Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

My computer is running something. Logs are here.

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Mon May 28, 2012 5:58 am    Post subject: My computer is running something. Logs are here. Reply with quote

Thank you for taking a look. I do a lot of online shopping and may be getting free malware for my efforts. Please see if you can help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Gateway at 9:54:25 on 2012-05-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2192 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
mWinlogon: Userinit=userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
uRun: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SFEE8.tmp" /EF "HKCU"
uRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{0F794B59-CFB4-4731-96E9-F01E15E2B922} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{0F794B59-CFB4-4731-96E9-F01E15E2B922}\2656C6B696E6E2464616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0F794B59-CFB4-4731-96E9-F01E15E2B922}\D4F445F425F4C414D24303936493 : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{54344F18-F937-4512-ABA3-F3D5F88B58B2} : DhcpNameServer = 10.54.120.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO-X64: MyWebSearch Search Assistant BHO - No File
BHO-X64: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO-X64: mwsBar BHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun-x64: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-12-10 275912]
R2 BackupService;BackupService;C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2011-12-15 83512]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-6 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-7-6 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2012-3-14 34320]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-6 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-20 243232]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-14 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-28 13:30:21 -------- d-----w- C:\Users\Gateway\AppData\Local\{3FB8BC5E-071C-49C3-91CF-8ED21FCF58A6}
2012-05-28 13:30:00 -------- d-----w- C:\Users\Gateway\AppData\Local\{C0B1F436-79E4-4D86-9705-4AE5AA3C953C}
2012-05-27 12:29:15 -------- d-----w- C:\Users\Gateway\AppData\Local\{289D176D-CE4C-4E3B-AEB3-0DF0E978CE14}
2012-05-27 12:28:53 -------- d-----w- C:\Users\Gateway\AppData\Local\{5A9573C1-D0EC-4BDD-9FC9-3B6C358FEC88}
2012-05-26 21:23:18 -------- d-----w- C:\Users\Gateway\AppData\Local\{A94177D9-9DCD-47A9-A249-7E17F660D751}
2012-05-26 21:22:56 -------- d-----w- C:\Users\Gateway\AppData\Local\{82CC734B-324C-4B0A-8D61-FD11C20C978A}
2012-05-25 20:51:45 -------- d-----w- C:\Users\Gateway\AppData\Local\{0AA02F0D-6F07-4A67-B56E-DEC65D1B0F33}
2012-05-25 20:51:23 -------- d-----w- C:\Users\Gateway\AppData\Local\{F5BBB1FD-414D-409F-8A35-2064096A967B}
2012-05-25 02:14:05 -------- d-----w- C:\Users\Gateway\AppData\Local\{41E38CD7-F559-496F-B24F-9ECF6B53C9C7}
2012-05-25 02:13:41 -------- d-----w- C:\Users\Gateway\AppData\Local\{2699C8F1-F45A-4BBA-BA9E-2DF38DF406FC}
2012-05-23 23:19:50 -------- d-----w- C:\Users\Gateway\AppData\Local\{E3A1263F-9C1F-4D5D-9B7F-BAF4CA5709E6}
2012-05-23 23:19:28 -------- d-----w- C:\Users\Gateway\AppData\Local\{A5D4C44A-E87E-4231-8C4B-B4BC6D64A56A}
2012-05-23 10:59:38 -------- d-----w- C:\Users\Gateway\AppData\Local\{54D13B28-D5FB-4F8D-A5A5-9062E24433B6}
2012-05-23 10:59:15 -------- d-----w- C:\Users\Gateway\AppData\Local\{D10C65B1-092A-40C5-BBE8-361F51895C55}
2012-05-22 21:09:10 -------- d-----w- C:\Users\Gateway\AppData\Local\{E4D36D66-FFB9-4818-AE35-84E4F0A70A1F}
2012-05-22 21:08:49 -------- d-----w- C:\Users\Gateway\AppData\Local\{E69A8564-5930-45F5-9FFF-31219E1460EB}
2012-05-21 23:15:37 -------- d-----w- C:\Users\Gateway\AppData\Local\{5DC07F78-BA9D-4C15-B998-C21609F009EE}
2012-05-21 23:15:26 -------- d-----w- C:\Users\Gateway\AppData\Local\{252E749B-7BC5-48CE-8543-4E3471C56C6F}
2012-05-21 10:43:08 -------- d-----w- C:\Users\Gateway\AppData\Local\{C4F1DD11-E3E2-4779-AE5F-E8064832273E}
2012-05-21 10:42:46 -------- d-----w- C:\Users\Gateway\AppData\Local\{D0F1971F-B8B5-4F11-BB54-3D170FF37D06}
2012-05-20 23:04:45 -------- d-----w- C:\Users\Gateway\AppData\Local\{485930E7-9DA8-412A-8C91-24B84533D08F}
2012-05-20 12:47:09 -------- d-----w- C:\Users\Gateway\AppData\Local\{3B9FB08B-38BA-4122-9768-369E88E657D5}
2012-05-19 21:30:08 -------- d-----w- C:\Users\Gateway\AppData\Local\{30A84E2C-A416-4227-850A-FD4FD952C870}
2012-05-19 21:29:47 -------- d-----w- C:\Users\Gateway\AppData\Local\{E20B4359-AC93-43EF-A443-390768D358B7}
2012-05-19 13:08:00 -------- d-----w- C:\Users\Gateway\AppData\Local\{FDC2DA97-5AFB-4C27-899D-F29A3F48E5D0}
2012-05-19 13:07:38 -------- d-----w- C:\Users\Gateway\AppData\Local\{A56BFEAD-742A-4568-883E-0B04B5598448}
2012-05-19 13:05:34 -------- d-----w- C:\Users\Gateway\AppData\Local\{3FD15552-F270-4E1A-B1EF-BB067423A4AC}
2012-05-19 02:38:57 -------- d-----w- C:\Users\Gateway\AppData\Local\{141F4336-E350-4C78-BEBA-FA10E21E4A5D}
2012-05-18 11:55:56 -------- d-----w- C:\Users\Gateway\AppData\Local\{65B943E1-0A87-4E69-8409-873C176EE9E5}
2012-05-18 11:55:35 -------- d-----w- C:\Users\Gateway\AppData\Local\{928C600C-CA45-445A-AFD0-0EABB7E5573F}
2012-05-17 22:52:45 -------- d-----w- C:\Users\Gateway\AppData\Local\{F96B9F2B-2586-4B2E-86B0-D810159AD1D6}
2012-05-17 22:52:22 -------- d-----w- C:\Users\Gateway\AppData\Local\{FB5914B3-F13A-43F2-B796-020FEDDD27E5}
2012-05-17 02:15:57 -------- d-----w- C:\Users\Gateway\AppData\Local\{86A2B234-6095-491D-B4B1-BBBF4476ED93}
2012-05-17 02:15:35 -------- d-----w- C:\Users\Gateway\AppData\Local\{5C522E5D-561B-42C6-8637-B8974790A2A6}
2012-05-16 12:43:40 -------- d-----w- C:\Users\Gateway\AppData\Local\{3A3AA3FB-6ABC-4502-BF24-22D2C78C2461}
2012-05-16 12:43:30 -------- d-----w- C:\Users\Gateway\AppData\Local\{EF943E84-44F5-4A7E-89CD-768D63733805}
2012-05-16 02:17:11 -------- d-----w- C:\Users\Gateway\AppData\Local\{31B78EB6-54A7-4FB0-AABD-29968772D247}
2012-05-16 02:17:01 -------- d-----w- C:\Users\Gateway\AppData\Local\{1126EE4D-4EA3-4E41-B97D-589252BAAF28}
2012-05-15 13:12:50 -------- d-----w- C:\Users\Gateway\AppData\Local\{496B2035-9B61-43E9-8121-6AFB568FB255}
2012-05-15 13:12:39 -------- d-----w- C:\Users\Gateway\AppData\Local\{AF337560-C270-4FB5-856C-43B656427179}
2012-05-14 12:48:21 -------- d-----w- C:\Program Files\iTunes
2012-05-14 12:48:21 -------- d-----w- C:\Program Files\iPod
2012-05-14 12:48:21 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-14 11:59:23 -------- d-----w- C:\Users\Gateway\AppData\Local\{8226107A-50F1-496A-868C-B63F8B70D0B4}
2012-05-14 11:59:13 -------- d-----w- C:\Users\Gateway\AppData\Local\{61245965-5955-4643-BB63-7FB7CD22471B}
2012-05-13 14:32:39 -------- d-----w- C:\Users\Gateway\AppData\Local\{B8EF58F4-0515-49A0-876B-8EB08615D32A}
2012-05-13 14:32:29 -------- d-----w- C:\Users\Gateway\AppData\Local\{65A55ACD-AB69-432E-AEC8-D2CA278A45C3}
2012-05-12 12:48:30 -------- d-----w- C:\Users\Gateway\AppData\Local\{50EE1693-F05E-46F3-A98D-035F6DDCEDF6}
2012-05-12 12:48:19 -------- d-----w- C:\Users\Gateway\AppData\Local\{DD52F3CD-11BC-4145-A11C-C169E99B80AE}
2012-05-12 05:04:20 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-12 05:04:19 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-12 05:04:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-12 05:04:19 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 05:04:19 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-12 05:04:18 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-12 05:04:18 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-12 05:04:18 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-12 05:04:18 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-12 05:04:18 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 05:03:40 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 05:03:39 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 05:03:39 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 05:03:39 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 05:03:37 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 05:03:34 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 05:03:31 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 05:03:31 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 05:03:31 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 05:03:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 05:03:31 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 23:34:09 -------- d-----w- C:\Users\Gateway\AppData\Local\{32A926F9-6ECE-47B8-9D7D-E96E04B6A353}
2012-05-11 23:33:59 -------- d-----w- C:\Users\Gateway\AppData\Local\{EFF991E5-9B4F-4170-947E-76FA1196AEE4}
2012-05-11 01:14:09 -------- d-----w- C:\Users\Gateway\AppData\Local\{D3873C98-28AE-411B-8804-36A7834FAA10}
2012-05-11 01:13:58 -------- d-----w- C:\Users\Gateway\AppData\Local\{4C0680F3-F606-4788-AA00-C1B441B2C4F8}
2012-05-09 23:10:31 -------- d-----w- C:\Users\Gateway\AppData\Local\{A360B4D8-AB60-4F21-9EC7-9F701585B6C0}
2012-05-09 23:10:19 -------- d-----w- C:\Users\Gateway\AppData\Local\{9AE0F5BE-D6F3-4D0A-922B-598F9B66DFF9}
2012-05-08 22:59:45 -------- d-----w- C:\Users\Gateway\AppData\Local\{B6C60AFA-AEF1-4BBC-BF0A-CC59C24363A5}
2012-05-08 22:59:33 -------- d-----w- C:\Users\Gateway\AppData\Local\{38B78EFC-0C6A-4640-9175-89BB6CF1B017}
2012-05-07 23:02:35 -------- d-----w- C:\Users\Gateway\AppData\Local\{7794E3C8-0C79-4F5A-9DB5-024B1A0A6B4E}
2012-05-07 23:02:25 -------- d-----w- C:\Users\Gateway\AppData\Local\{DE644D51-5546-414E-AB22-3C2F2437D5EE}
2012-05-07 10:49:55 -------- d-----w- C:\Users\Gateway\AppData\Local\{88BF254E-88EB-4775-8B4D-A1796039E0C7}
2012-05-07 10:49:45 -------- d-----w- C:\Users\Gateway\AppData\Local\{76D4709E-6349-453B-A3DD-5D383DEC40A4}
2012-05-06 14:23:30 -------- d-----w- C:\Users\Gateway\AppData\Local\{37B6C773-7BBA-4E65-8FC8-DE87DD9F8E11}
2012-05-06 14:09:03 -------- d-----w- C:\Users\Gateway\AppData\Local\{20930173-E4B7-4DE4-AC7B-DEC1A3000869}
2012-05-06 03:06:29 -------- d-----w- C:\Users\Gateway\AppData\Local\{DA0FA006-1705-4294-A080-3172B644BBC3}
2012-05-06 03:06:19 -------- d-----w- C:\Users\Gateway\AppData\Local\{9C1F5DFD-2BD8-4B5F-9762-EC765C37E398}
2012-05-05 13:57:04 -------- d-----w- C:\Users\Gateway\AppData\Local\{B32DFEA5-ECFC-486E-9195-55AB3C02D1E9}
2012-05-05 13:56:53 -------- d-----w- C:\Users\Gateway\AppData\Local\{78E1A264-9BE8-4259-A87B-873B072A8CC6}
2012-05-05 12:34:08 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 23:40:28 -------- d-----w- C:\Users\Gateway\AppData\Local\{3E8D79DF-4FC1-4A88-9C0D-6D984387AB37}
2012-05-04 23:40:18 -------- d-----w- C:\Users\Gateway\AppData\Local\{8C2B3E56-37A2-4BBB-A055-1E10142A42E7}
2012-05-04 02:08:20 -------- d-----w- C:\Users\Gateway\AppData\Local\{6A524384-874B-4AD5-BBE1-09DDB96CF5A4}
2012-05-04 02:08:10 -------- d-----w- C:\Users\Gateway\AppData\Local\{AA5C5B76-3E6F-4493-BEB9-50685E3571F6}
2012-05-02 23:13:43 -------- d-----w- C:\Users\Gateway\AppData\Local\{21E0F73F-C317-4B42-A7D7-7278691CD6F0}
2012-05-02 23:13:32 -------- d-----w- C:\Users\Gateway\AppData\Local\{EA193FFB-8FA9-4DB9-831A-84A56B3ED21E}
2012-05-01 23:47:22 -------- d-----w- C:\Users\Gateway\AppData\Local\{EDF727D8-00A1-4CB2-80CE-2AC14E53D415}
2012-05-01 23:47:11 -------- d-----w- C:\Users\Gateway\AppData\Local\{A7B6997D-67E1-47AD-8BC0-2A9A885FEEBC}
2012-04-30 22:52:11 -------- d-----w- C:\Users\Gateway\AppData\Local\{2A239F69-2045-4843-9A62-049B3F4156AE}
2012-04-30 22:52:01 -------- d-----w- C:\Users\Gateway\AppData\Local\{AD7ECBED-E3D0-4574-9B95-9EFB0A0B2850}
2012-04-30 10:49:47 -------- d-----w- C:\Users\Gateway\AppData\Local\{0D36213A-8F7E-4DC4-8F3A-92CE7544D2DF}
2012-04-30 10:49:36 -------- d-----w- C:\Users\Gateway\AppData\Local\{05ADE188-8241-45EB-A80C-1BDA9944625F}
2012-04-29 13:39:01 -------- d-----w- C:\Users\Gateway\AppData\Local\{96332DD6-8339-4DC6-9090-FCAB4EC3A258}
2012-04-29 13:38:50 -------- d-----w- C:\Users\Gateway\AppData\Local\{50046B72-A70A-477C-B740-021E5597A71C}
2012-04-28 21:30:05 -------- d-----w- C:\Windows\PCHEALTH
2012-04-28 21:26:40 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-28 21:26:27 -------- d-----w- C:\Users\Gateway\AppData\Local\Microsoft Help
2012-04-28 14:34:28 -------- d-----w- C:\Users\Gateway\AppData\Local\{9158948D-B4B5-4FFE-A2CE-4996AB81F8C1}
2012-04-28 14:34:18 -------- d-----w- C:\Users\Gateway\AppData\Local\{9AD9E2ED-D878-4EED-985B-9999FAC87590}
.
==================== Find3M ====================
.
2012-05-05 12:34:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:34:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-22 23:29:44 733696 ----a-w- C:\Windows\GPInstall.exe
2012-03-14 23:56:18 38320 ----a-w- C:\Windows\SysWow64\f3PSSavr.scr
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 9:55:05.07 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/6/2011 3:35:43 PM
System Uptime: 5/27/2012 7:53:12 PM (14 hours ago)
.
Motherboard: Gateway | | SJV71_CP
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 1583/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 335.353 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Microsoft WPD Enhanced Storage Password Driver
Device ID: ROOT\WPD\0000
Manufacturer: (Enhanced Storage Device)
Name: Microsoft WPD Enhanced Storage Password Driver
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP89: 5/22/2012 12:00:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
18 Wheels of Steel - American Long Haul
Acrobat.com
Adobe AIR
Adobe Reader 9.5.1 MUI
Advertising Center
Agatha Christie - Death on the Nile
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Child Proof
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 9
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print
EpsonNet Setup
FATE
Gateway Game Console
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Earth Plug-in
Google SketchUp 8
Google Update Helper
honestech VHS to DVD 2.0 SE
Identity Card
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Quicken 2010
RotoChamp 2012
Screenshot Captor 3.04.01
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.8
STK03N
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB2.0 Grabber
Video Web Camera
Virtual Villagers 4 - The Tree of Life
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
5/21/2012 6:28:34 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon May 28, 2012 1:22 pm    Post subject: Reply with quote

Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon May 28, 2012 1:27 pm    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi commish252

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK there's a few things showing in your DDS log, but before we start removing them I need you to run a couple of extra scans for me .....

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Change parameters

    • Check Detect TDLFS file system
    • Click OK

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Tue May 29, 2012 3:32 pm    Post subject: Logs are posted here. Thanks. Reply with quote

OTL Extras logfile created on: 5/29/2012 7:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Gateway\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 53.47% Memory free
7.35 Gb Paging File | 5.29 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.97 Gb Total Space | 335.14 Gb Free Space | 74.31% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FE37E4-38C1-4E23-8587-EAC9988B9CF7}" = rport=139 | protocol=6 | dir=out | app=system |
"{187EA53F-6569-4A97-99ED-D2FC938542F7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{303AC882-37F1-4462-BFD9-22FF2AED823A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{458D2896-C1D7-44AE-B91B-6216D4930915}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{571F70B7-918C-46D2-B044-D5179EADA413}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78C35EA2-BF1B-49F1-91BA-62467B413FF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BED6612-BA1B-47C7-A735-235062F3D0E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C94587E-A352-4D91-AA52-7F1AA0B4C25D}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DCF49DC-04B6-4536-BAD3-2335240673D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ECEF3BE-BEB6-4A14-86B6-847C86C825D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{87E06DCC-EC76-40F5-875E-330DA8CAB5AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{99CD01C2-A906-4969-9112-12E5DFCD866B}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA7C3D1B-22D9-465C-B3C3-6BF7D4BD902C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4956A32-193E-4893-81BF-4A63C322C170}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6BA74C8-B89A-4A8B-AF97-47AE72E40189}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8955D59-4034-4D15-8169-CFEA14CC76E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE0DBB0B-70C5-4429-86B6-F0168C771604}" = rport=445 | protocol=6 | dir=out | app=system |
"{D786BBF8-1F9A-40BB-ADF9-2E85EFAB3C1D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA7719FC-071F-465F-B6AE-BD45C32AADF5}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDF39001-07E2-409F-AFD6-748AAD63E2B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{F09EA788-6AA0-4FD6-A946-32C0B9C04E43}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F36C6CAB-8184-4727-B9E8-88C24405264A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F62CA22B-0DCE-4C10-9040-12AC28795A3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05ADE237-DBBC-4065-9C3D-2D40F37FA728}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15AA9D3B-9359-45B4-884A-E6425053D134}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{22F28366-2D3D-4F96-B88B-D8EB98792E5C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29137ABE-9532-45E6-A522-D2E9B20312A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E7017DF-4182-4BDD-905D-4DDDAD130014}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2F800D46-2853-462F-B49E-71E55BC1361E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{315C0F33-FB6B-4A0E-B0D6-C60FD69D4805}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3269D496-3AAA-45F3-870E-E14361765731}" = protocol=17 | dir=in | app=c:\fantasy baseball\cnet_the_grid_auction_v1_0_demo_2010_baseball_prefill_zip.exe |
"{3610B69B-9803-4A92-8FC1-9EEE41FA06A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36327D89-1C91-4781-8EDD-74B5944B2429}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{41E8348F-CC93-4E00-A942-59921634AFC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{46E9E48E-8705-4BF1-B6F0-FD733A819801}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E47EF13-A13E-46F1-8DBE-14D1DB1A7432}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{519C792C-9219-4350-B9DF-DF8810CC8BCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5828B447-81D7-4C48-82BA-B4F4C9578D85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FEB5C09-9ECA-4C5C-9215-EBF281333F8A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7129BBA8-513A-443D-9411-E996CF9611F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7510FC73-CB5C-4B71-BFF4-1DD23EA24179}" = protocol=6 | dir=out | app=system |
"{7DDD9A7B-1656-44E9-AA16-5155B338AE6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EEF2F35-F49C-44D0-AB0C-1B14D3B6689A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8027DD00-668B-408C-AD03-077D73034101}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{81DCED17-7B10-4303-9F7B-4DF8665B51D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{834EBB3C-2ACB-4A97-88FE-38F2EDB98B93}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{8404E062-197F-40E1-96AE-50EF2C352467}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A247FD3-8609-4249-B086-A69C29DEEF93}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{9FE836A5-D05C-4749-926D-BF00873CF535}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FEDBCAB-F42A-4C14-9CE5-8EA18C4EE392}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{AD64C082-9E97-4E2E-9869-D852C5FB3683}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{AE65378F-8353-4775-9242-CD3C5586A478}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B068AD72-8F6B-43BD-A611-4ADA19274B01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC611135-1B12-4A24-8369-C15C8AE002B9}" = protocol=6 | dir=in | app=c:\fantasy baseball\cnet_the_grid_auction_v1_0_demo_2010_baseball_prefill_zip.exe |
"{C295D0BA-DE30-424C-BD23-0FEE578588B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB83EA3A-8A6B-4D66-BF1D-481DBDC60933}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CC3C6009-D120-47A8-8685-243A520242A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0442EFB-570B-41E0-9074-BB086834C7AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0851350-8C4D-4FF4-9CCD-AA7A9E0A67E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFE7C5AC-FEDC-40DA-8361-0906FF809557}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3E83949-FF8F-498A-9E38-BE78B7A0D6BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{BBD5B541-6407-49D2-958A-F274FB909F8E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{8B3EDD4F-D97E-4609-82ED-DE7F756C0DBA}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028dfa5d-88fa-4049-b9b2-e66394fc0d9a}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 2.0 SE
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E83CD823-C522-4B71-B10A-E1088B3BD261}" = STK03N
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Child Proof" = Child Proof
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Gateway Game Console" = Gateway Game Console
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ScreenshotCaptor_is1" = Screenshot Captor 3.04.01
"USB2.0 Grabber" = USB2.0 Grabber
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"437d933aaf3b44c1" = RotoChamp 2012

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2012 8:14:57 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 9:03:45 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 10:04:30 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 11:14:03 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 12:00:52 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 1:05:52 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 2:11:25 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 3:03:25 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 4:03:09 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 5:02:13 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 4/3/2012 6:32:49 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/22/2012 2:48:48 PM | Computer Name = Gateway-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:48:00 PM on ?4/?22/?2012 was unexpected.

Error - 4/29/2012 6:39:44 AM | Computer Name = Gateway-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/3/2012 10:15:38 PM | Computer Name = Gateway-PC | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 8:46:59 AM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/21/2012 6:28:34 AM | Computer Name = Gateway-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >






OTL logfile created on: 5/29/2012 7:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Gateway\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 53.47% Memory free
7.35 Gb Paging File | 5.29 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.97 Gb Total Space | 335.14 Gb Free Space | 74.31% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/29 19:17:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Downloads\OTL.exe
PRC - [2012/05/05 08:34:24 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/03/14 19:56:18 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2012/03/14 19:56:18 | 000,034,320 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2010/08/10 21:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 21:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/06/28 19:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/07/28 15:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/06/05 02:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 11:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 01:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 01:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2009/07/08 15:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009/07/06 16:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/03/12 17:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 15:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 17:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 21:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012/05/05 08:34:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 19:56:18 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/10 11:41:27 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/12/10 11:41:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/12/10 11:41:27 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/12/10 11:41:27 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/06/07 18:02:24 | 001,917,576 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2010/05/11 22:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/21 15:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/18 00:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 19:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJyyyyyyCMus&ptnrS=ZJyyyyyyCMus&ptb=4LG_lh1KnjxnN6aKS.NA.g&ind=2012031419&n=77ed29bb&psa=&st=sb&searchfor={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/20 21:24:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012/03/14 19:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/20 21:25:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SFEE8.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Tue May 29, 2012 3:33 pm    Post subject: Logs are here. Thanks. Reply with quote

OTL Extras logfile created on: 5/29/2012 7:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Gateway\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 53.47% Memory free
7.35 Gb Paging File | 5.29 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.97 Gb Total Space | 335.14 Gb Free Space | 74.31% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FE37E4-38C1-4E23-8587-EAC9988B9CF7}" = rport=139 | protocol=6 | dir=out | app=system |
"{187EA53F-6569-4A97-99ED-D2FC938542F7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{303AC882-37F1-4462-BFD9-22FF2AED823A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{458D2896-C1D7-44AE-B91B-6216D4930915}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{571F70B7-918C-46D2-B044-D5179EADA413}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78C35EA2-BF1B-49F1-91BA-62467B413FF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BED6612-BA1B-47C7-A735-235062F3D0E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C94587E-A352-4D91-AA52-7F1AA0B4C25D}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DCF49DC-04B6-4536-BAD3-2335240673D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ECEF3BE-BEB6-4A14-86B6-847C86C825D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{87E06DCC-EC76-40F5-875E-330DA8CAB5AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{99CD01C2-A906-4969-9112-12E5DFCD866B}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA7C3D1B-22D9-465C-B3C3-6BF7D4BD902C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4956A32-193E-4893-81BF-4A63C322C170}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6BA74C8-B89A-4A8B-AF97-47AE72E40189}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8955D59-4034-4D15-8169-CFEA14CC76E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE0DBB0B-70C5-4429-86B6-F0168C771604}" = rport=445 | protocol=6 | dir=out | app=system |
"{D786BBF8-1F9A-40BB-ADF9-2E85EFAB3C1D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA7719FC-071F-465F-B6AE-BD45C32AADF5}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDF39001-07E2-409F-AFD6-748AAD63E2B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{F09EA788-6AA0-4FD6-A946-32C0B9C04E43}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F36C6CAB-8184-4727-B9E8-88C24405264A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F62CA22B-0DCE-4C10-9040-12AC28795A3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05ADE237-DBBC-4065-9C3D-2D40F37FA728}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15AA9D3B-9359-45B4-884A-E6425053D134}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{22F28366-2D3D-4F96-B88B-D8EB98792E5C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29137ABE-9532-45E6-A522-D2E9B20312A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E7017DF-4182-4BDD-905D-4DDDAD130014}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2F800D46-2853-462F-B49E-71E55BC1361E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{315C0F33-FB6B-4A0E-B0D6-C60FD69D4805}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3269D496-3AAA-45F3-870E-E14361765731}" = protocol=17 | dir=in | app=c:\fantasy baseball\cnet_the_grid_auction_v1_0_demo_2010_baseball_prefill_zip.exe |
"{3610B69B-9803-4A92-8FC1-9EEE41FA06A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36327D89-1C91-4781-8EDD-74B5944B2429}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{41E8348F-CC93-4E00-A942-59921634AFC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{46E9E48E-8705-4BF1-B6F0-FD733A819801}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E47EF13-A13E-46F1-8DBE-14D1DB1A7432}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{519C792C-9219-4350-B9DF-DF8810CC8BCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5828B447-81D7-4C48-82BA-B4F4C9578D85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FEB5C09-9ECA-4C5C-9215-EBF281333F8A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7129BBA8-513A-443D-9411-E996CF9611F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7510FC73-CB5C-4B71-BFF4-1DD23EA24179}" = protocol=6 | dir=out | app=system |
"{7DDD9A7B-1656-44E9-AA16-5155B338AE6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EEF2F35-F49C-44D0-AB0C-1B14D3B6689A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8027DD00-668B-408C-AD03-077D73034101}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{81DCED17-7B10-4303-9F7B-4DF8665B51D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{834EBB3C-2ACB-4A97-88FE-38F2EDB98B93}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{8404E062-197F-40E1-96AE-50EF2C352467}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A247FD3-8609-4249-B086-A69C29DEEF93}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{9FE836A5-D05C-4749-926D-BF00873CF535}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FEDBCAB-F42A-4C14-9CE5-8EA18C4EE392}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{AD64C082-9E97-4E2E-9869-D852C5FB3683}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{AE65378F-8353-4775-9242-CD3C5586A478}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B068AD72-8F6B-43BD-A611-4ADA19274B01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC611135-1B12-4A24-8369-C15C8AE002B9}" = protocol=6 | dir=in | app=c:\fantasy baseball\cnet_the_grid_auction_v1_0_demo_2010_baseball_prefill_zip.exe |
"{C295D0BA-DE30-424C-BD23-0FEE578588B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB83EA3A-8A6B-4D66-BF1D-481DBDC60933}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CC3C6009-D120-47A8-8685-243A520242A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0442EFB-570B-41E0-9074-BB086834C7AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0851350-8C4D-4FF4-9CCD-AA7A9E0A67E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFE7C5AC-FEDC-40DA-8361-0906FF809557}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3E83949-FF8F-498A-9E38-BE78B7A0D6BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{BBD5B541-6407-49D2-958A-F274FB909F8E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{8B3EDD4F-D97E-4609-82ED-DE7F756C0DBA}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028dfa5d-88fa-4049-b9b2-e66394fc0d9a}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 2.0 SE
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E83CD823-C522-4B71-B10A-E1088B3BD261}" = STK03N
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Child Proof" = Child Proof
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Gateway Game Console" = Gateway Game Console
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ScreenshotCaptor_is1" = Screenshot Captor 3.04.01
"USB2.0 Grabber" = USB2.0 Grabber
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"437d933aaf3b44c1" = RotoChamp 2012

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2012 8:14:57 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 9:03:45 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 10:04:30 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 11:14:03 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 12:00:52 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 1:05:52 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 2:11:25 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 3:03:25 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 4:03:09 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 5:02:13 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 4/3/2012 6:32:49 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/22/2012 2:48:48 PM | Computer Name = Gateway-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:48:00 PM on ?4/?22/?2012 was unexpected.

