50 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/09/01 18:18:50 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/09/01 18:18:49 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/09/01 18:18:45 | 000,003,435 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA.inf
[2012/09/01 18:18:45 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS.inf
[2012/09/01 18:18:45 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymNet.inf
[2012/09/01 18:18:45 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.inf
[2012/09/01 18:18:45 | 000,001,419 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.inf
[2012/09/01 18:18:45 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccSetx64.inf
[2012/09/01 18:18:45 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Iron.inf
[2012/09/01 18:18:36 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymVTcer.dat
[2012/09/01 18:18:36 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS64.cat
[2012/09/01 18:18:36 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnet64.cat
[2012/09/01 18:18:36 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\iron.cat
[2012/09/01 18:18:36 | 000,007,446 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.cat
[2012/09/01 18:18:36 | 000,007,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA64.cat
[2012/09/01 18:18:36 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.cat
[2012/09/01 18:18:36 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.cat
[2012/09/01 18:18:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\isolate.ini
[2012/08/30 23:32:23 | 000,000,820 | ---- | C] () -- C:\Users\Sather\Desktop\LEGO® Batman™ 2 DC Super Heroes.lnk
[2012/08/29 01:06:47 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Sather.job
[2012/08/29 01:06:43 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/08/29 01:06:40 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012/08/28 22:08:57 | 000,001,619 | ---- | C] () -- C:\Users\Sather\Desktop\DivX Movies.lnk
[2012/08/28 22:08:41 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/28 22:08:13 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/28 21:32:56 | 000,000,088 | ---- | C] () -- C:\Users\Sather\Desktop\Download More Windows 7 Themes.html
[2012/08/28 21:32:55 | 019,384,858 | ---- | C] () -- C:\Users\Sather\Desktop\callofdutyblackops.themepack
[2012/08/27 20:53:28 | 000,001,923 | ---- | C] () -- C:\Users\Sather\Desktop\MidiEditor.lnk
[2012/08/27 20:49:06 | 000,041,502 | ---- | C] () -- C:\Users\Sather\Desktop\coldplay-paradise.mid
[2012/08/27 03:43:37 | 000,071,961 | ---- | C] () -- C:\Users\Sather\Desktop\nevergon_rickashley.mid
[2012/08/26 19:52:47 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/08/26 19:52:22 | 000,002,168 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2012/08/25 20:55:20 | 000,892,991 | ---- | C] () -- C:\Users\Sather\Desktop\614851_514975008528823_906330673_o.jpg
[2012/08/25 20:20:56 | 017,548,635 | ---- | C] () -- C:\Users\Sather\Desktop\transition.psd
[2012/08/25 19:48:18 | 022,949,940 | ---- | C] () -- C:\Users\Sather\Desktop\car.psd
[2012/08/25 19:14:08 | 000,268,459 | ---- | C] () -- C:\Users\Sather\Desktop\car.jpg
[2012/08/25 19:06:57 | 000,001,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZAccess Manager.lnk
[2012/08/25 19:06:57 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2012/08/23 21:25:22 | 000,178,311 | ---- | C] () -- C:\Users\Sather\Desktop\ModLoader (2).zip
[2012/08/23 20:40:51 | 000,000,223 | ---- | C] () -- C:\Users\Sather\Desktop\APB Reloaded.url
[2012/08/04 15:23:04 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/08/04 15:23:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/08/04 15:23:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/07/27 10:53:13 | 000,000,513 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\com.plutinosoft.idemo.plist
[2012/07/06 12:53:12 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/02 17:59:55 | 000,000,000 | ---- | C] () -- C:\Users\Sather\wusa.exe
[2012/06/26 14:31:28 | 000,001,456 | ---- | C] () -- C:\Users\Sather\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/06/26 14:19:11 | 000,000,132 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012/06/25 21:43:40 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/06/25 02:11:43 | 000,000,057 | ---- | C] () -- C:\Windows\hegames.ini
[2012/06/22 03:30:42 | 000,000,132 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/06/21 03:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/20 20:10:47 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2012/06/08 20:32:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/08 17:19:35 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/08 17:19:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/08 17:19:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc (1).exe
[2012/05/16 19:26:53 | 000,015,872 | ---- | C] () -- C:\Users\Sather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 02:51:17 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/05/12 02:51:17 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/05/12 02:51:16 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/12 02:51:15 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/03/04 14:51:56 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/09 11:19:02 | 000,021,320 | ---- | C] () -- C:\Windows\SysWow64\LightFX.dll
[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/07 09:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 09:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 09:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 09:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 09:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 09:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 01:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 01:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/27 08:07:14 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2011/02/10 11:10:51 | 000,775,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/09/21 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\.minecraft
[2012/09/08 13:46:59 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\.Nitrous
[2012/06/20 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\1.2.5 mo creeps
[2012/06/10 22:41:05 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\2K Sports
[2012/06/09 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Acoustica
[2012/08/16 01:51:18 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Atari
[2012/09/20 19:57:16 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Audacity
[2012/07/05 20:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Babylon
[2012/09/20 19:09:36 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\CrashPlan
[2012/08/14 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Cyberduck
[2012/08/14 00:58:30 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\cYo
[2012/08/21 22:58:08 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\DarknessII
[2012/07/30 12:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Digidesign
[2012/07/18 18:59:41 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Evaer
[2012/06/07 15:40:25 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\fltk.org
[2012/07/10 14:41:16 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\GameRanger
[2012/09/12 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\GarenaPlus
[2012/07/02 18:01:59 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\GOL_byHasbro
[2012/09/20 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Guitar Pro 6
[2012/09/19 17:05:45 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Language
[2012/06/25 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Leadertech
[2012/05/16 22:39:13 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\LolClient
[2012/09/15 19:49:51 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\MAXON
[2012/05/22 19:37:21 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\MotioninJoy
[2012/07/31 20:41:41 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\ooVoo Details
[2012/05/16 16:32:30 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Origin
[2012/06/25 22:22:18 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PACE Anti-Piracy
[2012/05/17 15:45:22 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PCDr
[2012/05/28 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PDAppFlex
[2012/08/04 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PowerUp Software
[2012/05/24 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Publish Providers
[2012/09/20 16:57:45 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\redsn0w
[2012/09/09 22:38:26 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\RotMG.Production
[2012/08/23 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\skyz
[2012/08/25 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Smith Micro
[2012/05/24 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Sony
[2012/05/24 17:34:34 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Sony Creative Software Inc
[2012/08/20 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Sony Online Entertainment
[2012/07/31 18:40:32 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\SplitMediaLabs
[2012/06/09 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\SynthMaker
[2012/08/14 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\TeamViewer
[2012/09/14 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\TS3Client
[2012/09/20 00:44:54 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Tunngle
[2012/09/20 21:56:16 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\uTorrent
[2012/09/19 17:06:06 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Wippien
[2012/07/26 15:45:35 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/08/14 01:28:49 | 000,000,000 | --SD | M] -- C:\Users\Sather\AppData\Roaming\wyUpdate AU
[2012/09/16 17:58:45 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002Core.job
[2012/09/21 05:17:03 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002UA.job
[2012/07/08 16:51:00 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/08/22 20:42:13 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 22:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
No service found with a name of BITS
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/05/12 02:55:49 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/05/12 02:55:49 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 22:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/05/12 02:55:52 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2012/05/12 02:55:49 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2012/05/12 02:55:49 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012/08/28 21:36:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
No service found with a name of wuauserv
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2012/05/12 02:55:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/05/12 02:55:52 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/05/12 02:55:52 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/05/12 02:55:52 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/05/12 02:55:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/05/12 02:55:52 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:35:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=E1C4BA29B3A2502D20B64C230CF7295C -- C:\Users\Sather\Desktop\callofdutyblackopsw7theme\Start Orb\explorer.exe
[2009/10/31 08:35:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=E1C4BA29B3A2502D20B64C230CF7295C -- C:\Windows\Resources\Themes\callofdutyblackopsw7theme\Start Orb\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2010/11/15 21:02:36 | 000,000,264 | ---- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2010/11/15 21:02:26 | 000,000,225 | ---- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2010/11/15 21:02:34 | 000,000,245 | ---- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/15 21:02:26 | 000,000,225 | ---- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2010/11/15 21:02:26 | 000,000,228 | ---- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2010/11/15 21:02:24 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2010/11/15 21:02:34 | 000,000,233 | ---- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2010/11/15 21:02:34 | 000,000,231 | ---- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2010/11/15 21:02:34 | 000,000,230 | ---- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2010/11/15 21:02:26 | 000,000,226 | ---- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
[2010/11/15 21:02:36 | 000,000,232 | ---- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2010/11/15 21:02:34 | 000,000,233 | ---- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2010/11/15 21:02:36 | 000,000,231 | ---- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2010/11/15 21:02:26 | 000,000,231 | ---- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2010/11/15 21:02:30 | 000,000,225 | ---- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2010/11/15 21:02:30 | 000,000,228 | ---- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2010/11/15 21:02:24 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2010/11/15 21:02:32 | 000,000,228 | ---- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2010/11/15 21:02:34 | 000,000,232 | ---- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2010/11/15 21:02:38 | 000,000,231 | ---- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2010/11/15 21:02:26 | 000,000,231 | ---- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2010/11/15 21:02:32 | 000,000,228 | ---- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2010/11/15 21:02:32 | 000,000,229 | ---- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2010/11/15 21:02:30 | 000,000,234 | ---- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2010/11/15 21:02:26 | 000,000,227 | ---- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2010/11/15 21:02:34 | 000,000,229 | ---- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2010/11/15 21:02:22 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2012/08/17 16:32:54 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\AlienAutopsy\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1321 bytes -> C:\ProgramData\Microsoft:WpJUVR2x6o0pE7yDjm4l
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 1265 bytes -> C:\Program Files (x86)\Common Files\System:8wCKIXkqIGbCex4DyZODWiKFuFC4
@Alternate Data Stream - 1196 bytes -> C:\ProgramData\Microsoft:u4leMMvvLEMoGFnpDcXSA

< End of report >



and lastly here is the FSS:

Farbar Service Scanner Version: 19-09-2012
Ran by Sather (administrator) on 24-09-2012 at 17:56:47
Running from "C:\Users\Sather\Desktop\virus hel"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#17
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi there,
A few things to do still.

Step 1
It looks to me like you have Norton as your anti virus, but you have remnants of some other AV's running. This is never good, so I would like to have you use a few tools to fix that.
Please download the McAfee removal tool from here and run it by right clicking and selecting run as Administrator.
You will probably be asked to reboot your computer.
Next, please download the AVG removal tool from here, and right click to run as Administrator. You will again most likely be asked to reboot.

Step 2
Please click on the Start Orb, and in the search box type services.msc
  • Scroll down the list to find the Windows Firewall service.
  • Double click the service
  • Change the Startup Type to Automatic if it is not already set to it
  • Click on the Start button
  • Click on OK
  • Close the Services window
  • Reboot the computer

Step 3
Please download the following file to your desktop
SharedAccess
Once downloaded, please right click on each one and select Merge
Restart your computer after merging the file.

Step 4
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 5
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two OTL.Txt. It will also be saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file,and post it in your next reply.

In your next reply I would like to see:
  • FSS.txt
  • Try windows firewall again
  • OTL quick scan log
  • How is the computer doing now?