Error - 4/29/2012 6:39:44 AM | Computer Name = Gateway-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/3/2012 10:15:38 PM | Computer Name = Gateway-PC | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 8:46:59 AM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/21/2012 6:28:34 AM | Computer Name = Gateway-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >






OTL logfile created on: 5/29/2012 7:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Gateway\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 53.47% Memory free
7.35 Gb Paging File | 5.29 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.97 Gb Total Space | 335.14 Gb Free Space | 74.31% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/29 19:17:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Downloads\OTL.exe
PRC - [2012/05/05 08:34:24 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/03/14 19:56:18 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2012/03/14 19:56:18 | 000,034,320 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2010/08/10 21:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 21:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/06/28 19:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/07/28 15:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/06/05 02:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 11:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 01:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 01:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2009/07/08 15:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009/07/06 16:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/03/12 17:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 15:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 17:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 21:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012/05/05 08:34:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 19:56:18 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/10 11:41:27 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/12/10 11:41:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/12/10 11:41:27 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/12/10 11:41:27 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/06/07 18:02:24 | 001,917,576 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2010/05/11 22:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/21 15:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/18 00:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 19:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJyyyyyyCMus&ptnrS=ZJyyyyyyCMus&ptb=4LG_lh1KnjxnN6aKS.NA.g&ind=2012031419&n=77ed29bb&psa=&st=sb&searchfor={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/20 21:24:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012/03/14 19:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/20 21:25:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SFEE8.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Wed May 30, 2012 1:14 am    Post subject: Reply with quote

Please post the logs separately as I asked you to ....

Quote:
Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.


.... as you have tried twice now to include both OTL logs in one post, and the logs are being cut off by the forum post limiter.

Do not forget to include the TDSSKiller log.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Thu May 31, 2012 5:30 pm    Post subject: Reply with quote

Hi Gary, sorry for the posting error.

Here is the OTL log file:

OTL logfile created on: 5/29/2012 7:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Gateway\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 53.47% Memory free
7.35 Gb Paging File | 5.29 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.97 Gb Total Space | 335.14 Gb Free Space | 74.31% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/29 19:17:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Downloads\OTL.exe
PRC - [2012/05/05 08:34:24 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/03/14 19:56:18 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2012/03/14 19:56:18 | 000,034,320 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2010/08/10 21:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 21:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/06/28 19:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/07/28 15:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/06/05 02:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 11:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 01:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 01:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2009/07/08 15:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009/07/06 16:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/03/12 17:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 15:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 17:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 21:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012/05/05 08:34:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 19:56:18 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/12/19 20:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/10 11:41:27 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/12/10 11:41:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/12/10 11:41:27 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/12/10 11:41:27 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/06/07 18:02:24 | 001,917,576 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)
DRV:64bit: - [2010/05/11 22:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/21 15:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/18 00:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 19:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJyyyyyyCMus&ptnrS=ZJyyyyyyCMus&ptb=4LG_lh1KnjxnN6aKS.NA.g&ind=2012031419&n=77ed29bb&psa=&st=sb&searchfor={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/20 21:24:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012/03/14 19:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/20 21:25:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SFEE8.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F794B59-CFB4-4731-96E9-F01E15E2B922}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54344F18-F937-4512-ABA3-F3D5F88B58B2}: DhcpNameServer = 10.54.120.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\Shell - "" = AutoRun
O33 - MountPoints2\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 18:54:31 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{0E99969C-4A18-491D-B48D-3688C63BF1D0}
[2012/05/29 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{1211322F-3AE9-41D1-8D3E-9125E68A8806}
[2012/05/28 18:57:29 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{C21BBE90-7CC3-4803-9334-F6C9297CB1CD}
[2012/05/28 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{1CB8831C-62B3-4E63-B69F-0774D2CF6674}
[2012/05/28 11:31:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{896AF336-1FBA-44E5-9D39-9F2E85297BF9}
[2012/05/28 09:30:21 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3FB8BC5E-071C-49C3-91CF-8ED21FCF58A6}
[2012/05/28 09:30:00 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{C0B1F436-79E4-4D86-9705-4AE5AA3C953C}
[2012/05/27 08:29:15 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{289D176D-CE4C-4E3B-AEB3-0DF0E978CE14}
[2012/05/27 08:28:53 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{5A9573C1-D0EC-4BDD-9FC9-3B6C358FEC88}
[2012/05/26 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A94177D9-9DCD-47A9-A249-7E17F660D751}
[2012/05/26 17:22:56 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{82CC734B-324C-4B0A-8D61-FD11C20C978A}
[2012/05/25 16:51:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{0AA02F0D-6F07-4A67-B56E-DEC65D1B0F33}
[2012/05/25 16:51:23 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{F5BBB1FD-414D-409F-8A35-2064096A967B}
[2012/05/24 22:14:05 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{41E38CD7-F559-496F-B24F-9ECF6B53C9C7}
[2012/05/24 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{2699C8F1-F45A-4BBA-BA9E-2DF38DF406FC}
[2012/05/23 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E3A1263F-9C1F-4D5D-9B7F-BAF4CA5709E6}
[2012/05/23 19:19:28 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A5D4C44A-E87E-4231-8C4B-B4BC6D64A56A}
[2012/05/23 06:59:38 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{54D13B28-D5FB-4F8D-A5A5-9062E24433B6}
[2012/05/23 06:59:15 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{D10C65B1-092A-40C5-BBE8-361F51895C55}
[2012/05/22 17:09:10 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E4D36D66-FFB9-4818-AE35-84E4F0A70A1F}
[2012/05/22 17:08:49 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E69A8564-5930-45F5-9FFF-31219E1460EB}
[2012/05/21 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{5DC07F78-BA9D-4C15-B998-C21609F009EE}
[2012/05/21 19:15:26 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{252E749B-7BC5-48CE-8543-4E3471C56C6F}
[2012/05/21 06:43:08 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{C4F1DD11-E3E2-4779-AE5F-E8064832273E}
[2012/05/21 06:42:46 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{D0F1971F-B8B5-4F11-BB54-3D170FF37D06}
[2012/05/20 19:04:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{485930E7-9DA8-412A-8C91-24B84533D08F}
[2012/05/20 08:47:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3B9FB08B-38BA-4122-9768-369E88E657D5}
[2012/05/19 17:30:08 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{30A84E2C-A416-4227-850A-FD4FD952C870}
[2012/05/19 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E20B4359-AC93-43EF-A443-390768D358B7}
[2012/05/19 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{FDC2DA97-5AFB-4C27-899D-F29A3F48E5D0}
[2012/05/19 09:07:38 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A56BFEAD-742A-4568-883E-0B04B5598448}
[2012/05/19 09:05:34 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3FD15552-F270-4E1A-B1EF-BB067423A4AC}
[2012/05/18 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{141F4336-E350-4C78-BEBA-FA10E21E4A5D}
[2012/05/18 07:55:56 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{65B943E1-0A87-4E69-8409-873C176EE9E5}
[2012/05/18 07:55:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{928C600C-CA45-445A-AFD0-0EABB7E5573F}
[2012/05/17 18:52:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{F96B9F2B-2586-4B2E-86B0-D810159AD1D6}
[2012/05/17 18:52:22 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{FB5914B3-F13A-43F2-B796-020FEDDD27E5}
[2012/05/16 22:15:57 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{86A2B234-6095-491D-B4B1-BBBF4476ED93}
[2012/05/16 22:15:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{5C522E5D-561B-42C6-8637-B8974790A2A6}
[2012/05/16 08:43:40 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3A3AA3FB-6ABC-4502-BF24-22D2C78C2461}
[2012/05/16 08:43:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EF943E84-44F5-4A7E-89CD-768D63733805}
[2012/05/15 22:17:11 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{31B78EB6-54A7-4FB0-AABD-29968772D247}
[2012/05/15 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{1126EE4D-4EA3-4E41-B97D-589252BAAF28}
[2012/05/15 09:12:50 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{496B2035-9B61-43E9-8121-6AFB568FB255}
[2012/05/15 09:12:39 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{AF337560-C270-4FB5-856C-43B656427179}
[2012/05/14 08:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/14 08:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/14 08:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/14 08:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/14 07:59:23 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{8226107A-50F1-496A-868C-B63F8B70D0B4}
[2012/05/14 07:59:13 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{61245965-5955-4643-BB63-7FB7CD22471B}
[2012/05/13 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{B8EF58F4-0515-49A0-876B-8EB08615D32A}
[2012/05/13 10:32:29 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{65A55ACD-AB69-432E-AEC8-D2CA278A45C3}
[2012/05/12 08:48:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{50EE1693-F05E-46F3-A98D-035F6DDCEDF6}
[2012/05/12 08:48:19 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{DD52F3CD-11BC-4145-A11C-C169E99B80AE}
[2012/05/12 03:04:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/12 01:04:20 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/12 01:04:19 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/12 01:04:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/12 01:04:18 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/12 01:04:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/12 01:03:40 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/12 01:03:39 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/12 01:03:39 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/11 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{32A926F9-6ECE-47B8-9D7D-E96E04B6A353}
[2012/05/11 19:33:59 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EFF991E5-9B4F-4170-947E-76FA1196AEE4}
[2012/05/10 21:14:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{D3873C98-28AE-411B-8804-36A7834FAA10}
[2012/05/10 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{4C0680F3-F606-4788-AA00-C1B441B2C4F8}
[2012/05/09 19:10:31 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A360B4D8-AB60-4F21-9EC7-9F701585B6C0}
[2012/05/09 19:10:19 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{9AE0F5BE-D6F3-4D0A-922B-598F9B66DFF9}
[2012/05/08 18:59:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{B6C60AFA-AEF1-4BBC-BF0A-CC59C24363A5}
[2012/05/08 18:59:33 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{38B78EFC-0C6A-4640-9175-89BB6CF1B017}
[2012/05/07 19:02:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{7794E3C8-0C79-4F5A-9DB5-024B1A0A6B4E}
[2012/05/07 19:02:25 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{DE644D51-5546-414E-AB22-3C2F2437D5EE}
[2012/05/07 06:49:55 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{88BF254E-88EB-4775-8B4D-A1796039E0C7}
[2012/05/07 06:49:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{76D4709E-6349-453B-A3DD-5D383DEC40A4}
[2012/05/06 10:23:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{37B6C773-7BBA-4E65-8FC8-DE87DD9F8E11}
[2012/05/06 10:09:03 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{20930173-E4B7-4DE4-AC7B-DEC1A3000869}
[2012/05/05 23:06:29 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{DA0FA006-1705-4294-A080-3172B644BBC3}
[2012/05/05 23:06:19 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{9C1F5DFD-2BD8-4B5F-9762-EC765C37E398}
[2012/05/05 09:57:04 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{B32DFEA5-ECFC-486E-9195-55AB3C02D1E9}
[2012/05/05 09:56:53 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{78E1A264-9BE8-4259-A87B-873B072A8CC6}
[2012/05/05 08:34:08 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/04 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3E8D79DF-4FC1-4A88-9C0D-6D984387AB37}
[2012/05/04 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{8C2B3E56-37A2-4BBB-A055-1E10142A42E7}
[2012/05/03 22:08:20 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{6A524384-874B-4AD5-BBE1-09DDB96CF5A4}
[2012/05/03 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{AA5C5B76-3E6F-4493-BEB9-50685E3571F6}
[2012/05/02 19:13:43 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{21E0F73F-C317-4B42-A7D7-7278691CD6F0}
[2012/05/02 19:13:32 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EA193FFB-8FA9-4DB9-831A-84A56B3ED21E}
[2012/05/01 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EDF727D8-00A1-4CB2-80CE-2AC14E53D415}
[2012/05/01 19:47:11 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A7B6997D-67E1-47AD-8BC0-2A9A885FEEBC}
[2012/04/30 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{2A239F69-2045-4843-9A62-049B3F4156AE}
[2012/04/30 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{AD7ECBED-E3D0-4574-9B95-9EFB0A0B2850}
[2012/04/30 06:49:47 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{0D36213A-8F7E-4DC4-8F3A-92CE7544D2DF}
[2012/04/30 06:49:36 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{05ADE188-8241-45EB-A80C-1BDA9944625F}

========== Files - Modified Within 30 Days ==========

[2012/05/29 19:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 19:00:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Gateway Registration - Data Sending task.job
[2012/05/29 18:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/29 08:37:39 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 08:37:39 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 04:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/27 19:59:40 | 000,741,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/27 19:59:40 | 000,635,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/27 19:59:40 | 000,110,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/27 19:53:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 19:53:23 | 2960,470,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 06:49:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/14 08:48:38 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/12 03:29:00 | 000,341,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/05 08:34:24 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/05 08:34:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/05 08:34:08 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