  • 0

#18
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
FSS:

Farbar Service Scanner Version: 19-09-2012
Ran by Sather (administrator) on 30-09-2012 at 17:56:58
Running from "C:\Users\Sather\Desktop\virus hel"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

The windows firewall service wont start up. It gives me "error code 5"



Heres the OTL:


OTL logfile created on: 9/30/2012 5:57:36 PM - Run 5
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Sather\Desktop\virus hel
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 13.24 Gb Available Physical Memory | 83.25% Memory free
31.81 Gb Paging File | 28.67 Gb Available in Paging File | 90.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.22 Gb Total Space | 13.01 Gb Free Space | 2.85% Space Free | Partition Type: NTFS
Drive D: | 7.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SATHER-PC | User Name: Sather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/15 12:09:19 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/09/15 12:09:11 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/05 22:06:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Sather\Desktop\virus hel\OTL.exe
PRC - [2012/08/16 10:21:34 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/03/27 21:52:34 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHdaSvc.exe
PRC - [2012/03/23 15:01:00 | 002,014,208 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
PRC - [2012/03/19 06:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 06:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/03/04 14:51:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/02/21 19:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/02/17 01:33:34 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/16 12:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2012/02/09 11:21:20 | 000,014,152 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2012/02/09 11:14:02 | 000,069,448 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2012/02/09 11:09:02 | 000,016,200 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2012/02/01 17:44:12 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/01 17:44:12 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/01 17:43:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/27 16:30:20 | 000,320,832 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 21:51:44 | 004,005,184 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2012/01/26 21:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/12/21 21:20:26 | 000,880,640 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/11/03 18:01:44 | 001,546,096 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2011/10/19 19:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/13 10:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
PRC - [2010/06/24 00:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 04:42:58 | 000,460,312 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 04:42:57 | 012,278,808 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 04:42:55 | 004,005,912 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 04:41:39 | 000,578,072 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 04:41:38 | 000,123,416 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 04:41:27 | 000,156,712 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 04:41:26 | 000,275,496 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 04:41:24 | 002,168,360 | ---- | M] () -- C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/14 03:41:53 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/14 03:37:48 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012/06/14 03:21:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 03:21:11 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:21:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:21:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 03:20:59 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/14 03:03:16 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/14 03:03:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/14 03:03:07 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:03:03 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/14 03:03:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/20 20:59:02 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/20 20:59:00 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/05/20 20:58:27 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/20 20:58:08 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/20 20:58:08 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/20 20:58:07 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/20 20:58:06 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\676a0584b48c64d242d4ad3aa07d9214\System.ServiceModel.ni.dll
MOD - [2012/05/20 20:57:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012/05/20 19:23:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/20 19:23:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/20 19:23:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/20 19:23:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/20 19:23:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/20 19:23:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/20 19:23:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/18 16:31:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/18 16:30:34 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll
MOD - [2012/05/18 16:30:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 16:30:01 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/18 15:53:22 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/18 15:53:18 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/18 15:53:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/18 15:53:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/18 15:53:12 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/18 15:53:08 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/05/18 15:53:08 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
MOD - [2012/04/30 02:55:46 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/04/30 02:55:46 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/04/30 02:55:46 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/04/30 02:55:46 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2012/03/04 17:52:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012/01/26 21:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/11/03 18:01:44 | 001,546,096 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/12/18 11:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/16 10:23:17 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/09 11:09:02 | 000,014,664 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/15 22:02:12 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/15 12:09:19 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/09/15 12:09:11 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/07 17:38:12 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/19 18:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe -- (NAV)
SRV - [2012/05/12 01:15:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/05/12 01:15:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/03/27 21:52:34 | 000,122,880 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
SRV - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/06 10:19:00 | 003,953,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/03/04 17:52:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/04 14:51:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/02/17 19:07:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/16 12:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2012/02/01 17:44:12 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/01 17:44:12 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/01 17:43:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/10/19 19:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011/05/09 13:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2011/03/21 12:41:18 | 000,178,224 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)
SRV - [2011/02/17 07:02:26 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe -- (RoxMediaDBGame1X)
SRV - [2010/06/24 00:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/06/14 11:00:48 | 000,270,848 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/01 18:18:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccSetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/05/12 02:55:50 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/12 02:55:50 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:13:22 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/27 21:58:10 | 001,052,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtHda.sys -- (cthda)
DRV:64bit: - [2012/03/15 23:12:20 | 000,426,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/04 18:31:18 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012/03/04 17:52:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/03/04 17:52:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/14 13:47:36 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/14 12:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/02/01 17:43:56 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/31 14:38:02 | 000,340,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/01/03 16:04:52 | 000,067,184 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2011/12/28 23:14:04 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/12/20 17:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 17:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/30 11:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/11/30 11:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/09/19 05:54:44 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/14 18:47:10 | 000,347,648 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWRmNet_001.sys -- (NWRmNet_001)
DRV:64bit: - [2011/06/14 18:47:10 | 000,261,120 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2011/06/14 18:47:10 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2_001.sys -- (NWUSBPort2_001)
DRV:64bit: - [2011/06/14 18:47:10 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser_001.sys -- (NWUSBPort_001)
DRV:64bit: - [2011/06/14 18:47:10 | 000,217,856 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm_001.sys -- (NWUSBModem_001)
DRV:64bit: - [2011/01/26 19:38:28 | 000,683,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2011/01/26 19:37:44 | 001,063,552 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/08/01 16:01:04 | 000,030,720 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\remobo64.sys -- (hipeer20)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/12/23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/10/02 12:53:48 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/26 15:43:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/09/15 22:30:09 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\VirusDefs\20120915.008\ex64.sys -- (NAVEX15)
DRV - [2012/09/15 22:30:09 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\VirusDefs\20120915.008\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\IPSDefs\20120914.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/09/03 22:45:31 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/31 17:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sather\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sather\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sather\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/28 22:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.8.0.14\IPSFFPlgn\ [2012/09/20 00:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Remobo\apps\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Remobo\apps\Firefox\plugins