========== Files Created - No Company Name ==========

[2012/05/14 08:48:38 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/22 10:08:57 | 000,000,058 | ---- | C] () -- C:\Users\Gateway\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/12/10 21:25:46 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011/12/10 17:37:01 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/12/10 17:37:01 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/12/10 17:37:01 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/12/10 17:37:01 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/12/10 17:37:01 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/12/10 17:37:01 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/12/10 17:37:01 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/12/10 17:37:01 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/12/10 17:37:01 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/12/10 17:37:01 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/12/10 17:37:01 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/12/10 17:37:01 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/12/10 17:37:01 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/12/10 17:37:01 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/12/10 17:37:01 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/12/10 17:37:01 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/12/10 17:36:09 | 000,000,063 | ---- | C] () -- C:\Windows\EPWF610.ini
[2011/12/10 17:34:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/10 17:06:42 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/12/10 11:44:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/06 17:45:55 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011/07/06 17:40:55 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/07/06 17:40:55 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/07/06 17:40:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/07/06 17:40:54 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/07/06 17:40:54 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/07/06 17:40:31 | 000,001,702 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2011/07/06 17:05:53 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2010/11/20 00:16:14 | 000,000,079 | ---- | C] () -- C:\Windows\WISGAPas.ini
[2010/11/19 23:51:36 | 000,000,321 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/11/19 23:51:36 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/11/19 23:51:36 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini

========== LOP Check ==========

[2012/04/22 10:08:57 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\DonationCoder
[2011/12/11 15:43:05 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\Epson
[2012/02/11 15:22:09 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\SmartDraw
[2012/03/17 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\SNS
[2011/12/10 16:47:19 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\WildTangent
[2011/12/14 00:00:32 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\Windows Live Writer
[2012/02/09 20:45:36 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\WinPatrol
[2012/05/29 19:00:00 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\Gateway Registration - Data Sending task.job
[2012/04/22 14:48:49 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Thu May 31, 2012 5:32 pm    Post subject: Reply with quote

Gary, here is the Extras log:

OTL Extras logfile created on: 5/29/2012 7:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Gateway\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 53.47% Memory free
7.35 Gb Paging File | 5.29 Gb Available in Paging File | 71.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.97 Gb Total Space | 335.14 Gb Free Space | 74.31% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FE37E4-38C1-4E23-8587-EAC9988B9CF7}" = rport=139 | protocol=6 | dir=out | app=system |
"{187EA53F-6569-4A97-99ED-D2FC938542F7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{303AC882-37F1-4462-BFD9-22FF2AED823A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{458D2896-C1D7-44AE-B91B-6216D4930915}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{571F70B7-918C-46D2-B044-D5179EADA413}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78C35EA2-BF1B-49F1-91BA-62467B413FF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BED6612-BA1B-47C7-A735-235062F3D0E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C94587E-A352-4D91-AA52-7F1AA0B4C25D}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DCF49DC-04B6-4536-BAD3-2335240673D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ECEF3BE-BEB6-4A14-86B6-847C86C825D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{87E06DCC-EC76-40F5-875E-330DA8CAB5AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{99CD01C2-A906-4969-9112-12E5DFCD866B}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA7C3D1B-22D9-465C-B3C3-6BF7D4BD902C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4956A32-193E-4893-81BF-4A63C322C170}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6BA74C8-B89A-4A8B-AF97-47AE72E40189}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8955D59-4034-4D15-8169-CFEA14CC76E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE0DBB0B-70C5-4429-86B6-F0168C771604}" = rport=445 | protocol=6 | dir=out | app=system |
"{D786BBF8-1F9A-40BB-ADF9-2E85EFAB3C1D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA7719FC-071F-465F-B6AE-BD45C32AADF5}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDF39001-07E2-409F-AFD6-748AAD63E2B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{F09EA788-6AA0-4FD6-A946-32C0B9C04E43}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F36C6CAB-8184-4727-B9E8-88C24405264A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F62CA22B-0DCE-4C10-9040-12AC28795A3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05ADE237-DBBC-4065-9C3D-2D40F37FA728}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15AA9D3B-9359-45B4-884A-E6425053D134}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{22F28366-2D3D-4F96-B88B-D8EB98792E5C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29137ABE-9532-45E6-A522-D2E9B20312A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E7017DF-4182-4BDD-905D-4DDDAD130014}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2F800D46-2853-462F-B49E-71E55BC1361E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{315C0F33-FB6B-4A0E-B0D6-C60FD69D4805}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3269D496-3AAA-45F3-870E-E14361765731}" = protocol=17 | dir=in | app=c:\fantasy baseball\cnet_the_grid_auction_v1_0_demo_2010_baseball_prefill_zip.exe |
"{3610B69B-9803-4A92-8FC1-9EEE41FA06A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36327D89-1C91-4781-8EDD-74B5944B2429}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{41E8348F-CC93-4E00-A942-59921634AFC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{46E9E48E-8705-4BF1-B6F0-FD733A819801}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E47EF13-A13E-46F1-8DBE-14D1DB1A7432}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{519C792C-9219-4350-B9DF-DF8810CC8BCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5828B447-81D7-4C48-82BA-B4F4C9578D85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FEB5C09-9ECA-4C5C-9215-EBF281333F8A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7129BBA8-513A-443D-9411-E996CF9611F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7510FC73-CB5C-4B71-BFF4-1DD23EA24179}" = protocol=6 | dir=out | app=system |
"{7DDD9A7B-1656-44E9-AA16-5155B338AE6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EEF2F35-F49C-44D0-AB0C-1B14D3B6689A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8027DD00-668B-408C-AD03-077D73034101}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{81DCED17-7B10-4303-9F7B-4DF8665B51D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{834EBB3C-2ACB-4A97-88FE-38F2EDB98B93}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{8404E062-197F-40E1-96AE-50EF2C352467}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A247FD3-8609-4249-B086-A69C29DEEF93}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{9FE836A5-D05C-4749-926D-BF00873CF535}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FEDBCAB-F42A-4C14-9CE5-8EA18C4EE392}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{AD64C082-9E97-4E2E-9869-D852C5FB3683}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{AE65378F-8353-4775-9242-CD3C5586A478}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B068AD72-8F6B-43BD-A611-4ADA19274B01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC611135-1B12-4A24-8369-C15C8AE002B9}" = protocol=6 | dir=in | app=c:\fantasy baseball\cnet_the_grid_auction_v1_0_demo_2010_baseball_prefill_zip.exe |
"{C295D0BA-DE30-424C-BD23-0FEE578588B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB83EA3A-8A6B-4D66-BF1D-481DBDC60933}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CC3C6009-D120-47A8-8685-243A520242A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0442EFB-570B-41E0-9074-BB086834C7AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0851350-8C4D-4FF4-9CCD-AA7A9E0A67E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFE7C5AC-FEDC-40DA-8361-0906FF809557}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3E83949-FF8F-498A-9E38-BE78B7A0D6BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{BBD5B541-6407-49D2-958A-F274FB909F8E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{8B3EDD4F-D97E-4609-82ED-DE7F756C0DBA}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028dfa5d-88fa-4049-b9b2-e66394fc0d9a}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 2.0 SE
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E83CD823-C522-4B71-B10A-E1088B3BD261}" = STK03N
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Child Proof" = Child Proof
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Gateway Game Console" = Gateway Game Console
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ScreenshotCaptor_is1" = Screenshot Captor 3.04.01
"USB2.0 Grabber" = USB2.0 Grabber
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1184006042-274145770-2943838389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"437d933aaf3b44c1" = RotoChamp 2012

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2012 8:14:57 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 9:03:45 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 10:04:30 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 11:14:03 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 12:00:52 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 1:05:52 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 2:11:25 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 3:03:25 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 4:03:09 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/21/2012 5:02:13 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 4/3/2012 6:32:49 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 4/3/2012 6:32:52 PM | Computer Name = Gateway-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 4/22/2012 2:48:48 PM | Computer Name = Gateway-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:48:00 PM on ?4/?22/?2012 was unexpected.

Error - 4/29/2012 6:39:44 AM | Computer Name = Gateway-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/3/2012 10:15:38 PM | Computer Name = Gateway-PC | Source = DCOM | ID = 10016
Description =

Error - 5/14/2012 8:46:59 AM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/21/2012 6:28:34 AM | Computer Name = Gateway-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Thu May 31, 2012 5:34 pm    Post subject: Reply with quote

Gary, and here is the TDSSKiller log.

My earlier double-post was due to an error message I get when I cklick SUBMIT. I will be sure to double-check.

19:28:57.0862 5504 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
19:28:58.0127 5504 ============================================================
19:28:58.0127 5504 Current date / time: 2012/05/29 19:28:58.0127
19:28:58.0127 5504 SystemInfo:
19:28:58.0127 5504
19:28:58.0127 5504 OS Version: 6.1.7600 ServicePack: 0.0
19:28:58.0127 5504 Product type: Workstation
19:28:58.0127 5504 ComputerName: GATEWAY-PC
19:28:58.0127 5504 UserName: Gateway
19:28:58.0127 5504 Windows directory: C:\Windows
19:28:58.0127 5504 System windows directory: C:\Windows
19:28:58.0127 5504 Running under WOW64
19:28:58.0127 5504 Processor architecture: Intel x64
19:28:58.0127 5504 Number of processors: 4
19:28:58.0127 5504 Page size: 0x1000
19:28:58.0127 5504 Boot type: Normal boot
19:28:58.0127 5504 ============================================================
19:28:58.0704 5504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:28:58.0720 5504 ============================================================
19:28:58.0720 5504 \Device\Harddisk0\DR0:
19:28:58.0720 5504 MBR partitions:
19:28:58.0720 5504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D63800, BlocksNum 0x32000
19:28:58.0720 5504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D95800, BlocksNum 0x385F0030
19:28:58.0720 5504 ============================================================
19:28:58.0736 5504 C: <-> \Device\Harddisk0\DR0\Partition1
19:28:58.0736 5504 ============================================================
19:28:58.0736 5504 Initialize success
19:28:58.0736 5504 ============================================================
19:29:02.0448 4148 ============================================================
19:29:02.0448 4148 Scan started
19:29:02.0448 4148 Mode: Manual; TDLFS;
19:29:02.0448 4148 ============================================================
19:29:03.0260 4148 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:29:03.0275 4148 1394ohci - ok
19:29:03.0322 4148 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:29:03.0322 4148 ACPI - ok
19:29:03.0353 4148 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:29:03.0353 4148 AcpiPmi - ok
19:29:03.0509 4148 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:03.0509 4148 AdobeFlashPlayerUpdateSvc - ok
19:29:03.0572 4148 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:29:03.0587 4148 adp94xx - ok
19:29:03.0665 4148 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:29:03.0681 4148 adpahci - ok
19:29:03.0712 4148 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:29:03.0712 4148 adpu320 - ok
19:29:03.0759 4148 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:29:03.0759 4148 AeLookupSvc - ok
19:29:03.0915 4148 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:29:03.0915 4148 AFD - ok
19:29:03.0962 4148 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:29:03.0962 4148 agp440 - ok
19:29:03.0993 4148 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:29:04.0008 4148 ALG - ok
19:29:04.0040 4148 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:29:04.0040 4148 aliide - ok
19:29:04.0071 4148 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:29:04.0071 4148 amdide - ok
19:29:04.0086 4148 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:29:04.0086 4148 AmdK8 - ok
19:29:04.0149 4148 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:29:04.0149 4148 AmdPPM - ok
19:29:04.0227 4148 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:29:04.0227 4148 amdsata - ok
19:29:04.0274 4148 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:29:04.0274 4148 amdsbs - ok
19:29:04.0289 4148 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:29:04.0305 4148 amdxata - ok
19:29:04.0430 4148 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:29:04.0430 4148 Amsp - ok
19:29:04.0476 4148 AmUStor - ok
19:29:04.0508 4148 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:29:04.0508 4148 AppID - ok
19:29:04.0554 4148 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:29:04.0554 4148 AppIDSvc - ok
19:29:04.0570 4148 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:29:04.0570 4148 Appinfo - ok
19:29:04.0679 4148 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:29:04.0679 4148 Apple Mobile Device - ok
19:29:04.0726 4148 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:29:04.0726 4148 arc - ok
19:29:04.0742 4148 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:29:04.0742 4148 arcsas - ok
19:29:04.0788 4148 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:04.0788 4148 AsyncMac - ok
19:29:04.0820 4148 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:29:04.0820 4148 atapi - ok
19:29:04.0991 4148 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
19:29:05.0007 4148 athr - ok
19:29:05.0163 4148 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:29:05.0178 4148 AudioEndpointBuilder - ok
19:29:05.0194 4148 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:29:05.0194 4148 AudioSrv - ok
19:29:05.0241 4148 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:29:05.0256 4148 AxInstSV - ok
19:29:05.0334 4148 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:29:05.0350 4148 b06bdrv - ok
19:29:05.0397 4148 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:29:05.0397 4148 b57nd60a - ok
19:29:05.0490 4148 BackupService (68b86dd9d455a6a8de6d13c84fb5ce31) C:\Users\Gateway\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
19:29:05.0490 4148 BackupService - ok
19:29:05.0615 4148 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:29:05.0631 4148 BCM43XX - ok
19:29:05.0662 4148 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:29:05.0662 4148 BDESVC - ok
19:29:05.0709 4148 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:29:05.0709 4148 Beep - ok
19:29:05.0787 4148 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:29:05.0787 4148 BFE - ok
19:29:05.0865 4148 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
19:29:05.0880 4148 BITS - ok
19:29:05.0927 4148 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:29:05.0927 4148 blbdrive - ok
19:29:06.0021 4148 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:29:06.0036 4148 Bonjour Service - ok
19:29:06.0068 4148 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:29:06.0068 4148 bowser - ok
19:29:06.0083 4148 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:29:06.0099 4148 BrFiltLo - ok
19:29:06.0114 4148 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:29:06.0114 4148 BrFiltUp - ok
19:29:06.0146 4148 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:29:06.0161 4148 Browser - ok
19:29:06.0192 4148 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:29:06.0192 4148 Brserid - ok
19:29:06.0208 4148 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:06.0208 4148 BrSerWdm - ok
19:29:06.0208 4148 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:06.0208 4148 BrUsbMdm - ok
19:29:06.0239 4148 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:06.0239 4148 BrUsbSer - ok
19:29:06.0255 4148 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:06.0255 4148 BTHMODEM - ok
19:29:06.0302 4148 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:29:06.0302 4148 bthserv - ok
19:29:06.0317 4148 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:29:06.0317 4148 cdfs - ok
19:29:06.0348 4148 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:29:06.0348 4148 cdrom - ok
19:29:06.0380 4148 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:29:06.0380 4148 CertPropSvc - ok
19:29:06.0411 4148 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:29:06.0411 4148 circlass - ok
19:29:06.0442 4148 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:29:06.0442 4148 CLFS - ok
19:29:06.0504 4148 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:06.0504 4148 clr_optimization_v2.0.50727_32 - ok
19:29:06.0520 4148 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:29:06.0520 4148 clr_optimization_v2.0.50727_64 - ok
19:29:06.0582 4148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:06.0582 4148 clr_optimization_v4.0.30319_32 - ok
19:29:06.0629 4148 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:29:06.0645 4148 clr_optimization_v4.0.30319_64 - ok
19:29:06.0676 4148 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:06.0676 4148 CmBatt - ok
19:29:06.0707 4148 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:29:06.0707 4148 cmdide - ok
19:29:06.0770 4148 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:29:06.0785 4148 CNG - ok
19:29:06.0816 4148 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:29:06.0816 4148 Compbatt - ok
19:29:06.0848 4148 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:29:06.0848 4148 CompositeBus - ok
19:29:06.0848 4148 COMSysApp - ok
19:29:06.0879 4148 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:29:06.0879 4148 crcdisk - ok
19:29:06.0926 4148 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:29:06.0926 4148 CryptSvc - ok
19:29:06.0988 4148 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:29:06.0988 4148 DcomLaunch - ok
19:29:07.0019 4148 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:29:07.0035 4148 defragsvc - ok
19:29:07.0066 4148 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:29:07.0066 4148 DfsC - ok
19:29:07.0113 4148 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:29:07.0113 4148 Dhcp - ok
19:29:07.0144 4148 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:29:07.0144 4148 discache - ok
19:29:07.0175 4148 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:29:07.0175 4148 Disk - ok
19:29:07.0222 4148 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:29:07.0222 4148 Dnscache - ok
19:29:07.0269 4148 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:29:07.0284 4148 dot3svc - ok
19:29:07.0300 4148 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:29:07.0316 4148 DPS - ok
19:29:07.0347 4148 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:29:07.0347 4148 drmkaud - ok
19:29:07.0440 4148 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:29:07.0440 4148 DsiWMIService - ok
19:29:07.0518 4148 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
19:29:07.0534 4148 DXGKrnl - ok
19:29:07.0565 4148 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:29:07.0565 4148 EapHost - ok
19:29:07.0768 4148 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:29:07.0815 4148 ebdrv - ok
19:29:07.0971 4148 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:29:07.0986 4148 EFS - ok
19:29:08.0096 4148 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:29:08.0111 4148 ehRecvr - ok
19:29:08.0158 4148 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:29:08.0174 4148 ehSched - ok
19:29:08.0236 4148 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:29:08.0252 4148 elxstor - ok
19:29:08.0392 4148 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
19:29:08.0408 4148 ePowerSvc - ok
19:29:08.0501 4148 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
19:29:08.0501 4148 EpsonBidirectionalService - ok
19:29:08.0626 4148 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:29:08.0626 4148 ErrDev - ok
19:29:08.0688 4148 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:29:08.0688 4148 EventSystem - ok
19:29:08.0720 4148 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:29:08.0720 4148 exfat - ok
19:29:08.0751 4148 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:29:08.0751 4148 fastfat - ok
19:29:08.0813 4148 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:29:08.0829 4148 Fax - ok
19:29:08.0860 4148 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:29:08.0860 4148 fdc - ok
19:29:08.0907 4148 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:29:08.0907 4148 fdPHost - ok
19:29:08.0922 4148 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:29:08.0922 4148 FDResPub - ok
19:29:08.0954 4148 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:29:08.0969 4148 FileInfo - ok
19:29:08.0985 4148 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:29:08.0985 4148 Filetrace - ok
19:29:09.0000 4148 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:09.0000 4148 flpydisk - ok
19:29:09.0047 4148 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:29:09.0047 4148 FltMgr - ok
19:29:09.0125 4148 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
19:29:09.0141 4148 FontCache - ok
19:29:09.0203 4148 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:29:09.0203 4148 FontCache3.0.0.0 - ok
19:29:09.0266 4148 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:29:09.0266 4148 FsDepends - ok
19:29:09.0328 4148 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:29:09.0328 4148 Fs_Rec - ok
19:29:09.0359 4148 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:29:09.0375 4148 fvevol - ok
19:29:09.0390 4148 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:29:09.0390 4148 gagp30kx - ok
19:29:09.0500 4148 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
19:29:09.0515 4148 GameConsoleService - ok
19:29:09.0546 4148 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:29:09.0546 4148 GEARAspiWDM - ok
19:29:09.0624 4148 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:29:09.0640 4148 gpsvc - ok
19:29:09.0687 4148 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
19:29:09.0687 4148 GREGService - ok
19:29:09.0780 4148 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:29:09.0796 4148 gupdate - ok
19:29:09.0796 4148 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:29:09.0796 4148 gupdatem - ok
19:29:09.0827 4148 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:29:09.0827 4148 hcw85cir - ok
19:29:09.0890 4148 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:29:09.0890 4148 HdAudAddService - ok
19:29:09.0921 4148 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:29:09.0921 4148 HDAudBus - ok
19:29:09.0952 4148 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:29:09.0952 4148 HECIx64 - ok
19:29:09.0983 4148 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:29:09.0983 4148 HidBatt - ok
19:29:10.0014 4148 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:29:10.0014 4148 HidBth - ok
19:29:10.0061 4148 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:29:10.0061 4148 HidIr - ok
19:29:10.0092 4148 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:29:10.0092 4148 hidserv - ok
19:29:10.0124 4148 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:29:10.0124 4148 HidUsb - ok
19:29:10.0170 4148 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:29:10.0170 4148 hkmsvc - ok
19:29:10.0202 4148 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:29:10.0202 4148 HomeGroupListener - ok
19:29:10.0233 4148 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:29:10.0233 4148 HomeGroupProvider - ok
19:29:10.0280 4148 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:29:10.0280 4148 HpSAMD - ok
19:29:10.0342 4148 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:29:10.0342 4148 HTTP - ok
19:29:10.0389 4148 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:29:10.0389 4148 hwpolicy - ok
19:29:10.0404 4148 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:29:10.0404 4148 i8042prt - ok
19:29:10.0467 4148 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
19:29:10.0467 4148 iaStor - ok
19:29:10.0529 4148 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:29:10.0529 4148 iaStorV - ok
19:29:10.0638 4148 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:29:10.0654 4148 idsvc - ok
19:29:11.0262 4148 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:29:11.0496 4148 igfx - ok
19:29:11.0621 4148 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:29:11.0621 4148 iirsp - ok
19:29:11.0699 4148 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:29:11.0715 4148 IKEEXT - ok
19:29:11.0777 4148 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
19:29:11.0777 4148 Impcd - ok
19:29:11.0964 4148 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
19:29:11.0980 4148 IntcAzAudAddService - ok
19:29:12.0105 4148 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:29:12.0120 4148 IntcDAud - ok
19:29:12.0136 4148 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:29:12.0136 4148 intelide - ok
19:29:12.0167 4148 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:29:12.0167 4148 intelppm - ok
19:29:12.0214 4148 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:29:12.0214 4148 IPBusEnum - ok
19:29:12.0245 4148 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:12.0245 4148 IpFilterDriver - ok
19:29:12.0292 4148 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:29:12.0308 4148 iphlpsvc - ok
19:29:12.0323 4148 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:29:12.0323 4148 IPMIDRV - ok
19:29:12.0354 4148 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:29:12.0370 4148 IPNAT - ok
19:29:12.0495 4148 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:29:12.0510 4148 iPod Service - ok
19:29:12.0542 4148 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:29:12.0542 4148 IRENUM - ok
19:29:12.0573 4148 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:29:12.0573 4148 isapnp - ok
19:29:12.0588 4148 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:29:12.0604 4148 iScsiPrt - ok
19:29:12.0651 4148 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:29:12.0651 4148 k57nd60a - ok
19:29:12.0666 4148 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:12.0666 4148 kbdclass - ok
19:29:12.0682 4148 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:12.0698 4148 kbdhid - ok
19:29:12.0729 4148 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:29:12.0729 4148 KeyIso - ok
19:29:12.0744 4148 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:29:12.0760 4148 KSecDD - ok
19:29:12.0776 4148 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:29:12.0776 4148 KSecPkg - ok
19:29:12.0791 4148 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:29:12.0791 4148 ksthunk - ok
19:29:12.0854 4148 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:29:12.0854 4148 KtmRm - ok
19:29:12.0885 4148 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:29:12.0885 4148 L1E - ok
19:29:12.0932 4148 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
19:29:12.0932 4148 LanmanServer - ok
19:29:12.0963 4148 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:29:12.0963 4148 LanmanWorkstation - ok
19:29:13.0010 4148 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:29:13.0010 4148 lltdio - ok
19:29:13.0056 4148 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:29:13.0056 4148 lltdsvc - ok
19:29:13.0072 4148 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:29:13.0072 4148 lmhosts - ok
19:29:13.0197 4148 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:29:13.0197 4148 LMS - ok
19:29:13.0244 4148 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:29:13.0244 4148 LSI_FC - ok
19:29:13.0275 4148 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:29:13.0275 4148 LSI_SAS - ok
19:29:13.0290 4148 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:29:13.0290 4148 LSI_SAS2 - ok
19:29:13.0322 4148 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:29:13.0322 4148 LSI_SCSI - ok
19:29:13.0337 4148 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:29:13.0337 4148 luafv - ok
19:29:13.0368 4148 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:29:13.0368 4148 Mcx2Svc - ok
19:29:13.0384 4148 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:29:13.0384 4148 megasas - ok
19:29:13.0415 4148 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:29:13.0431 4148 MegaSR - ok
19:29:13.0462 4148 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:29:13.0462 4148 MMCSS - ok
19:29:13.0493 4148 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:29:13.0493 4148 Modem - ok
19:29:13.0509 4148 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:29:13.0509 4148 monitor - ok
19:29:13.0540 4148 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:29:13.0540 4148 mouclass - ok
19:29:13.0571 4148 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:29:13.0571 4148 mouhid - ok
19:29:13.0602 4148 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:29:13.0618 4148 mountmgr - ok
19:29:13.0634 4148 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:29:13.0649 4148 mpio - ok
19:29:13.0665 4148 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:29:13.0665 4148 mpsdrv - ok
19:29:13.0743 4148 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:29:13.0758 4148 MpsSvc - ok
19:29:13.0774 4148 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:29:13.0790 4148 MRxDAV - ok
19:29:13.0805 4148 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:13.0805 4148 mrxsmb - ok
19:29:13.0852 4148 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:13.0868 4148 mrxsmb10 - ok
19:29:13.0883 4148 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:13.0883 4148 mrxsmb20 - ok
19:29:13.0914 4148 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:29:13.0914 4148 msahci - ok
19:29:13.0930 4148 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:29:13.0946 4148 msdsm - ok
19:29:13.0977 4148 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:29:13.0977 4148 MSDTC - ok
19:29:14.0008 4148 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:29:14.0008 4148 Msfs - ok
19:29:14.0008 4148 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:29:14.0008 4148 mshidkmdf - ok
19:29:14.0024 4148 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:29:14.0024 4148 msisadrv - ok
19:29:14.0055 4148 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:29:14.0070 4148 MSiSCSI - ok
19:29:14.0070 4148 msiserver - ok
19:29:14.0117 4148 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:29:14.0117 4148 MSKSSRV - ok
19:29:14.0133 4148 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:14.0133 4148 MSPCLOCK - ok
19:29:14.0148 4148 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:29:14.0148 4148 MSPQM - ok
19:29:14.0180 4148 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:29:14.0180 4148 MsRPC - ok
19:29:14.0211 4148 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:29:14.0211 4148 mssmbios - ok
19:29:14.0226 4148 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:29:14.0226 4148 MSTEE - ok
19:29:14.0242 4148 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:29:14.0242 4148 MTConfig - ok
19:29:14.0273 4148 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:29:14.0273 4148 Mup - ok
19:29:14.0398 4148 MyWebSearchService (bb74024a1d4e4808562c090980151653) C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
19:29:14.0398 4148 MyWebSearchService - ok
19:29:14.0460 4148 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:29:14.0460 4148 napagent - ok
19:29:14.0538 4148 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:29:14.0554 4148 NativeWifiP - ok
19:29:14.0616 4148 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:29:14.0632 4148 NDIS - ok
19:29:14.0663 4148 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:14.0663 4148 NdisCap - ok
19:29:14.0694 4148 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:14.0694 4148 NdisTapi - ok
19:29:14.0726 4148 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:14.0726 4148 Ndisuio - ok
19:29:14.0741 4148 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:14.0757 4148 NdisWan - ok
19:29:14.0772 4148 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:29:14.0772 4148 NDProxy - ok
19:29:14.0913 4148 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:29:14.0928 4148 Nero BackItUp Scheduler 4.0 - ok
19:29:14.0960 4148 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:29:14.0960 4148 NetBIOS - ok
19:29:14.0991 4148 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:29:14.0991 4148 NetBT - ok
19:29:15.0038 4148 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:29:15.0053 4148 Netlogon - ok
19:29:15.0116 4148 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:29:15.0116 4148 Netman - ok
19:29:15.0162 4148 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:29:15.0162 4148 netprofm - ok
19:29:15.0225 4148 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:29:15.0225 4148 NetTcpPortSharing - ok
19:29:15.0256 4148 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:15.0256 4148 nfrd960 - ok
19:29:15.0318 4148 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:29:15.0318 4148 NlaSvc - ok
19:29:15.0365 4148 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:29:15.0365 4148 Npfs - ok
19:29:15.0381 4148 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:29:15.0381 4148 nsi - ok
19:29:15.0396 4148 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:29:15.0396 4148 nsiproxy - ok
19:29:15.0521 4148 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:29:15.0552 4148 Ntfs - ok
19:29:15.0646 4148 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
19:29:15.0646 4148 NTI IScheduleSvc - ok
19:29:15.0771 4148 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
19:29:15.0771 4148 NTIDrvr - ok
19:29:15.0786 4148 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:29:15.0786 4148 Null - ok
19:29:15.0833 4148 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:29:15.0833 4148 nvraid - ok
19:29:15.0864 4148 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:29:15.0864 4148 nvstor - ok
19:29:15.0896 4148 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:29:15.0896 4148 nv_agp - ok
19:29:15.0927 4148 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:29:15.0927 4148 ohci1394 - ok
19:29:16.0020 4148 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:16.0020 4148 ose - ok
19:29:16.0364 4148 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:29:16.0410 4148 osppsvc - ok
19:29:16.0535 4148 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:29:16.0535 4148 p2pimsvc - ok
19:29:16.0582 4148 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:29:16.0582 4148 p2psvc - ok
19:29:16.0629 4148 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:29:16.0629 4148 Parport - ok
19:29:16.0676 4148 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
19:29:16.0676 4148 partmgr - ok
19:29:16.0707 4148 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:29:16.0722 4148 PcaSvc - ok
19:29:16.0785 4148 PcdrNdisuio - ok
19:29:16.0832 4148 PCDSRVC{1CB8192B-419A9AC6-06020101}_0 - ok
19:29:16.0863 4148 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:29:16.0863 4148 pci - ok
19:29:16.0878 4148 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:29:16.0878 4148 pciide - ok
19:29:16.0910 4148 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:16.0910 4148 pcmcia - ok
19:29:16.0925 4148 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:29:16.0941 4148 pcw - ok
19:29:16.0972 4148 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:29:16.0988 4148 PEAUTH - ok
19:29:17.0066 4148 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:29:17.0066 4148 PerfHost - ok
19:29:17.0175 4148 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:29:17.0206 4148 pla - ok
19:29:17.0253 4148 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:29:17.0268 4148 PlugPlay - ok
19:29:17.0284 4148 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:29:17.0284 4148 PNRPAutoReg - ok
19:29:17.0315 4148 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:29:17.0315 4148 PNRPsvc - ok
19:29:17.0362 4148 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:29:17.0378 4148 PolicyAgent - ok
19:29:17.0409 4148 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:29:17.0409 4148 Power - ok
19:29:17.0471 4148 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:29:17.0487 4148 PptpMiniport - ok
19:29:17.0502 4148 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:29:17.0502 4148 Processor - ok
19:29:17.0534 4148 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:29:17.0549 4148 ProfSvc - ok
19:29:17.0596 4148 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:29:17.0596 4148 ProtectedStorage - ok
19:29:17.0627 4148 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:29:17.0627 4148 Psched - ok
19:29:17.0736 4148 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:29:17.0768 4148 ql2300 - ok
19:29:17.0908 4148 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:17.0908 4148 ql40xx - ok
19:29:17.0955 4148 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:29:17.0955 4148 QWAVE - ok
19:29:17.0986 4148 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:29:17.0986 4148 QWAVEdrv - ok
19:29:18.0002 4148 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:29:18.0002 4148 RasAcd - ok
19:29:18.0048 4148 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:18.0064 4148 RasAgileVpn - ok
19:29:18.0080 4148 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:29:18.0080 4148 RasAuto - ok
19:29:18.0111 4148 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:18.0111 4148 Rasl2tp - ok
19:29:18.0158 4148 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:29:18.0158 4148 RasMan - ok
19:29:18.0204 4148 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:18.0204 4148 RasPppoe - ok
19:29:18.0236 4148 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:29:18.0236 4148 RasSstp - ok
19:29:18.0267 4148 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:29:18.0267 4148 rdbss - ok
19:29:18.0282 4148 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:18.0298 4148 rdpbus - ok
19:29:18.0314 4148 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:18.0329 4148 RDPCDD - ok
19:29:18.0329 4148 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:29:18.0329 4148 RDPENCDD - ok
19:29:18.0345 4148 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:29:18.0345 4148 RDPREFMP - ok
19:29:18.0407 4148 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:29:18.0407 4148 RDPWD - ok
19:29:18.0470 4148 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
19:29:18.0470 4148 rdyboost - ok
19:29:18.0501 4148 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:29:18.0501 4148 RemoteAccess - ok
19:29:18.0532 4148 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:29:18.0548 4148 RemoteRegistry - ok
19:29:18.0563 4148 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:29:18.0563 4148 RpcEptMapper - ok
19:29:18.0579 4148 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:29:18.0579 4148 RpcLocator - ok
19:29:18.0626 4148 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:29:18.0626 4148 RpcSs - ok
19:29:18.0672 4148 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:29:18.0672 4148 rspndr - ok
19:29:18.0719 4148 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:29:18.0719 4148 SamSs - ok
19:29:18.0750 4148 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:29:18.0750 4148 sbp2port - ok
19:29:18.0797 4148 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:29:18.0797 4148 SCardSvr - ok
19:29:18.0813 4148 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:29:18.0813 4148 scfilter - ok
19:29:18.0891 4148 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:29:18.0906 4148 Schedule - ok
19:29:18.0938 4148 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:29:18.0938 4148 SCPolicySvc - ok
19:29:18.0969 4148 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:29:18.0969 4148 SDRSVC - ok
19:29:19.0016 4148 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:29:19.0016 4148 secdrv - ok
19:29:19.0031 4148 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:29:19.0031 4148 seclogon - ok
19:29:19.0047 4148 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:29:19.0062 4148 SENS - ok
19:29:19.0062 4148 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:29:19.0078 4148 SensrSvc - ok
19:29:19.0094 4148 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:29:19.0094 4148 Serenum - ok
19:29:19.0109 4148 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:29:19.0109 4148 Serial - ok
19:29:19.0140 4148 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:29:19.0156 4148 sermouse - ok
19:29:19.0187 4148 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:29:19.0203 4148 SessionEnv - ok
19:29:19.0218 4148 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:29:19.0218 4148 sffdisk - ok
19:29:19.0234 4148 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:29:19.0234 4148 sffp_mmc - ok
19:29:19.0250 4148 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:29:19.0250 4148 sffp_sd - ok
19:29:19.0265 4148 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:19.0265 4148 sfloppy - ok
19:29:19.0312 4148 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:29:19.0312 4148 SharedAccess - ok
19:29:19.0343 4148 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:29:19.0359 4148 ShellHWDetection - ok
19:29:19.0374 4148 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:19.0374 4148 SiSRaid2 - ok
19:29:19.0406 4148 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:19.0406 4148 SiSRaid4 - ok
19:29:19.0421 4148 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:29:19.0437 4148 Smb - ok
19:29:19.0468 4148 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:29:19.0468 4148 SNMPTRAP - ok
19:29:19.0484 4148 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:29:19.0484 4148 spldr - ok
19:29:19.0530 4148 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:29:19.0546 4148 Spooler - ok
19:29:19.0749 4148 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:29:19.0780 4148 sppsvc - ok
19:29:19.0905 4148 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:29:19.0905 4148 sppuinotify - ok
19:29:19.0983 4148 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:29:19.0983 4148 srv - ok
19:29:20.0014 4148 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:29:20.0030 4148 srv2 - ok
19:29:20.0061 4148 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:29:20.0076 4148 srvnet - ok
19:29:20.0123 4148 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:29:20.0139 4148 SSDPSRV - ok
19:29:20.0154 4148 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:29:20.0154 4148 SstpSvc - ok
19:29:20.0186 4148 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:29:20.0186 4148 stexstor - ok
19:29:20.0232 4148 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:29:20.0248 4148 stisvc - ok
19:29:20.0404 4148 StkCMini (5bbfa4df4c1f3c31f6ace4e4fe36cd90) C:\Windows\system32\Drivers\StkCMini.sys
19:29:20.0420 4148 StkCMini - ok
19:29:20.0544 4148 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:29:20.0544 4148 swenum - ok
19:29:20.0607 4148 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:29:20.0607 4148 swprv - ok
19:29:20.0685 4148 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
19:29:20.0685 4148 SynTP - ok
19:29:20.0810 4148 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:29:20.0841 4148 SysMain - ok
19:29:20.0934 4148 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:29:20.0950 4148 TabletInputService - ok
19:29:20.0981 4148 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:29:20.0981 4148 TapiSrv - ok
19:29:20.0997 4148 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:29:20.0997 4148 TBS - ok
19:29:21.0153 4148 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
19:29:21.0184 4148 Tcpip - ok
19:29:21.0434 4148 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
19:29:21.0449 4148 TCPIP6 - ok
19:29:21.0574 4148 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:29:21.0574 4148 tcpipreg - ok
19:29:21.0590 4148 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:29:21.0590 4148 TDPIPE - ok
19:29:21.0621 4148 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:29:21.0636 4148 TDTCP - ok
19:29:21.0652 4148 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:29:21.0652 4148 tdx - ok
19:29:21.0668 4148 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:29:21.0668 4148 TermDD - ok
19:29:21.0746 4148 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:29:21.0761 4148 TermService - ok
19:29:21.0777 4148 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:29:21.0777 4148 Themes - ok
19:29:21.0792 4148 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:29:21.0792 4148 THREADORDER - ok
19:29:21.0855 4148 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
19:29:21.0855 4148 tmactmon - ok
19:29:21.0917 4148 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
19:29:21.0917 4148 tmcomm - ok
19:29:21.0948 4148 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:29:21.0948 4148 tmevtmgr - ok
19:29:21.0980 4148 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
19:29:21.0980 4148 tmtdi - ok
19:29:22.0011 4148 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:29:22.0011 4148 TrkWks - ok
19:29:22.0058 4148 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:29:22.0073 4148 TrustedInstaller - ok
19:29:22.0104 4148 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:22.0104 4148 tssecsrv - ok
19:29:22.0151 4148 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:29:22.0151 4148 tunnel - ok
19:29:22.0198 4148 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
19:29:22.0198 4148 TurboB - ok
19:29:22.0260 4148 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:29:22.0260 4148 TurboBoost - ok
19:29:22.0276 4148 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:29:22.0276 4148 uagp35 - ok
19:29:22.0307 4148 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
19:29:22.0307 4148 UBHelper - ok
19:29:22.0354 4148 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:29:22.0354 4148 udfs - ok
19:29:22.0385 4148 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:29:22.0385 4148 UI0Detect - ok
19:29:22.0416 4148 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:29:22.0416 4148 uliagpkx - ok
19:29:22.0448 4148 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:29:22.0448 4148 umbus - ok
19:29:22.0479 4148 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:29:22.0479 4148 UmPass - ok
19:29:22.0744 4148 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:29:22.0775 4148 UNS - ok
19:29:22.0884 4148 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
19:29:22.0884 4148 Updater Service - ok
19:29:22.0994 4148 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:29:23.0009 4148 upnphost - ok
19:29:23.0072 4148 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:29:23.0072 4148 USBAAPL64 - ok
19:29:23.0118 4148 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:29:23.0118 4148 usbaudio - ok
19:29:23.0150 4148 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:23.0150 4148 usbccgp - ok
19:29:23.0165 4148 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:29:23.0181 4148 usbcir - ok
19:29:23.0196 4148 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
19:29:23.0196 4148 usbehci - ok
19:29:23.0228 4148 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
19:29:23.0243 4148 usbhub - ok
19:29:23.0259 4148 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
19:29:23.0259 4148 usbohci - ok
19:29:23.0274 4148 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:29:23.0274 4148 usbprint - ok
19:29:23.0290 4148 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:23.0290 4148 USBSTOR - ok
19:29:23.0321 4148 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
19:29:23.0321 4148 usbuhci - ok
19:29:23.0384 4148 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
19:29:23.0384 4148 usbvideo - ok
19:29:23.0399 4148 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:29:23.0399 4148 UxSms - ok
19:29:23.0446 4148 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:29:23.0446 4148 VaultSvc - ok
19:29:23.0477 4148 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:29:23.0477 4148 vdrvroot - ok
19:29:23.0524 4148 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:29:23.0524 4148 vds - ok
19:29:23.0555 4148 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:23.0555 4148 vga - ok
19:29:23.0571 4148 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:29:23.0571 4148 VgaSave - ok
19:29:23.0602 4148 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:29:23.0602 4148 vhdmp - ok
19:29:23.0633 4148 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:29:23.0633 4148 viaide - ok
19:29:23.0649 4148 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:29:23.0649 4148 volmgr - ok
19:29:23.0680 4148 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:29:23.0680 4148 volmgrx - ok
19:29:23.0711 4148 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:29:23.0711 4148 volsnap - ok
19:29:23.0742 4148 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:23.0758 4148 vsmraid - ok
19:29:23.0883 4148 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:29:23.0898 4148 VSS - ok
19:29:24.0023 4148 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:24.0023 4148 vwifibus - ok
19:29:24.0039 4148 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:24.0054 4148 vwififlt - ok
19:29:24.0101 4148 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:29:24.0117 4148 W32Time - ok
19:29:24.0132 4148 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:29:24.0132 4148 WacomPen - ok
19:29:24.0164 4148 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:24.0164 4148 WANARP - ok
19:29:24.0179 4148 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:24.0179 4148 Wanarpv6 - ok
19:29:24.0288 4148 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:29:24.0320 4148 WatAdminSvc - ok
19:29:24.0413 4148 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:29:24.0444 4148 wbengine - ok
19:29:24.0554 4148 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:29:24.0569 4148 WbioSrvc - ok
19:29:24.0616 4148 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:29:24.0616 4148 wcncsvc - ok
19:29:24.0632 4148 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:29:24.0632 4148 WcsPlugInService - ok
19:29:24.0678 4148 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:29:24.0678 4148 Wd - ok
19:29:24.0725 4148 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:29:24.0741 4148 Wdf01000 - ok
19:29:24.0772 4148 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:29:24.0772 4148 WdiServiceHost - ok
19:29:24.0772 4148 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:29:24.0788 4148 WdiSystemHost - ok
19:29:24.0819 4148 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:29:24.0819 4148 WebClient - ok
19:29:24.0850 4148 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:29:24.0866 4148 Wecsvc - ok
19:29:24.0881 4148 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:29:24.0881 4148 wercplsupport - ok
19:29:24.0897 4148 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:29:24.0897 4148 WerSvc - ok
19:29:24.0959 4148 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:24.0959 4148 WfpLwf - ok
19:29:24.0990 4148 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:29:24.0990 4148 WIMMount - ok
19:29:25.0022 4148 WinDefend - ok
19:29:25.0037 4148 WinHttpAutoProxySvc - ok
19:29:25.0100 4148 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:29:25.0100 4148 Winmgmt - ok
19:29:25.0256 4148 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:29:25.0287 4148 WinRM - ok
19:29:25.0458 4148 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:29:25.0458 4148 WinUsb - ok
19:29:25.0521 4148 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:29:25.0536 4148 Wlansvc - ok
19:29:25.0630 4148 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:29:25.0630 4148 wlcrasvc - ok
19:29:25.0770 4148 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:25.0802 4148 wlidsvc - ok
19:29:25.0942 4148 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:29:25.0958 4148 WmiAcpi - ok
19:29:26.0020 4148 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:29:26.0020 4148 wmiApSrv - ok
19:29:26.0067 4148 WMPNetworkSvc - ok
19:29:26.0098 4148 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:29:26.0114 4148 WPCSvc - ok
19:29:26.0129 4148 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:29:26.0129 4148 WPDBusEnum - ok
19:29:26.0160 4148 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:29:26.0160 4148 ws2ifsl - ok
19:29:26.0207 4148 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
19:29:26.0207 4148 wscsvc - ok
19:29:26.0207 4148 WSearch - ok
19:29:26.0363 4148 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
19:29:26.0394 4148 wuauserv - ok
19:29:26.0519 4148 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:29:26.0519 4148 WudfPf - ok
19:29:26.0566 4148 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:26.0566 4148 WUDFRd - ok
19:29:26.0597 4148 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:29:26.0597 4148 wudfsvc - ok
19:29:26.0628 4148 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:29:26.0628 4148 WwanSvc - ok
19:29:26.0691 4148 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:29:27.0050 4148 \Device\Harddisk0\DR0 - ok
19:29:27.0050 4148 Boot (0x1200) (f9a47f795a619f36714b6c4150c14073) \Device\Harddisk0\DR0\Partition0
19:29:27.0065 4148 \Device\Harddisk0\DR0\Partition0 - ok
19:29:27.0096 4148 Boot (0x1200) (c0cb50cdce0bbef239b56e2ee4eb8c79) \Device\Harddisk0\DR0\Partition1
19:29:27.0096 4148 \Device\Harddisk0\DR0\Partition1 - ok
19:29:27.0096 4148 ============================================================
19:29:27.0096 4148 Scan finished
19:29:27.0096 4148 ============================================================
19:29:27.0174 5784 Detected object count: 0
19:29:27.0174 5784 Actual detected object count: 0
19:30:30.0314 4516 Deinitialize success
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu May 31, 2012 9:37 pm    Post subject: Reply with quote

OK, let's get started cleaning your machine ....

First


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
SRV - [2012/03/14 19:56:18 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJyyyyyyCMus&ptnrS=ZJyyyyyyCMus&ptb=4LG_lh1KnjxnN6aKS.NA.g&ind=2012031419&n=77ed29bb&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012/03/14 19:56:22 | 000,000,000 | ---D | M]
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-1184006042-274145770-2943838389-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O33 - MountPoints2\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\Shell - "" = AutoRun
O33 - MountPoints2\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
[2012/05/29 18:54:31 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{0E99969C-4A18-491D-B48D-3688C63BF1D0}
[2012/05/29 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{1211322F-3AE9-41D1-8D3E-9125E68A8806}
[2012/05/28 18:57:29 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{C21BBE90-7CC3-4803-9334-F6C9297CB1CD}
[2012/05/28 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{1CB8831C-62B3-4E63-B69F-0774D2CF6674}
[2012/05/28 11:31:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{896AF336-1FBA-44E5-9D39-9F2E85297BF9}
[2012/05/28 09:30:21 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3FB8BC5E-071C-49C3-91CF-8ED21FCF58A6}
[2012/05/28 09:30:00 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{C0B1F436-79E4-4D86-9705-4AE5AA3C953C}
[2012/05/27 08:29:15 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{289D176D-CE4C-4E3B-AEB3-0DF0E978CE14}
[2012/05/27 08:28:53 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{5A9573C1-D0EC-4BDD-9FC9-3B6C358FEC88}
[2012/05/26 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A94177D9-9DCD-47A9-A249-7E17F660D751}
[2012/05/26 17:22:56 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{82CC734B-324C-4B0A-8D61-FD11C20C978A}
[2012/05/25 16:51:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{0AA02F0D-6F07-4A67-B56E-DEC65D1B0F33}
[2012/05/25 16:51:23 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{F5BBB1FD-414D-409F-8A35-2064096A967B}
[2012/05/24 22:14:05 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{41E38CD7-F559-496F-B24F-9ECF6B53C9C7}
[2012/05/24 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{2699C8F1-F45A-4BBA-BA9E-2DF38DF406FC}
[2012/05/23 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E3A1263F-9C1F-4D5D-9B7F-BAF4CA5709E6}
[2012/05/23 19:19:28 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A5D4C44A-E87E-4231-8C4B-B4BC6D64A56A}
[2012/05/23 06:59:38 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{54D13B28-D5FB-4F8D-A5A5-9062E24433B6}
[2012/05/23 06:59:15 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{D10C65B1-092A-40C5-BBE8-361F51895C55}
[2012/05/22 17:09:10 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E4D36D66-FFB9-4818-AE35-84E4F0A70A1F}
[2012/05/22 17:08:49 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E69A8564-5930-45F5-9FFF-31219E1460EB}
[2012/05/21 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{5DC07F78-BA9D-4C15-B998-C21609F009EE}
[2012/05/21 19:15:26 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{252E749B-7BC5-48CE-8543-4E3471C56C6F}
[2012/05/21 06:43:08 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{C4F1DD11-E3E2-4779-AE5F-E8064832273E}
[2012/05/21 06:42:46 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{D0F1971F-B8B5-4F11-BB54-3D170FF37D06}
[2012/05/20 19:04:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{485930E7-9DA8-412A-8C91-24B84533D08F}
[2012/05/20 08:47:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3B9FB08B-38BA-4122-9768-369E88E657D5}
[2012/05/19 17:30:08 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{30A84E2C-A416-4227-850A-FD4FD952C870}
[2012/05/19 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{E20B4359-AC93-43EF-A443-390768D358B7}
[2012/05/19 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{FDC2DA97-5AFB-4C27-899D-F29A3F48E5D0}
[2012/05/19 09:07:38 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A56BFEAD-742A-4568-883E-0B04B5598448}
[2012/05/19 09:05:34 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3FD15552-F270-4E1A-B1EF-BB067423A4AC}
[2012/05/18 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{141F4336-E350-4C78-BEBA-FA10E21E4A5D}
[2012/05/18 07:55:56 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{65B943E1-0A87-4E69-8409-873C176EE9E5}
[2012/05/18 07:55:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{928C600C-CA45-445A-AFD0-0EABB7E5573F}
[2012/05/17 18:52:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{F96B9F2B-2586-4B2E-86B0-D810159AD1D6}
[2012/05/17 18:52:22 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{FB5914B3-F13A-43F2-B796-020FEDDD27E5}
[2012/05/16 22:15:57 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{86A2B234-6095-491D-B4B1-BBBF4476ED93}
[2012/05/16 22:15:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{5C522E5D-561B-42C6-8637-B8974790A2A6}
[2012/05/16 08:43:40 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3A3AA3FB-6ABC-4502-BF24-22D2C78C2461}
[2012/05/16 08:43:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EF943E84-44F5-4A7E-89CD-768D63733805}
[2012/05/15 22:17:11 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{31B78EB6-54A7-4FB0-AABD-29968772D247}
[2012/05/15 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{1126EE4D-4EA3-4E41-B97D-589252BAAF28}
[2012/05/15 09:12:50 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{496B2035-9B61-43E9-8121-6AFB568FB255}
[2012/05/15 09:12:39 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{AF337560-C270-4FB5-856C-43B656427179}
[2012/05/14 07:59:23 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{8226107A-50F1-496A-868C-B63F8B70D0B4}
[2012/05/14 07:59:13 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{61245965-5955-4643-BB63-7FB7CD22471B}
[2012/05/13 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{B8EF58F4-0515-49A0-876B-8EB08615D32A}
[2012/05/13 10:32:29 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{65A55ACD-AB69-432E-AEC8-D2CA278A45C3}
[2012/05/12 08:48:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{50EE1693-F05E-46F3-A98D-035F6DDCEDF6}
[2012/05/12 08:48:19 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{DD52F3CD-11BC-4145-A11C-C169E99B80AE}
[2012/05/11 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{32A926F9-6ECE-47B8-9D7D-E96E04B6A353}
[2012/05/11 19:33:59 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EFF991E5-9B4F-4170-947E-76FA1196AEE4}
[2012/05/10 21:14:09 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{D3873C98-28AE-411B-8804-36A7834FAA10}
[2012/05/10 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{4C0680F3-F606-4788-AA00-C1B441B2C4F8}
[2012/05/09 19:10:31 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A360B4D8-AB60-4F21-9EC7-9F701585B6C0}
[2012/05/09 19:10:19 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{9AE0F5BE-D6F3-4D0A-922B-598F9B66DFF9}
[2012/05/08 18:59:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{B6C60AFA-AEF1-4BBC-BF0A-CC59C24363A5}
[2012/05/08 18:59:33 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{38B78EFC-0C6A-4640-9175-89BB6CF1B017}
[2012/05/07 19:02:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{7794E3C8-0C79-4F5A-9DB5-024B1A0A6B4E}
[2012/05/07 19:02:25 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{DE644D51-5546-414E-AB22-3C2F2437D5EE}
[2012/05/07 06:49:55 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{88BF254E-88EB-4775-8B4D-A1796039E0C7}
[2012/05/07 06:49:45 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{76D4709E-6349-453B-A3DD-5D383DEC40A4}
[2012/05/06 10:23:30 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{37B6C773-7BBA-4E65-8FC8-DE87DD9F8E11}
[2012/05/06 10:09:03 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{20930173-E4B7-4DE4-AC7B-DEC1A3000869}
[2012/05/05 23:06:29 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{DA0FA006-1705-4294-A080-3172B644BBC3}
[2012/05/05 23:06:19 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{9C1F5DFD-2BD8-4B5F-9762-EC765C37E398}
[2012/05/05 09:57:04 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{B32DFEA5-ECFC-486E-9195-55AB3C02D1E9}
[2012/05/05 09:56:53 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{78E1A264-9BE8-4259-A87B-873B072A8CC6}
[2012/05/04 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{3E8D79DF-4FC1-4A88-9C0D-6D984387AB37}
[2012/05/04 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{8C2B3E56-37A2-4BBB-A055-1E10142A42E7}
[2012/05/03 22:08:20 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{6A524384-874B-4AD5-BBE1-09DDB96CF5A4}
[2012/05/03 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{AA5C5B76-3E6F-4493-BEB9-50685E3571F6}
[2012/05/02 19:13:43 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{21E0F73F-C317-4B42-A7D7-7278691CD6F0}
[2012/05/02 19:13:32 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EA193FFB-8FA9-4DB9-831A-84A56B3ED21E}
[2012/05/01 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{EDF727D8-00A1-4CB2-80CE-2AC14E53D415}
[2012/05/01 19:47:11 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{A7B6997D-67E1-47AD-8BC0-2A9A885FEEBC}
[2012/04/30 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{2A239F69-2045-4843-9A62-049B3F4156AE}
[2012/04/30 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{AD7ECBED-E3D0-4574-9B95-9EFB0A0B2850}
[2012/04/30 06:49:47 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{0D36213A-8F7E-4DC4-8F3A-92CE7544D2DF}
[2012/04/30 06:49:36 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{05ADE188-8241-45EB-A80C-1BDA9944625F}

:Files
C:\Program Files (x86)\MyWebSearch
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • OTL fix log
  • E-Set log
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Fri Jun 01, 2012 7:40 pm    Post subject: Reply with quote

Here is the OTL log:

All processes killed
========== OTL ==========
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE moved successfully.
Registry value HKEY_USERS\S-1-5-21-1184006042-274145770-2943838389-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93bc62e0-2796-11e1-8e01-206a8a06ebf7}\ not found.
File E:\HPLauncher.exe not found.
C:\Users\Gateway\AppData\Local\{0E99969C-4A18-491D-B48D-3688C63BF1D0} folder moved successfully.
C:\Users\Gateway\AppData\Local\{1211322F-3AE9-41D1-8D3E-9125E68A8806} folder moved successfully.
C:\Users\Gateway\AppData\Local\{C21BBE90-7CC3-4803-9334-F6C9297CB1CD} folder moved successfully.
C:\Users\Gateway\AppData\Local\{1CB8831C-62B3-4E63-B69F-0774D2CF6674} folder moved successfully.
C:\Users\Gateway\AppData\Local\{896AF336-1FBA-44E5-9D39-9F2E85297BF9} folder moved successfully.
C:\Users\Gateway\AppData\Local\{3FB8BC5E-071C-49C3-91CF-8ED21FCF58A6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{C0B1F436-79E4-4D86-9705-4AE5AA3C953C} folder moved successfully.
C:\Users\Gateway\AppData\Local\{289D176D-CE4C-4E3B-AEB3-0DF0E978CE14} folder moved successfully.
C:\Users\Gateway\AppData\Local\{5A9573C1-D0EC-4BDD-9FC9-3B6C358FEC88} folder moved successfully.
C:\Users\Gateway\AppData\Local\{A94177D9-9DCD-47A9-A249-7E17F660D751} folder moved successfully.
C:\Users\Gateway\AppData\Local\{82CC734B-324C-4B0A-8D61-FD11C20C978A} folder moved successfully.
C:\Users\Gateway\AppData\Local\{0AA02F0D-6F07-4A67-B56E-DEC65D1B0F33} folder moved successfully.
C:\Users\Gateway\AppData\Local\{F5BBB1FD-414D-409F-8A35-2064096A967B} folder moved successfully.
C:\Users\Gateway\AppData\Local\{41E38CD7-F559-496F-B24F-9ECF6B53C9C7} folder moved successfully.
C:\Users\Gateway\AppData\Local\{2699C8F1-F45A-4BBA-BA9E-2DF38DF406FC} folder moved successfully.
C:\Users\Gateway\AppData\Local\{E3A1263F-9C1F-4D5D-9B7F-BAF4CA5709E6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{A5D4C44A-E87E-4231-8C4B-B4BC6D64A56A} folder moved successfully.
C:\Users\Gateway\AppData\Local\{54D13B28-D5FB-4F8D-A5A5-9062E24433B6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{D10C65B1-092A-40C5-BBE8-361F51895C55} folder moved successfully.
C:\Users\Gateway\AppData\Local\{E4D36D66-FFB9-4818-AE35-84E4F0A70A1F} folder moved successfully.
C:\Users\Gateway\AppData\Local\{E69A8564-5930-45F5-9FFF-31219E1460EB} folder moved successfully.
C:\Users\Gateway\AppData\Local\{5DC07F78-BA9D-4C15-B998-C21609F009EE} folder moved successfully.
C:\Users\Gateway\AppData\Local\{252E749B-7BC5-48CE-8543-4E3471C56C6F} folder moved successfully.
C:\Users\Gateway\AppData\Local\{C4F1DD11-E3E2-4779-AE5F-E8064832273E} folder moved successfully.
C:\Users\Gateway\AppData\Local\{D0F1971F-B8B5-4F11-BB54-3D170FF37D06} folder moved successfully.
C:\Users\Gateway\AppData\Local\{485930E7-9DA8-412A-8C91-24B84533D08F} folder moved successfully.
C:\Users\Gateway\AppData\Local\{3B9FB08B-38BA-4122-9768-369E88E657D5} folder moved successfully.
C:\Users\Gateway\AppData\Local\{30A84E2C-A416-4227-850A-FD4FD952C870} folder moved successfully.
C:\Users\Gateway\AppData\Local\{E20B4359-AC93-43EF-A443-390768D358B7} folder moved successfully.
C:\Users\Gateway\AppData\Local\{FDC2DA97-5AFB-4C27-899D-F29A3F48E5D0} folder moved successfully.
C:\Users\Gateway\AppData\Local\{A56BFEAD-742A-4568-883E-0B04B5598448} folder moved successfully.
C:\Users\Gateway\AppData\Local\{3FD15552-F270-4E1A-B1EF-BB067423A4AC} folder moved successfully.
C:\Users\Gateway\AppData\Local\{141F4336-E350-4C78-BEBA-FA10E21E4A5D} folder moved successfully.
C:\Users\Gateway\AppData\Local\{65B943E1-0A87-4E69-8409-873C176EE9E5} folder moved successfully.
C:\Users\Gateway\AppData\Local\{928C600C-CA45-445A-AFD0-0EABB7E5573F} folder moved successfully.
C:\Users\Gateway\AppData\Local\{F96B9F2B-2586-4B2E-86B0-D810159AD1D6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{FB5914B3-F13A-43F2-B796-020FEDDD27E5} folder moved successfully.
C:\Users\Gateway\AppData\Local\{86A2B234-6095-491D-B4B1-BBBF4476ED93} folder moved successfully.
C:\Users\Gateway\AppData\Local\{5C522E5D-561B-42C6-8637-B8974790A2A6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{3A3AA3FB-6ABC-4502-BF24-22D2C78C2461} folder moved successfully.
C:\Users\Gateway\AppData\Local\{EF943E84-44F5-4A7E-89CD-768D63733805} folder moved successfully.
C:\Users\Gateway\AppData\Local\{31B78EB6-54A7-4FB0-AABD-29968772D247} folder moved successfully.
C:\Users\Gateway\AppData\Local\{1126EE4D-4EA3-4E41-B97D-589252BAAF28} folder moved successfully.
C:\Users\Gateway\AppData\Local\{496B2035-9B61-43E9-8121-6AFB568FB255} folder moved successfully.
C:\Users\Gateway\AppData\Local\{AF337560-C270-4FB5-856C-43B656427179} folder moved successfully.
C:\Users\Gateway\AppData\Local\{8226107A-50F1-496A-868C-B63F8B70D0B4} folder moved successfully.
C:\Users\Gateway\AppData\Local\{61245965-5955-4643-BB63-7FB7CD22471B} folder moved successfully.
C:\Users\Gateway\AppData\Local\{B8EF58F4-0515-49A0-876B-8EB08615D32A} folder moved successfully.
C:\Users\Gateway\AppData\Local\{65A55ACD-AB69-432E-AEC8-D2CA278A45C3} folder moved successfully.
C:\Users\Gateway\AppData\Local\{50EE1693-F05E-46F3-A98D-035F6DDCEDF6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{DD52F3CD-11BC-4145-A11C-C169E99B80AE} folder moved successfully.
C:\Users\Gateway\AppData\Local\{32A926F9-6ECE-47B8-9D7D-E96E04B6A353} folder moved successfully.
C:\Users\Gateway\AppData\Local\{EFF991E5-9B4F-4170-947E-76FA1196AEE4} folder moved successfully.
C:\Users\Gateway\AppData\Local\{D3873C98-28AE-411B-8804-36A7834FAA10} folder moved successfully.
C:\Users\Gateway\AppData\Local\{4C0680F3-F606-4788-AA00-C1B441B2C4F8} folder moved successfully.
C:\Users\Gateway\AppData\Local\{A360B4D8-AB60-4F21-9EC7-9F701585B6C0} folder moved successfully.
C:\Users\Gateway\AppData\Local\{9AE0F5BE-D6F3-4D0A-922B-598F9B66DFF9} folder moved successfully.
C:\Users\Gateway\AppData\Local\{B6C60AFA-AEF1-4BBC-BF0A-CC59C24363A5} folder moved successfully.
C:\Users\Gateway\AppData\Local\{38B78EFC-0C6A-4640-9175-89BB6CF1B017} folder moved successfully.
C:\Users\Gateway\AppData\Local\{7794E3C8-0C79-4F5A-9DB5-024B1A0A6B4E} folder moved successfully.
C:\Users\Gateway\AppData\Local\{DE644D51-5546-414E-AB22-3C2F2437D5EE} folder moved successfully.
C:\Users\Gateway\AppData\Local\{88BF254E-88EB-4775-8B4D-A1796039E0C7} folder moved successfully.
C:\Users\Gateway\AppData\Local\{76D4709E-6349-453B-A3DD-5D383DEC40A4} folder moved successfully.
C:\Users\Gateway\AppData\Local\{37B6C773-7BBA-4E65-8FC8-DE87DD9F8E11} folder moved successfully.
C:\Users\Gateway\AppData\Local\{20930173-E4B7-4DE4-AC7B-DEC1A3000869} folder moved successfully.
C:\Users\Gateway\AppData\Local\{DA0FA006-1705-4294-A080-3172B644BBC3} folder moved successfully.
C:\Users\Gateway\AppData\Local\{9C1F5DFD-2BD8-4B5F-9762-EC765C37E398} folder moved successfully.
C:\Users\Gateway\AppData\Local\{B32DFEA5-ECFC-486E-9195-55AB3C02D1E9} folder moved successfully.
C:\Users\Gateway\AppData\Local\{78E1A264-9BE8-4259-A87B-873B072A8CC6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{3E8D79DF-4FC1-4A88-9C0D-6D984387AB37} folder moved successfully.
C:\Users\Gateway\AppData\Local\{8C2B3E56-37A2-4BBB-A055-1E10142A42E7} folder moved successfully.
C:\Users\Gateway\AppData\Local\{6A524384-874B-4AD5-BBE1-09DDB96CF5A4} folder moved successfully.
C:\Users\Gateway\AppData\Local\{AA5C5B76-3E6F-4493-BEB9-50685E3571F6} folder moved successfully.
C:\Users\Gateway\AppData\Local\{21E0F73F-C317-4B42-A7D7-7278691CD6F0} folder moved successfully.
C:\Users\Gateway\AppData\Local\{EA193FFB-8FA9-4DB9-831A-84A56B3ED21E} folder moved successfully.
C:\Users\Gateway\AppData\Local\{EDF727D8-00A1-4CB2-80CE-2AC14E53D415} folder moved successfully.
C:\Users\Gateway\AppData\Local\{A7B6997D-67E1-47AD-8BC0-2A9A885FEEBC} folder moved successfully.
C:\Users\Gateway\AppData\Local\{2A239F69-2045-4843-9A62-049B3F4156AE} folder moved successfully.
C:\Users\Gateway\AppData\Local\{AD7ECBED-E3D0-4574-9B95-9EFB0A0B2850} folder moved successfully.
C:\Users\Gateway\AppData\Local\{0D36213A-8F7E-4DC4-8F3A-92CE7544D2DF} folder moved successfully.
C:\Users\Gateway\AppData\Local\{05ADE188-8241-45EB-A80C-1BDA9944625F} folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\MyWebSearch\bar\wbnotify folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\Overlay folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\Message folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\jsifb folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\icons folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\History folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\gen1 folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\Avatar folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin folder moved successfully.
C:\Program Files (x86)\MyWebSearch\bar folder moved successfully.
C:\Program Files (x86)\MyWebSearch folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gateway\Downloads\cmd.bat deleted successfully.
C:\Users\Gateway\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gateway
->Temp folder emptied: 6287939 bytes
->Temporary Internet Files folder emptied: 100760450 bytes
->Java cache emptied: 350013 bytes
->Flash cache emptied: 38732 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52064 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 22693581963 bytes

Total Files Cleaned = 21,745.00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 06012012_221546

Files\Folders moved on Reboot...
C:\Users\Gateway\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DF04AB3B732D3E785A.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DF223EC99FDAEDF92C.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DF2B338F9D8905F8EF.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DF4113B6A8975EE324.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DF46C06B41C1A1605D.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DF80D111F03AD8D7D3.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DFB1C49F60F38E921B.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DFB4E53F193C9BBCDA.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DFDCC13C2258A3B66D.TMP not found!
File\Folder C:\Users\Gateway\AppData\Local\Temp\~DFE407F3253E74801A.TMP not found!
C:\Users\Gateway\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8GLGRZPL\_;ord=0[1].htm moved successfully.
C:\Users\Gateway\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8GLGRZPL\_;ord=0[2].htm moved successfully.
C:\Users\Gateway\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4SRGHOEN\viewtopic[1].htm moved successfully.
C:\Users\Gateway\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4SRGHOEN\xd_arbiter[1].php moved successfully.
C:\Users\Gateway\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Fri Jun 01, 2012 9:32 pm    Post subject: Reply with quote

If you haven't yet run the E-Set scan, please run it and post me the log.

How is your computer behaving now ?
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Sat Jun 02, 2012 6:00 am    Post subject: Reply with quote

And here is the ESET log.

I noticed that there were 45 infected files. Can I run this periodically?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sat Jun 02, 2012 7:05 am    Post subject: Reply with quote

Quote:
I noticed that there were 45 infected files. Can I run this periodically?


If there were 45 infected files found by e-set, then I need to see what they are/were.

e-set should have produced a log listing them, please post that log.

If you don't have the log ....

Please download Malwarebytes' Anti-Malware to your Desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.



  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.

    • Click the Updates tab.

      • Click Check for Updates and allow the programme to download the latest definitions.

    • Click the Scanner tab.

      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.

        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.

      • Post the log in your next reply please.




You can also access the log by doing the following

  • Click on the Logs tab.

    • Click on the log at the bottom of those listed to highlight it.
    • Click Open





You still haven't told me how your computer is running, please let me know.

.
.
.
.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Sat Jun 02, 2012 5:33 pm    Post subject: Reply with quote

Hi Gary. Thank you for your help. My computer is runni g much better now. I do not hear it spinning (running a program all the time) as it used to.

Here is the latest log file you requested:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Gateway :: GATEWAY-PC [administrator]

Protection: Enabled

6/2/2012 9:24:39 PM
mbam-log-2012-06-02 (21-24-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201820
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 130
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Gateway\Downloads\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sat Jun 02, 2012 9:24 pm    Post subject: Reply with quote

That looks better. What MBAM found were the remaining orphans for your infection.

I don't see any indications of any other infections, so I think we're safe to assume that we've got everything now.

Time to remove the programs we've been using to clean your machine.

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


Next

Malwarebytes' Anti-Malware is Freeware, so you can keep or remove it as you wish. Personally I think its one of the better Anti-Spyware scanners around at the moment. However if you wish to remove it, use Control Panel > Add/Remove Programs

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


We removed quite a number of temporary files from your computer (about 22 Gigabytes of them), and I suspect you haven't "serviced" your hard drive for quite some time. It's probably worth checking to see if it needs defragmenting.

Please read and follow the instructions for how to do this contained in the article linked to below ....

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Sun Jun 03, 2012 2:28 am    Post subject: Reply with quote

Gary, you have been VERY helpful. I will read the guidelines and follow them to keep this from happening.

Thank you so much.
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Sun Jun 03, 2012 2:29 am    Post subject: Reply with quote

OOPS... I get this message when I try to read the guidelines. Can you help?

Forbidden
You don't have permission to access /forum/viewtopic.php on this server.


--------------------------------------------------------------------------------

Apache/2.2.3 (CentOS) Server at www.malwareremoval.com Port 80
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Jun 03, 2012 6:12 am    Post subject: Reply with quote

Which of the links doesn't work for you ?

Both are in publicly accessible forums so there shouldn't be any access issues.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Sun Jun 03, 2012 12:19 pm    Post subject: Reply with quote

Hi Gary,

This one will not work for me:

http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Jun 03, 2012 9:36 pm    Post subject: Reply with quote

Can you access the following forum .... http://www.malwareremoval.com/forum/viewforum.php?f=4&sid=3abdbeed67ee9e496505fe21eb361367 .... if you can, then you should be able to access the thread, which is at the top entitled ... COMPUTER SECURITY - a short guide to staying safer online

If you still can't access it, I'll check the permissions for that forum, but it's set for public access, so unless they've been corrupted, then I can't think why you shouldn't be able to view it.

Worst comes to worst and I can post the information here if necessary.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Mon Jun 04, 2012 9:10 am    Post subject: Reply with quote

Gary, I still get Forbidden. Will attach a screen shot.

[/img]
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Mon Jun 04, 2012 9:14 am    Post subject: Reply with quote

https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnxjb21taXNoMjUycGljc3xneDpkZTgzOWM0ZDVkOTM1OTA

is where the screen shot is located.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon Jun 04, 2012 11:25 am    Post subject: Reply with quote

Seems something is blocking access, probably one of your defensive programs (Trend Micro is the most probable). Why it should do so I couldn't say, the site does not present a danger to your computer, however some programs do false flag sites from time to time, usually due to some over zealous heuristic type detection.

You could try temporarily disabling Trend Micro to see if you can then access the site.

To disable TM ..... Right-click the Trend Micro icon at the bottom right of your screen and click “Protection Against Viruses and Spyware”. Click OK on the Protection disabled screen.

Don't forget to switch it back on when you've accessed the site.

To re-enable TM ..... Right-click the Trend Micro icon at the bottom right of your screen and click “Protection Against Viruses and Spyware”. Click OK on the Protection enabled screen.

If you're still getting blocked, I'll post a copy of the topic here so you can see it.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
commish252
Warrior


Joined: 09 Sep 2004
Last Visit: 07 Aug 2012
Posts: 51
Location: Simpsonville, South Carolina

PostPosted: Mon Jun 04, 2012 3:22 pm    Post subject: Reply with quote

Gary, no luck. I still get the Forbidden message.

Please post a copy here.

Thanks.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon Jun 04, 2012 3:56 pm    Post subject: Reply with quote

No problem.

It's midnight here, and the post will be a long one, so I'll post it in the morning. I'll have to modify it a little to post it here and that takes time.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon Jun 04, 2012 9:32 pm    Post subject: Reply with quote

OK, you should now be able to view that topic here at Spyware Warrior ..... http://spywarewarrior.com/viewtopic.php?t=34478
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Jun 07, 2012 6:07 am    Post subject: Reply with quote

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group