[2012/09/06 15:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sather\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/05/28 17:35:02 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Sather\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sather\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sather\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Click 2 Save = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfbkhdpdndhaejllgoppclbkcngghcg\1.1_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Fast save = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdocjndfmmccgohapcbkddcnnncmme\1.1_0\
CHR - Extension: Google Search = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Speed Dial = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\
CHR - Extension: bloomind ct deepdark = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\djolekdiiojehgfggcjckachfgkkdmjd\1_0\
CHR - Extension: AdBlock = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Skype Click to Call = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Mail Checker = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.7_0\
CHR - Extension: Facebook Notifications = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/20 16:51:51 | 000,001,289 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [Sound Blaster Recon3Di Control Panel] c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sather\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win32.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CC082A9-994A-4B82-8CF2-04529DA83EAC}: NameServer = 174.114.184.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD535A9E-FAE2-48C1-AB4A-0F1E6B077C91}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94E7494-6CFA-4D01-9607-797C55A0C4BB}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/01 14:44:05 | 000,000,027 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{383cb6c8-9c08-11e1-8ada-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{383cb6c8-9c08-11e1-8ada-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010/06/30 05:08:46 | 000,808,256 | R--- | M] (Acresso Software Inc. )
O33 - MountPoints2\{5e94a5fc-a09b-11e1-85b4-685d4320e2d8}\Shell - "" = AutoRun
O33 - MountPoints2\{5e94a5fc-a09b-11e1-85b4-685d4320e2d8}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{a90fe1e5-b279-11e1-8ab4-685d4320e2d8}\Shell - "" = AutoRun
O33 - MountPoints2\{a90fe1e5-b279-11e1-8ab4-685d4320e2d8}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 17:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/09/30 17:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/09/25 19:46:37 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{7BD4E460-ACEF-48A6-B2C2-969ED76F786A}
[2012/09/25 19:05:25 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012/09/25 19:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012/09/25 19:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012/09/25 19:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam - The Second Encounter
[2012/09/25 19:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Croteam
[2012/09/24 23:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/09/24 17:30:31 | 000,000,000 | ---D | C] -- C:\tmp
[2012/09/24 17:29:34 | 000,000,000 | ---D | C] -- C:\Users\Sather\.remobo
[2012/09/24 17:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/24 17:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/24 17:12:43 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2012/09/24 17:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFConfig
[2012/09/22 17:17:32 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\BordL2+20Tr-LNG
[2012/09/21 16:29:38 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\virus hel
[2012/09/20 20:47:16 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Guitar Pro 6
[2012/09/20 20:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2012/09/20 20:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
[2012/09/20 20:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 6
[2012/09/20 19:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2012/09/20 19:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CrashPlan
[2012/09/20 19:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\CrashPlan
[2012/09/20 19:09:17 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\CrashPlan
[2012/09/20 17:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/20 17:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/09/20 17:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/09/20 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/20 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/09/20 17:15:11 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\iPad Help
[2012/09/20 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\redsn0w
[2012/09/20 16:55:24 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\redsn0w_win_0.9.14b1
[2012/09/20 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\Sather\.shsh
[2012/09/19 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/19 20:27:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/19 17:16:38 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\Echobit
[2012/09/19 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Wippien
[2012/09/19 17:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Wippien
[2012/09/19 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Language
[2012/09/19 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2012/09/19 16:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2012/09/19 16:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012/09/19 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/09/19 16:45:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/09/19 16:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012/09/19 16:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/09/18 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unmechanical
[2012/09/18 20:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012/09/17 18:16:44 | 000,041,984 | ---- | C] (Gibbed) -- C:\Users\Sather\Desktop\Gibbed.Borderlands.SaveEdit.exe
[2012/09/17 18:16:44 | 000,020,992 | ---- | C] (Gibbed) -- C:\Users\Sather\Desktop\Gibbed.Borderlands.FileFormats.dll
[2012/09/15 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/15 21:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/15 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\Ubisoft Game Launcher
[2012/09/15 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Sather\Documents\Ubisoft
[2012/09/15 12:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/09/12 14:45:18 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\GarenaPlus
[2012/09/12 14:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012/09/12 14:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/09/12 14:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/09/11 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\IPMsg
[2012/09/11 18:40:31 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\MansionV110
[2012/09/11 18:26:45 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\{63D0673E-6AA3-4B0A-8333-FFF22E7D0349}
[2012/09/11 18:21:29 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\Sanitorium
[2012/09/09 22:38:26 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Roaming\RotMG.Production
[2012/09/09 22:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sather\jagexcache1
[2012/09/09 22:24:37 | 000,000,000 | ---D | C] -- C:\Users\Sather\jagexcache
[2012/09/08 14:02:37 | 000,000,000 | ---D | C] -- C:\Users\Sather\Documents\EA Games
[2012/09/08 13:42:54 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\Shaders
[2012/09/06 16:05:06 | 000,000,000 | ---D | C] -- C:\Users\Sather\Desktop\RK_Quarantine
[2012/09/06 15:53:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/01 18:42:34 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\CrashDumps
[2012/09/01 18:33:29 | 000,000,000 | ---D | C] -- C:\Users\Sather\AppData\Local\NPE
[2012/09/01 18:18:50 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/09/01 18:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/09/01 18:18:48 | 001,129,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA64.sys
[2012/09/01 18:18:48 | 000,737,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys
[2012/09/01 18:18:48 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS64.sys
[2012/09/01 18:18:48 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys
[2012/09/01 18:18:48 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Ironx64.sys
[2012/09/01 18:18:48 | 000,167,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccSetx64.sys
[2012/09/01 18:18:48 | 000,037,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys
[2012/09/01 18:18:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/09/01 18:18:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E
[2012/09/01 18:18:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/09/01 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus

========== Files - Modified Within 30 Days ==========

[2012/09/30 17:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/30 17:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 17:54:41 | 001,563,140 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
[2012/09/30 17:54:38 | 4218,138,622 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/30 17:54:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 17:54:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 17:17:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002UA.job
[2012/09/30 17:05:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002UA.job
[2012/09/30 16:13:46 | 002,311,982 | ---- | M] () -- C:\Users\Sather\Desktop\shelly.psd
[2012/09/30 14:41:12 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/30 14:41:12 | 000,661,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/30 14:41:12 | 000,121,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/30 14:22:07 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012/09/27 18:05:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002Core.job
[2012/09/26 21:04:07 | 000,065,960 | ---- | M] () -- C:\Users\Sather\Desktop\tina.veg
[2012/09/26 20:59:08 | 366,248,355 | ---- | M] () -- C:\Users\Sather\Desktop\TINA FINAL.wmv
[2012/09/26 20:35:34 | 000,026,300 | ---- | M] () -- C:\Users\Sather\Desktop\gamechap.png
[2012/09/26 20:35:34 | 000,000,132 | ---- | M] () -- C:\Users\Sather\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/09/26 20:12:02 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sather.job
[2012/09/26 19:54:03 | 000,036,776 | ---- | M] () -- C:\Users\Sather\Desktop\tina.veg.bak
[2012/09/26 19:36:39 | 000,280,592 | ---- | M] () -- C:\Users\Sather\Desktop\tina.wmv.sfk
[2012/09/26 19:35:37 | 035,907,736 | ---- | M] () -- C:\Users\Sather\Desktop\tina.wmv.sfap0
[2012/09/26 18:42:28 | 144,198,573 | ---- | M] () -- C:\Users\Sather\Desktop\tina.wmv
[2012/09/26 18:37:45 | 001,638,328 | ---- | M] () -- C:\Users\Sather\Desktop\tina.jpg
[2012/09/26 14:17:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002Core.job
[2012/09/25 19:55:04 | 000,042,112 | ---- | M] () -- C:\Users\Sather\Desktop\unfinished apb.wmv.sfk
[2012/09/25 19:54:26 | 023,749,655 | ---- | M] () -- C:\Users\Sather\Desktop\unfinished.wmv
[2012/09/25 19:52:00 | 005,382,296 | ---- | M] () -- C:\Users\Sather\Desktop\unfinished apb.wmv.sfap0
[2012/09/25 19:04:57 | 000,001,064 | ---- | M] () -- C:\Users\Sather\Desktop\Serious Sam - The Second Encounter.lnk
[2012/09/24 18:22:58 | 000,001,076 | ---- | M] () -- C:\Users\Sather\Desktop\GameRanger.lnk
[2012/09/24 18:22:58 | 000,001,056 | ---- | M] () -- C:\Users\Sather\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012/09/24 17:12:43 | 000,001,053 | ---- | M] () -- C:\Users\Sather\Desktop\PFConfig.lnk
[2012/09/22 17:16:59 | 002,044,266 | ---- | M] () -- C:\Users\Sather\Desktop\BordL2+20Tr-LNG.rar
[2012/09/22 16:38:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012/09/21 19:15:13 | 046,301,805 | ---- | M] () -- C:\Users\Sather\Desktop\minecraft.wmv
[2012/09/20 20:47:14 | 000,000,998 | ---- | M] () -- C:\Users\Sather\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2012/09/20 20:47:14 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2012/09/20 19:09:34 | 000,001,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/09/20 17:45:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/20 16:51:51 | 000,001,289 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012/09/20 16:51:51 | 000,001,289 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 16:47:18 | 000,001,261 | ---- | M] () -- C:\Users\Sather\Desktop\hosts
[2012/09/19 21:23:46 | 000,000,254 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/09/18 22:27:41 | 000,049,051 | ---- | M] () -- C:\Users\Sather\Desktop\5387752_700b_v1.jpg
[2012/09/18 22:24:18 | 000,073,814 | ---- | M] () -- C:\Users\Sather\Desktop\5392416_700b.jpg
[2012/09/18 20:24:37 | 000,002,352 | ---- | M] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/15 21:05:18 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/15 12:09:19 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/15 12:09:11 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/14 21:27:24 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/14 21:27:24 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/09/14 17:05:32 | 000,062,938 | ---- | M] () -- C:\Users\Sather\Desktop\396085_437131792975076_816677859_n.jpg
[2012/09/14 17:04:41 | 000,032,557 | ---- | M] () -- C:\Users\Sather\Desktop\531638_447204401967815_1626097854_n.jpg
[2012/09/14 16:59:12 | 000,064,163 | ---- | M] () -- C:\Users\Sather\Desktop\524026_453602117994710_27970834_n.jpg
[2012/09/12 17:09:48 | 000,194,998 | ---- | M] () -- C:\Users\Sather\Desktop\slender.png
[2012/09/12 16:52:15 | 000,024,384 | ---- | M] () -- C:\Users\Sather\Desktop\slender.veg
[2012/09/12 14:45:17 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/09/11 23:37:46 | 000,001,497 | ---- | M] () -- C:\Users\Sather\Desktop\Borderlands.lnk
[2012/09/11 19:57:36 | 000,000,963 | ---- | M] () -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win32.lnk
[2012/09/11 19:57:36 | 000,000,927 | ---- | M] () -- C:\Users\Sather\Desktop\IPMSG for Win32.lnk
[2012/09/11 18:53:30 | 107,732,486 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 6.wav
[2012/09/11 18:53:30 | 000,420,888 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 6.sfk
[2012/09/11 18:43:44 | 001,426,411 | ---- | M] () -- C:\Users\Sather\AppData\Local\Tempmusic.ogg
[2012/09/11 18:42:50 | 001,123,102 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 5.wav
[2012/09/11 18:42:50 | 000,004,440 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 5.sfk
[2012/09/11 18:41:56 | 000,513,350 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 4.wav
[2012/09/11 18:41:56 | 000,002,064 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 4.sfk
[2012/09/11 18:41:36 | 000,413,262 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 3.wav
[2012/09/11 18:41:36 | 000,001,672 | ---- | M] () -- C:\Users\Sather\Documents\Track 1 - 3.sfk
[2012/09/10 23:49:46 | 000,000,223 | ---- | M] () -- C:\Users\Sather\Desktop\Gotham City Impostors Free To Play.url
[2012/09/10 23:48:05 | 004,677,481 | ---- | M] () -- C:\Users\Sather\Desktop\apb unfished 2.wmv
[2012/09/09 22:38:17 | 000,000,001 | ---- | M] () -- C:\Users\Sather\random.dat
[2012/09/09 22:30:23 | 000,000,047 | ---- | M] () -- C:\Users\Sather\jagex_cl_loginapplet_LIVE.dat
[2012/09/09 22:29:44 | 000,000,046 | ---- | M] () -- C:\Users\Sather\jagex_cl_runescape_LIVE1.dat
[2012/09/09 22:29:44 | 000,000,045 | ---- | M] () -- C:\Users\Sather\jagex_cl_runescape_LIVE.dat
[2012/09/09 01:46:51 | 000,030,091 | ---- | M] () -- C:\Users\Sather\Desktop\4290384_460s.jpg
[2012/09/08 19:41:50 | 000,131,710 | ---- | M] () -- C:\Users\Sather\Desktop\sword.psd
[2012/09/08 13:59:57 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Mirror's Edge™.lnk
[2012/09/08 00:02:21 | 000,000,222 | ---- | M] () -- C:\Users\Sather\Desktop\Puzzle Pirates.url
[2012/09/06 16:04:57 | 001,378,816 | ---- | M] () -- C:\Users\Sather\Desktop\RogueKiller.exe
[2012/09/03 22:45:31 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\VT20120731.038
[2012/09/01 18:18:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/09/01 18:18:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/09/01 18:18:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/09/01 18:18:49 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk

========== Files Created - No Company Name ==========

[2012/09/30 16:13:45 | 002,311,982 | ---- | C] () -- C:\Users\Sather\Desktop\shelly.psd
[2012/09/26 20:41:45 | 366,248,355 | ---- | C] () -- C:\Users\Sather\Desktop\TINA FINAL.wmv
[2012/09/26 20:35:34 | 000,026,300 | ---- | C] () -- C:\Users\Sather\Desktop\gamechap.png
[2012/09/26 19:35:38 | 000,280,592 | ---- | C] () -- C:\Users\Sather\Desktop\tina.wmv.sfk
[2012/09/26 19:35:36 | 035,907,736 | ---- | C] () -- C:\Users\Sather\Desktop\tina.wmv.sfap0
[2012/09/26 18:37:53 | 001,638,328 | ---- | C] () -- C:\Users\Sather\Desktop\tina.jpg
[2012/09/26 18:36:09 | 144,198,573 | ---- | C] () -- C:\Users\Sather\Desktop\tina.wmv
[2012/09/26 18:31:29 | 000,065,960 | ---- | C] () -- C:\Users\Sather\Desktop\tina.veg
[2012/09/26 18:31:29 | 000,036,776 | ---- | C] () -- C:\Users\Sather\Desktop\tina.veg.bak
[2012/09/25 19:53:19 | 023,749,655 | ---- | C] () -- C:\Users\Sather\Desktop\unfinished.wmv
[2012/09/25 19:52:00 | 005,382,296 | ---- | C] () -- C:\Users\Sather\Desktop\unfinished apb.wmv.sfap0
[2012/09/25 19:52:00 | 000,042,112 | ---- | C] () -- C:\Users\Sather\Desktop\unfinished apb.wmv.sfk
[2012/09/25 19:04:57 | 000,001,064 | ---- | C] () -- C:\Users\Sather\Desktop\Serious Sam - The Second Encounter.lnk
[2012/09/24 18:22:58 | 000,001,076 | ---- | C] () -- C:\Users\Sather\Desktop\GameRanger.lnk
[2012/09/24 18:22:58 | 000,001,062 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2012/09/24 18:22:58 | 000,001,056 | ---- | C] () -- C:\Users\Sather\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012/09/24 17:12:43 | 000,001,053 | ---- | C] () -- C:\Users\Sather\Desktop\PFConfig.lnk
[2012/09/22 17:16:23 | 002,044,266 | ---- | C] () -- C:\Users\Sather\Desktop\BordL2+20Tr-LNG.rar
[2012/09/21 19:12:38 | 046,301,805 | ---- | C] () -- C:\Users\Sather\Desktop\minecraft.wmv
[2012/09/20 20:47:14 | 000,000,998 | ---- | C] () -- C:\Users\Sather\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2012/09/20 20:47:14 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Pro 6.lnk
[2012/09/20 19:09:34 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/09/20 17:45:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/20 17:42:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/20 16:40:45 | 000,001,261 | ---- | C] () -- C:\Users\Sather\Desktop\hosts
[2012/09/18 22:27:43 | 000,049,051 | ---- | C] () -- C:\Users\Sather\Desktop\5387752_700b_v1.jpg
[2012/09/18 22:24:24 | 000,073,814 | ---- | C] () -- C:\Users\Sather\Desktop\5392416_700b.jpg
[2012/09/18 20:24:37 | 000,002,352 | ---- | C] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/17 18:16:44 | 000,022,016 | ---- | C] () -- C:\Users\Sather\Desktop\Gibbed.Helpers.dll
[2012/09/15 21:05:18 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/14 17:05:34 | 000,062,938 | ---- | C] () -- C:\Users\Sather\Desktop\396085_437131792975076_816677859_n.jpg
[2012/09/14 17:04:42 | 000,032,557 | ---- | C] () -- C:\Users\Sather\Desktop\531638_447204401967815_1626097854_n.jpg
[2012/09/14 16:59:15 | 000,064,163 | ---- | C] () -- C:\Users\Sather\Desktop\524026_453602117994710_27970834_n.jpg
[2012/09/12 17:09:47 | 000,194,998 | ---- | C] () -- C:\Users\Sather\Desktop\slender.png
[2012/09/12 16:52:15 | 000,024,384 | ---- | C] () -- C:\Users\Sather\Desktop\slender.veg
[2012/09/12 14:45:17 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/09/11 23:37:46 | 000,001,497 | ---- | C] () -- C:\Users\Sather\Desktop\Borderlands.lnk
[2012/09/11 19:57:36 | 000,000,963 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPMSG for Win32.lnk
[2012/09/11 19:57:36 | 000,000,957 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IPMSG for Win32.lnk
[2012/09/11 19:57:36 | 000,000,927 | ---- | C] () -- C:\Users\Sather\Desktop\IPMSG for Win32.lnk
[2012/09/11 18:53:30 | 000,420,888 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 6.sfk
[2012/09/11 18:42:50 | 107,732,486 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 6.wav
[2012/09/11 18:42:50 | 000,004,440 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 5.sfk
[2012/09/11 18:41:56 | 001,123,102 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 5.wav
[2012/09/11 18:41:56 | 000,002,064 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 4.sfk
[2012/09/11 18:41:36 | 000,513,350 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 4.wav
[2012/09/11 18:41:36 | 000,001,672 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 3.sfk
[2012/09/11 18:41:26 | 000,413,262 | ---- | C] () -- C:\Users\Sather\Documents\Track 1 - 3.wav
[2012/09/11 18:22:21 | 001,426,411 | ---- | C] () -- C:\Users\Sather\AppData\Local\Tempmusic.ogg
[2012/09/10 23:49:46 | 000,000,223 | ---- | C] () -- C:\Users\Sather\Desktop\Gotham City Impostors Free To Play.url
[2012/09/10 23:47:55 | 004,677,481 | ---- | C] () -- C:\Users\Sather\Desktop\apb unfished 2.wmv
[2012/09/09 22:29:44 | 000,000,046 | ---- | C] () -- C:\Users\Sather\jagex_cl_runescape_LIVE1.dat
[2012/09/09 22:26:15 | 000,000,047 | ---- | C] () -- C:\Users\Sather\jagex_cl_loginapplet_LIVE.dat
[2012/09/09 22:24:37 | 000,000,045 | ---- | C] () -- C:\Users\Sather\jagex_cl_runescape_LIVE.dat
[2012/09/09 22:24:37 | 000,000,001 | ---- | C] () -- C:\Users\Sather\random.dat
[2012/09/09 01:46:40 | 000,030,091 | ---- | C] () -- C:\Users\Sather\Desktop\4290384_460s.jpg
[2012/09/08 19:41:50 | 000,131,710 | ---- | C] () -- C:\Users\Sather\Desktop\sword.psd
[2012/09/08 13:59:56 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Mirror's Edge™.lnk
[2012/09/08 13:52:04 | 2239,692,799 | ---- | C] () -- C:\Users\Sather\Desktop\rld-mirk.iso
[2012/09/08 13:41:51 | 000,302,553 | ---- | C] () -- C:\Users\Sather\Desktop\OptiFine_1.3.2_HD_U_B2.zip
[2012/09/08 00:10:43 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/09/08 00:02:21 | 000,000,222 | ---- | C] () -- C:\Users\Sather\Desktop\Puzzle Pirates.url
[2012/09/07 18:40:50 | 008,073,421 | ---- | C] () -- C:\Users\Sather\Desktop\Escapecraft3 v5 map.zip
[2012/09/06 16:04:55 | 001,378,816 | ---- | C] () -- C:\Users\Sather\Desktop\RogueKiller.exe
[2012/09/03 22:45:37 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\VT20120731.038
[2012/09/01 18:18:50 | 001,563,140 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
[2012/09/01 18:18:50 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/09/01 18:18:50 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/09/01 18:18:49 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/09/01 18:18:45 | 000,003,435 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA.inf
[2012/09/01 18:18:45 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS.inf
[2012/09/01 18:18:45 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymNet.inf
[2012/09/01 18:18:45 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.inf
[2012/09/01 18:18:45 | 000,001,419 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.inf
[2012/09/01 18:18:45 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccSetx64.inf
[2012/09/01 18:18:45 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Iron.inf
[2012/09/01 18:18:36 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymVTcer.dat
[2012/09/01 18:18:36 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymDS64.cat
[2012/09/01 18:18:36 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnet64.cat
[2012/09/01 18:18:36 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\iron.cat
[2012/09/01 18:18:36 | 000,007,446 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.cat
[2012/09/01 18:18:36 | 000,007,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\SymEFA64.cat
[2012/09/01 18:18:36 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.cat
[2012/09/01 18:18:36 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.cat
[2012/09/01 18:18:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\isolate.ini
[2012/08/04 15:23:04 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/08/04 15:23:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/08/04 15:23:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/07/27 10:53:13 | 000,000,513 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\com.plutinosoft.idemo.plist
[2012/07/06 12:53:12 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/02 17:59:55 | 000,000,000 | ---- | C] () -- C:\Users\Sather\wusa.exe
[2012/06/26 14:31:28 | 000,001,456 | ---- | C] () -- C:\Users\Sather\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/06/26 14:19:11 | 000,000,132 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012/06/25 21:43:40 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/06/25 02:11:43 | 000,000,057 | ---- | C] () -- C:\Windows\hegames.ini
[2012/06/22 03:30:42 | 000,000,132 | ---- | C] () -- C:\Users\Sather\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/06/21 03:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/20 20:10:47 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2012/06/08 20:32:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/08 17:19:35 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/08 17:19:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/08 17:19:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc (1).exe
[2012/05/16 19:26:53 | 000,015,872 | ---- | C] () -- C:\Users\Sather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 02:51:17 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/05/12 02:51:17 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/05/12 02:51:16 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/12 02:51:15 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/03/04 14:51:56 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/09 11:19:02 | 000,021,320 | ---- | C] () -- C:\Windows\SysWow64\LightFX.dll
[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/07 09:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 09:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 09:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 09:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 09:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 09:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 01:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 01:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/27 08:07:14 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2011/02/10 11:10:51 | 000,775,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/09/30 17:40:12 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\.minecraft
[2012/09/08 13:46:59 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\.Nitrous
[2012/06/20 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\1.2.5 mo creeps
[2012/06/10 22:41:05 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\2K Sports
[2012/06/09 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Acoustica
[2012/08/16 01:51:18 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Atari
[2012/09/20 19:57:16 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Audacity
[2012/09/20 19:09:36 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\CrashPlan
[2012/08/14 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Cyberduck
[2012/08/14 00:58:30 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\cYo
[2012/08/21 22:58:08 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\DarknessII
[2012/07/30 12:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Digidesign
[2012/07/18 18:59:41 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Evaer
[2012/06/07 15:40:25 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\fltk.org
[2012/09/24 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\GameRanger
[2012/09/12 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\GarenaPlus
[2012/07/02 18:01:59 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\GOL_byHasbro
[2012/09/20 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Guitar Pro 6
[2012/09/19 17:05:45 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Language
[2012/06/25 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Leadertech
[2012/05/16 22:39:13 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\LolClient
[2012/09/15 19:49:51 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\MAXON
[2012/05/22 19:37:21 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\MotioninJoy
[2012/07/31 20:41:41 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\ooVoo Details
[2012/05/16 16:32:30 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Origin
[2012/06/25 22:22:18 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PACE Anti-Piracy
[2012/05/17 15:45:22 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PCDr
[2012/05/28 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PDAppFlex
[2012/08/04 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\PowerUp Software
[2012/05/24 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Publish Providers
[2012/09/20 16:57:45 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\redsn0w
[2012/09/09 22:38:26 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\RotMG.Production
[2012/08/23 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\skyz
[2012/08/25 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Smith Micro
[2012/05/24 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Sony
[2012/05/24 17:34:34 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Sony Creative Software Inc
[2012/08/20 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Sony Online Entertainment
[2012/07/31 18:40:32 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\SplitMediaLabs
[2012/06/09 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\SynthMaker
[2012/08/14 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\TeamViewer
[2012/09/14 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\TS3Client
[2012/09/24 16:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Tunngle
[2012/09/28 07:41:19 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\uTorrent
[2012/09/19 17:06:06 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Wippien
[2012/07/26 15:45:35 | 000,000,000 | ---D | M] -- C:\Users\Sather\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/08/14 01:28:49 | 000,000,000 | --SD | M] -- C:\Users\Sather\AppData\Roaming\wyUpdate AU
[2012/09/26 14:17:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002Core.job
[2012/09/30 17:17:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2259069413-2578279797-1013439322-1002UA.job
[2012/07/08 16:51:00 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/08/22 20:42:13 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1321 bytes -> C:\ProgramData\Microsoft:WpJUVR2x6o0pE7yDjm4l
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 1265 bytes -> C:\Program Files (x86)\Common Files\System:8wCKIXkqIGbCex4DyZODWiKFuFC4
@Alternate Data Stream - 1196 bytes -> C:\ProgramData\Microsoft:u4leMMvvLEMoGFnpDcXSA

< End of report >


The computer, I dont notice anything messing with it really. All I know is that my firewall is messed up, and even in device manager, nothing shows up. The list is blank.
  • 0

#19
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi again,
Can you tell me if you have Norton's firewall installed and running? If you can't find it, let me know the version of Norton you are running and I can tell you where to look.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking the icon and selecting Run as Administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    net start plugplay /c
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In your next reply I would like to see:
  • Is the Norton Firewall turned on?
  • Do you see your devices in the Device Manager now?

  • 0

#20
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I do see the device manager now. Thank you. But I have Norton Uninstalled. but I can tell there is some firewall blocking my connections. I used to be able to run servers for games but now I cant ever since I got a virus. I have AlienRespawn installed on my computer, and Im wondering if I should just restore my laptop to factory settings? Would that allow me to just start from scratch?
  • 0

#21
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi -
I don't think you need to restore your computer to it's factory settings, we will get the firewall up and running now.
I think that once we get rid of the remnants of your Norton program, your firewall will start working properly.

Step 1
You are in need of an anti virus program, without one, you will most likely get re-infected.
I recommend either of these free anti virus programs, but please install only one. Multiple anti virus programs can slow down your computer and actually make it less safe.
Microsoft Security Essentials You will need to download the 64 bit version
Avast!
Avira
Download the installer to your desktop but don't install it quite yet.
Next:
You say you uninstalled Norton, but I see many pieces still installed. You are going to need to run the Norton Removal Tool from here
Follow the instructions in the removal tool, and reboot when it asks you to.
After the removal tool is finished, then run the installer for the anti virus program that you downloaded previously.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    net start MpsSvc /c
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 3
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • does the firewall work now?
  • checkup.txt log file

  • 0

#22
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
the firewall doesnt work. i did the otl and the log says this:

Error: Unable to interpret <net start MpsSvc /c> in the current context!

OTL by OldTimer - Version 3.2.61.0 log created on 10042012_201907


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Java 2 Runtime Environment, SE v1.4.1
Java version out of Date!
Adobe Flash Player 11.4.402.265
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Sather Desktop virus hel SecurityCheck (1).exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````
  • 0

#23
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi,
I am sorry, I made a typo in that last fix.:whistling:
Did you do my step one about your anti virus? It's pretty important to have an AV up and running.

As for the OTL fix, let's try it again, and this time I won't make a typo.

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    files:
    net start MpsSvc /c
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0

#24
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Yes I have a licensed version of Avast installed now.

OTL gave me another error:
Error: Unable to interpret <files:> in the current context!
Error: Unable to interpret <net start MpsSvc /c> in the current context!

OTL by OldTimer - Version 3.2.61.0 log created on 10052012_162607
  • 0

#25
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi,
Can you please download this version of OTL and try my last fix in this post
Let me know if that does not work for you still.

Avast is a very good choice for your anti-virus :thumbsup:
  • 0

Advertisements


#26
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Error: Unable to interpret <files:> in the current context!
Error: Unable to interpret <net start MpsSvc /c> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 10062012_104837
  • 0

#27
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi there,
sorry about that, I don't know why that did not work. Let's try it another way,

Please click on the Start orb,
and in the search box type cmd
You should see in the search results under Programs something called cmd.
Posted Image
Right click on this and select Run as Administrator
This will cause the UAC to prompt you if you want to continue, please answer Yes to this
Posted Image
This will open up an command prompt box
Type in the following:
net start MpsSvc
and press enter.
Please note the response that the command prompt give you, and let me know the outcome.
You can now close the command prompt box.
  • 0

#28
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>net start MpsSvc
The Windows Firewall service is starting.
The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.


C:\Windows\system32>
  • 0

#29
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi,
That firewall is being quite stubborn, I want to try a another approach --

Please download this program from here

Run the program and click on the start button. Let me know the outcome of this operation.
  • 0

#30
MNISather

MNISather

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
WOW! You're some sort of wizard :thumbsup: The firewall is up and running and everything seems to be alright. Is there anything else I should do?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP