Microsoft Security Essentials "cleans" a Trojan:JS/medfos.B every 5 minutes

Solved
By killarbob
Nov 14, 2012
  1. So a few days ago, I was searching google and went on a forum, a random pop up concerning a random tool bar, I clicked the X, then Microsoft Seurity Essentials notified of a trojan infection. I went over to mbam and got rid of it, however essentials still at every 5 min interval will say it has quarantied that same virus.

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.13.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Julian Liu :: JULIANLIU-PC [administrator]

    11/13/2012 9:40:08 PM
    mbam-log-2012-11-13 (21-40-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 51093
    Time elapsed: 4 minute(s), 43 second(s) [aborted]

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Users\Julian Liu\AppData\Roaming\rxtutb.dll (Trojan.Chad) -> Delete on reboot.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rxtutb (Trojan.Chad) -> Data: rundll32.exe "C:\Users\Julian Liu\AppData\Roaming\rxtutb.dll",CommitTransaction -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Julian Liu\AppData\Roaming\rxtutb.dll (Trojan.Chad) -> Delete on reboot.
    C:\Users\Julian Liu\Desktop\cohtrn14.exe (Malware.Packer.as) -> Quarantined and deleted successfully.

    (end)

    GMER.log was empty

    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
    Run by Julian Liu at 20:26:33 on 2012-11-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3336 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\WTouch\WTouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\WTouch\WTouchUser.exe
    C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\ASUS\EPU\EPU.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\ASUS\AASP\1.01.05\aaCenter.exe
    C:\Windows\splwow64.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\notepad.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
    uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll
    TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll
    TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Google Update] "C:\Users\Julian Liu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
    uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [necscu] "C:\Windows\System32\rundll32.exe" "C:\Users\Julian Liu\AppData\Roaming\necscu.dll",Method_Self
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Launch PC Probe II] <no file>
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{839A803F-833A-40CD-843B-BFEB67466485} : NameServer = 206.10.10.1
    TCP: Interfaces\{839A803F-833A-40CD-843B-BFEB67466485}\2656C6B696E6534376 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{9513DDDF-98C3-4494-A661-F687A3725B35} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - Google.com
    FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Julian Liu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Julian Liu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Julian Liu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-09-27 21:59; jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack; C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
    FF - ExtSQL: 2012-11-14 04:20; {87bd0c45-2e04-11e2-8271-b8ac6f996f26}; C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\{87bd0c45-2e04-11e2-8271-b8ac6f996f26}.xpi
    FF - ExtSQL: !HIDDEN! 2011-05-15 17:44; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-27 55280]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-12 283200]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-12-14 96896]
    R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-8-31 415072]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-12 2452912]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-12-14 32544]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2011-3-12 5414184]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-7 2358656]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-24 2735528]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-6-29 317328]
    R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-6-29 1978256]
    R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-6-29 1338256]
    R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-3-12 127272]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-15 46136]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-9 344680]
    R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2012-9-18 22016]
    R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-9-18 112640]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-11 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-2-24 25832]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-14 48416]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-12-14 29472]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-14 48416]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-3-12 18216]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-17 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-11-15 01:23:06 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0173C1C2-3EF7-4AE3-AFC1-A43C32E3D129}\offreg.dll
    2012-11-15 01:21:13 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0173C1C2-3EF7-4AE3-AFC1-A43C32E3D129}\mpengine.dll
    2012-11-14 08:07:11 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-14 08:07:11 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-14 08:07:11 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-14 08:07:11 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 08:01:01 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-14 08:01:01 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-14 08:01:01 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-14 08:01:01 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-14 08:01:00 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-14 08:01:00 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 08:01:00 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-14 02:39:33 440832 ----a-w- C:\Users\Julian Liu\AppData\Roaming\necscu.dll
    2012-11-12 21:19:03 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-12 21:11:48 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-11-05 05:10:48 -------- d-----w- C:\Users\Julian Liu\AppData\Local\ConduitEngine
    2012-11-05 05:10:45 -------- d-----w- C:\Users\Julian Liu\AppData\Local\uTorrentControl2
    2012-11-05 05:10:44 -------- d-----w- C:\Users\Julian Liu\AppData\Local\NCH
    2012-11-02 19:24:36 -------- d-----w- C:\Users\Julian Liu\AppData\Local\ArmA 2
    2012-10-20 01:04:33 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBE5B974-6830-4C81-9DD9-ABECD361D33C}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2012-11-10 16:16:24 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-11-10 16:16:24 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-11-10 16:15:56 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-12 20:21:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-12 20:21:04 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-10-12 20:21:04 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-10-10 03:10:48 148480 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
    2012-10-10 03:10:44 617472 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
    2012-10-10 03:10:44 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-09 04:54:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 04:54:13 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-18 06:21:54 22016 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
    2012-09-18 06:21:54 112640 ----a-w- C:\Windows\System32\drivers\rzudd.sys
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 20:27:40.68 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/15/2010 11:18:07 AM
    System Uptime: 11/14/2012 3:57:30 AM (17 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A88TD-V EVO/USB3
    Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1397 GiB total, 447.109 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: ASUS 802.11n Wireless LAN Card
    Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_130F1043&REV_00\4&28CDDF4&0&00A8
    Manufacturer: Pegatron corporation
    Name: ASUS 802.11n Wireless LAN Card
    PNP Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_130F1043&REV_00\4&28CDDF4&0&00A8
    Service: netr28x
    .
    ==== System Restore Points ===================
    .
    RP220: 11/14/2012 5:25:34 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    3D??????
    5600
    5600_Help
    5600Trb
    64 Bit HP CIO Components Installer
    7-Zip 9.20
    Acrobat.com
    Acronis Migrate Easy
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Community Help
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Media Live Encoder 3.1
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS5
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.2
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advertising Center
    AI Suite
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD AVIVO64 Codecs
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArmA 2 Free Uninstall
    ATI Problem Report Wizard
    Bamboo
    Bandisoft MPEG-1 Decoder
    Battlefield 1942™
    Battlefield 2: Special Forces
    Battlefield 3™
    Battlelog Web Plugins
    BattlEye (A2Free) Uninstall
    Bonjour
    BufferChm
    Canon MF Toolbox 4.9.1.1.mf11
    Canon MF4100 Series
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cn3D 4.3
    Combined Community Codec Pack 2011-11-11
    Command & Conquer Red Alert 2
    Company of Heroes
    Conduit Engine
    Copy
    CraftBukkit
    CWA Reminder by We-Care.com v4.0.16.3
    D3DX10
    DAEMON Tools Lite
    DCS A-10C
    Destinations
    DeviceDiscovery
    Diablo II
    DocProc
    Download Updater (AOL LLC)
    Dragon Age: Origins
    Dyyno Broadcaster
    EA Installer
    EA Shared Game Component: Activation
    EasyBits GO
    EPU
    ESN Sonar
    Fax
    FinchTV
    Floris Mod Pack 2.54
    Fraps (remove only)
    From Dust
    Garry's Mod
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    GPBaseService2
    GPU Boost Driver
    Grand Theft Auto IV
    GTA San Andreas
    Guitar Pro 6
    Halo 2 for Windows Vista
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart Essential 3.5
    HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    HydraVision
    iExplorer 2.2.1.3
    ImagXpress
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Java 7 Update 6 (64-bit)
    Java 7 Update 7
    Java Auto Updater
    Java SE Development Kit 7 Update 7
    Java(TM) 6 Update 31
    JavaFX 2.1.1
    Katawa Shoujo
    Killing Floor
    Left 4 Dead 2
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.65.1.1000
    MapleStory
    MarketResearch
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft AppLocale
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft IntelliPoint 8.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Windows Application Compatibility Database
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MiniTool Power Data Recovery
    MKVtoolnix 4.9.1
    Mount & Blade: Warband
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 2.0.0
    MSVCRT
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mumble(PR edition) and Murmur(PR edition)
    NCH Toolbar
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    Network64
    Nexon Game Manager
    NirSoft VideoCacheView
    Notepad++
    NVIDIA PhysX
    OCR Software by I.R.I.S. 13.0
    OF Dragon Rising
    Origin
    osu!
    oZone3D.Net FurMark v1.8.2
    Pando Media Booster
    PC Probe II
    PDF Settings
    PDF Settings CS5
    Police Pursuit Mod 7.6d 7.6d
    Project Reality
    PunkBuster Services
    PxMergeModule
    QuickTime
    Razer Synapse 2.0
    Realtek Ethernet Controller Driver For Windows 7
    Realtek Ethernet Diagnostic Utility
    Renesas Electronics USB 3.0 Host Controller Driver
    Rockstar Games Social Club
    S.T.A.L.K.E.R.: Call of Pripyat
    S.W.A.T. 4
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Shop for HP Supplies
    SILKYPIX Developer Studio 3.0 SE
    Skype Click to Call
    Skype™ 5.10
    SmartWebPrinting
    Soldier Front
    SolutionCenter
    Source SDK Base 2007
    Spotify
    Spybot - Search & Destroy
    Status
    Steam
    Sugar and Salt Solutions
    Switch Sound File Converter
    Team Fortress 2
    TeamSpeak 3 Client
    TeamViewer 6
    TeamViewer 7
    Terraria
    The Rosetta Stone
    Tom Clancy's Rainbow Six: Vegas 2
    Tom Clancy's Splinter Cell Conviction
    Toolbox
    TrayApp
    Ubisoft Game Launcher
    Unity
    Unity Web Player
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    uTorrentControl2 Toolbar
    Vegas Pro 11.0 (64-bit)
    Ventrilo Client for Windows x64
    Ventrilo Server
    Vindictus
    WavePad Sound Editor
    WD SmartWare
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/7/2012 6:21:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/14/2012 4:00:10 AM, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    11/14/2012 3:58:35 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    11/14/2012 3:58:30 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
    11/14/2012 3:56:50 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
    11/12/2012 4:12:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    11/12/2012 4:12:03 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/12/2012 4:11:59 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
  2. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    Also I did a full run on mbam after that and found another trojan
    here is the log for that if needed

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.13.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Julian Liu :: JULIANLIU-PC [administrator]

    11/13/2012 11:14:07 PM
    mbam-log-2012-11-13 (23-14-07).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226611
    Time elapsed: 41 minute(s), 39 second(s) [aborted]

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
  3. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  4. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    Thank you! and thank you for the help!
    aswMBR is downloading the definitions quite slowly, so here's the other two logs.

    21:45:49.0460 7024 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    21:45:49.0867 7024 ============================================================
    21:45:49.0867 7024 Current date / time: 2012/11/14 21:45:49.0867
    21:45:49.0867 7024 SystemInfo:
    21:45:49.0867 7024
    21:45:49.0867 7024 OS Version: 6.1.7601 ServicePack: 1.0
    21:45:49.0867 7024 Product type: Workstation
    21:45:49.0867 7024 ComputerName: JULIANLIU-PC
    21:45:49.0867 7024 UserName: Julian Liu
    21:45:49.0867 7024 Windows directory: C:\Windows
    21:45:49.0867 7024 System windows directory: C:\Windows
    21:45:49.0867 7024 Running under WOW64
    21:45:49.0867 7024 Processor architecture: Intel x64
    21:45:49.0867 7024 Number of processors: 4
    21:45:49.0867 7024 Page size: 0x1000
    21:45:49.0867 7024 Boot type: Normal boot
    21:45:49.0867 7024 ============================================================
    21:45:51.0092 7024 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:45:51.0137 7024 ============================================================
    21:45:51.0137 7024 \Device\Harddisk0\DR0:
    21:45:51.0151 7024 MBR partitions:
    21:45:51.0151 7024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x75A5F
    21:45:51.0151 7024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75A9E, BlocksNum 0xAEA10CA3
    21:45:51.0151 7024 ============================================================
    21:45:51.0187 7024 C: <-> \Device\Harddisk0\DR0\Partition2
    21:45:51.0187 7024 ============================================================
    21:45:51.0187 7024 Initialize success
    21:45:51.0187 7024 ============================================================
    21:46:14.0055 5800 ============================================================
    21:46:14.0055 5800 Scan started
    21:46:14.0055 5800 Mode: Manual;
    21:46:14.0055 5800 ============================================================
    21:46:14.0432 5800 ================ Scan system memory ========================
    21:46:14.0432 5800 System memory - ok
    21:46:14.0432 5800 ================ Scan services =============================
    21:46:14.0526 5800 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:46:14.0528 5800 1394ohci - ok
    21:46:14.0555 5800 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:46:14.0558 5800 ACPI - ok
    21:46:14.0589 5800 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:46:14.0590 5800 AcpiPmi - ok
    21:46:14.0702 5800 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:46:14.0704 5800 AdobeFlashPlayerUpdateSvc - ok
    21:46:14.0728 5800 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    21:46:14.0733 5800 adp94xx - ok
    21:46:14.0747 5800 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    21:46:14.0750 5800 adpahci - ok
    21:46:14.0762 5800 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    21:46:14.0764 5800 adpu320 - ok
    21:46:14.0787 5800 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:46:14.0788 5800 AeLookupSvc - ok
    21:46:14.0823 5800 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:46:14.0827 5800 AFD - ok
    21:46:14.0850 5800 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:46:14.0851 5800 agp440 - ok
    21:46:14.0864 5800 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:46:14.0865 5800 ALG - ok
    21:46:14.0878 5800 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:46:14.0879 5800 aliide - ok
    21:46:14.0915 5800 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    21:46:14.0933 5800 AMD External Events Utility - ok
    21:46:14.0983 5800 AMD FUEL Service - ok
    21:46:14.0991 5800 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:46:14.0992 5800 amdide - ok
    21:46:15.0004 5800 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
    21:46:15.0005 5800 amdiox64 - ok
    21:46:15.0017 5800 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    21:46:15.0018 5800 AmdK8 - ok
    21:46:15.0158 5800 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    21:46:15.0280 5800 amdkmdag - ok
    21:46:15.0297 5800 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    21:46:15.0301 5800 amdkmdap - ok
    21:46:15.0329 5800 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    21:46:15.0329 5800 AmdPPM - ok
    21:46:15.0358 5800 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:46:15.0359 5800 amdsata - ok
    21:46:15.0369 5800 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    21:46:15.0371 5800 amdsbs - ok
    21:46:15.0379 5800 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:46:15.0380 5800 amdxata - ok
    21:46:15.0411 5800 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    21:46:15.0412 5800 AODDriver4.01 - ok
    21:46:15.0432 5800 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    21:46:15.0433 5800 AODDriver4.1 - ok
    21:46:15.0456 5800 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:46:15.0457 5800 AppID - ok
    21:46:15.0471 5800 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:46:15.0472 5800 AppIDSvc - ok
    21:46:15.0503 5800 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:46:15.0504 5800 Appinfo - ok
    21:46:15.0601 5800 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:46:15.0620 5800 Apple Mobile Device - ok
    21:46:15.0688 5800 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    21:46:15.0712 5800 arc - ok
    21:46:15.0743 5800 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    21:46:15.0744 5800 arcsas - ok
    21:46:15.0770 5800 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    21:46:15.0770 5800 AsIO - ok
    21:46:15.0851 5800 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:46:15.0852 5800 aspnet_state - ok
    21:46:15.0886 5800 [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    21:46:15.0887 5800 AsSysCtrlService - ok
    21:46:15.0897 5800 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:46:15.0898 5800 AsyncMac - ok
    21:46:15.0904 5800 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:46:15.0904 5800 atapi - ok
    21:46:15.0931 5800 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    21:46:15.0932 5800 AtiHDAudioService - ok
    21:46:15.0960 5800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:46:15.0966 5800 AudioEndpointBuilder - ok
    21:46:15.0975 5800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:46:15.0978 5800 AudioSrv - ok
    21:46:16.0035 5800 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:46:16.0036 5800 AxInstSV - ok
    21:46:16.0051 5800 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    21:46:16.0055 5800 b06bdrv - ok
    21:46:16.0067 5800 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:46:16.0070 5800 b57nd60a - ok
    21:46:16.0094 5800 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:46:16.0095 5800 BDESVC - ok
    21:46:16.0103 5800 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:46:16.0103 5800 Beep - ok
    21:46:16.0140 5800 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:46:16.0146 5800 BFE - ok
    21:46:16.0183 5800 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    21:46:16.0191 5800 BITS - ok
    21:46:16.0196 5800 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    21:46:16.0197 5800 blbdrive - ok
    21:46:16.0237 5800 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:46:16.0241 5800 Bonjour Service - ok
    21:46:16.0267 5800 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:46:16.0268 5800 bowser - ok
    21:46:16.0277 5800 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:46:16.0278 5800 BrFiltLo - ok
    21:46:16.0284 5800 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:46:16.0285 5800 BrFiltUp - ok
    21:46:16.0301 5800 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
    21:46:16.0303 5800 Bridge - ok
    21:46:16.0306 5800 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    21:46:16.0306 5800 BridgeMP - ok
    21:46:16.0334 5800 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:46:16.0335 5800 Browser - ok
    21:46:16.0352 5800 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:46:16.0354 5800 Brserid - ok
    21:46:16.0369 5800 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:46:16.0370 5800 BrSerWdm - ok
    21:46:16.0374 5800 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:46:16.0374 5800 BrUsbMdm - ok
    21:46:16.0385 5800 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:46:16.0386 5800 BrUsbSer - ok
    21:46:16.0397 5800 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    21:46:16.0398 5800 BTHMODEM - ok
    21:46:16.0403 5800 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:46:16.0404 5800 bthserv - ok
    21:46:16.0415 5800 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:46:16.0417 5800 cdfs - ok
    21:46:16.0451 5800 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:46:16.0453 5800 cdrom - ok
    21:46:16.0482 5800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:46:16.0483 5800 CertPropSvc - ok
    21:46:16.0495 5800 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    21:46:16.0496 5800 circlass - ok
    21:46:16.0509 5800 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:46:16.0512 5800 CLFS - ok
    21:46:16.0527 5800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:46:16.0528 5800 clr_optimization_v2.0.50727_32 - ok
    21:46:16.0549 5800 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:46:16.0550 5800 clr_optimization_v2.0.50727_64 - ok
    21:46:16.0606 5800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:46:16.0608 5800 clr_optimization_v4.0.30319_32 - ok
    21:46:16.0615 5800 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:46:16.0617 5800 clr_optimization_v4.0.30319_64 - ok
    21:46:16.0623 5800 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    21:46:16.0624 5800 CmBatt - ok
    21:46:16.0632 5800 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:46:16.0633 5800 cmdide - ok
    21:46:16.0663 5800 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:46:16.0667 5800 CNG - ok
    21:46:16.0671 5800 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    21:46:16.0672 5800 Compbatt - ok
    21:46:16.0696 5800 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    21:46:16.0697 5800 CompositeBus - ok
    21:46:16.0699 5800 COMSysApp - ok
    21:46:16.0714 5800 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    21:46:16.0714 5800 crcdisk - ok
    21:46:16.0744 5800 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:46:16.0746 5800 CryptSvc - ok
    21:46:16.0843 5800 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Origin Games\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe
    21:46:16.0844 5800 DAUpdaterSvc - ok
    21:46:16.0877 5800 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    21:46:16.0878 5800 dc3d - ok
    21:46:16.0907 5800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:46:16.0912 5800 DcomLaunch - ok
    21:46:16.0935 5800 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:46:16.0938 5800 defragsvc - ok
    21:46:16.0971 5800 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:46:16.0973 5800 DfsC - ok
    21:46:16.0999 5800 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:46:17.0002 5800 Dhcp - ok
    21:46:17.0006 5800 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:46:17.0006 5800 discache - ok
    21:46:17.0014 5800 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    21:46:17.0015 5800 Disk - ok
    21:46:17.0049 5800 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:46:17.0050 5800 Dnscache - ok
    21:46:17.0074 5800 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:46:17.0076 5800 dot3svc - ok
    21:46:17.0105 5800 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    21:46:17.0106 5800 Dot4 - ok
    21:46:17.0129 5800 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    21:46:17.0130 5800 Dot4Print - ok
    21:46:17.0150 5800 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    21:46:17.0151 5800 dot4usb - ok
    21:46:17.0183 5800 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:46:17.0184 5800 DPS - ok
    21:46:17.0201 5800 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:46:17.0202 5800 drmkaud - ok
    21:46:17.0253 5800 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    21:46:17.0256 5800 dtsoftbus01 - ok
    21:46:17.0356 5800 dump_wmimmc - ok
    21:46:17.0400 5800 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:46:17.0408 5800 DXGKrnl - ok
    21:46:17.0474 5800 [ 0317213256ED2CB41D005E42CFB927EA ] Dyyno Launcher C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
    21:46:17.0778 5800 Dyyno Launcher - ok
    21:46:17.0812 5800 EagleX64 - ok
    21:46:17.0826 5800 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:46:17.0828 5800 EapHost - ok
    21:46:17.0880 5800 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    21:46:17.0924 5800 ebdrv - ok
    21:46:17.0947 5800 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:46:17.0948 5800 EFS - ok
    21:46:17.0977 5800 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:46:17.0983 5800 ehRecvr - ok
    21:46:18.0001 5800 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:46:18.0002 5800 ehSched - ok
    21:46:18.0024 5800 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    21:46:18.0028 5800 elxstor - ok
    21:46:18.0052 5800 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:46:18.0053 5800 ErrDev - ok
    21:46:18.0072 5800 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:46:18.0076 5800 EventSystem - ok
    21:46:18.0093 5800 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:46:18.0095 5800 exfat - ok
    21:46:18.0113 5800 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:46:18.0115 5800 fastfat - ok
    21:46:18.0151 5800 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:46:18.0157 5800 Fax - ok
    21:46:18.0169 5800 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:46:18.0170 5800 fdc - ok
    21:46:18.0183 5800 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:46:18.0184 5800 fdPHost - ok
    21:46:18.0194 5800 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:46:18.0195 5800 FDResPub - ok
    21:46:18.0200 5800 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:46:18.0201 5800 FileInfo - ok
    21:46:18.0204 5800 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:46:18.0204 5800 Filetrace - ok
    21:46:18.0248 5800 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    21:46:18.0253 5800 FLEXnet Licensing Service - ok
    21:46:18.0265 5800 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:46:18.0265 5800 flpydisk - ok
    21:46:18.0281 5800 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:46:18.0284 5800 FltMgr - ok
    21:46:18.0342 5800 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    21:46:18.0352 5800 FontCache - ok
    21:46:18.0388 5800 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:46:18.0388 5800 FontCache3.0.0.0 - ok
    21:46:18.0392 5800 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:46:18.0393 5800 FsDepends - ok
    21:46:18.0420 5800 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:46:18.0421 5800 Fs_Rec - ok
    21:46:18.0436 5800 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:46:18.0438 5800 fvevol - ok
    21:46:18.0453 5800 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:46:18.0454 5800 gagp30kx - ok
    21:46:18.0467 5800 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:46:18.0467 5800 GEARAspiWDM - ok
    21:46:18.0497 5800 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:46:18.0504 5800 gpsvc - ok
    21:46:18.0567 5800 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:46:18.0569 5800 gupdate - ok
    21:46:18.0600 5800 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:46:18.0601 5800 gupdatem - ok
    21:46:18.0625 5800 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    21:46:18.0626 5800 hamachi - ok
    21:46:18.0710 5800 [ 12306E3AACEEF484E316780864D2A5CC ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    21:46:18.0878 5800 Hamachi2Svc - ok
    21:46:18.0889 5800 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:46:18.0890 5800 hcw85cir - ok
    21:46:18.0915 5800 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:46:18.0919 5800 HdAudAddService - ok
    21:46:18.0932 5800 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    21:46:18.0933 5800 HDAudBus - ok
    21:46:18.0945 5800 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    21:46:18.0946 5800 HidBatt - ok
    21:46:18.0961 5800 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    21:46:18.0962 5800 HidBth - ok
    21:46:18.0985 5800 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    21:46:18.0986 5800 HidIr - ok
    21:46:18.0999 5800 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    21:46:19.0000 5800 hidserv - ok
    21:46:19.0029 5800 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:46:19.0030 5800 HidUsb - ok
    21:46:19.0060 5800 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:46:19.0061 5800 hkmsvc - ok
    21:46:19.0087 5800 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:46:19.0090 5800 HomeGroupListener - ok
    21:46:19.0094 5800 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:46:19.0097 5800 HomeGroupProvider - ok
    21:46:19.0179 5800 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    21:46:19.0181 5800 hpqcxs08 - ok
    21:46:19.0189 5800 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    21:46:19.0191 5800 hpqddsvc - ok
    21:46:19.0217 5800 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:46:19.0218 5800 HpSAMD - ok
    21:46:19.0241 5800 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    21:46:19.0250 5800 HPSLPSVC - ok
    21:46:19.0274 5800 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:46:19.0280 5800 HTTP - ok
    21:46:19.0310 5800 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:46:19.0311 5800 hwpolicy - ok
    21:46:19.0339 5800 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    21:46:19.0341 5800 i8042prt - ok
    21:46:19.0373 5800 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:46:19.0377 5800 iaStorV - ok
    21:46:19.0425 5800 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    21:46:19.0427 5800 IDriverT - ok
    21:46:19.0467 5800 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:46:19.0475 5800 idsvc - ok
    21:46:19.0486 5800 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    21:46:19.0487 5800 iirsp - ok
    21:46:19.0502 5800 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:46:19.0509 5800 IKEEXT - ok
    21:46:19.0519 5800 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:46:19.0519 5800 intelide - ok
    21:46:19.0537 5800 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:46:19.0538 5800 intelppm - ok
    21:46:19.0566 5800 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:46:19.0567 5800 IPBusEnum - ok
    21:46:19.0598 5800 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:46:19.0600 5800 IpFilterDriver - ok
    21:46:19.0626 5800 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:46:19.0631 5800 iphlpsvc - ok
    21:46:19.0639 5800 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:46:19.0640 5800 IPMIDRV - ok
    21:46:19.0651 5800 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:46:19.0652 5800 IPNAT - ok
    21:46:19.0684 5800 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:46:19.0692 5800 iPod Service - ok
    21:46:19.0712 5800 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:46:19.0712 5800 IRENUM - ok
    21:46:19.0741 5800 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:46:19.0742 5800 isapnp - ok
    21:46:19.0750 5800 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:46:19.0753 5800 iScsiPrt - ok
    21:46:19.0770 5800 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:46:19.0771 5800 kbdclass - ok
    21:46:19.0798 5800 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:46:19.0824 5800 kbdhid - ok
    21:46:19.0839 5800 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:46:19.0840 5800 KeyIso - ok
    21:46:19.0871 5800 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:46:19.0873 5800 KSecDD - ok
    21:46:19.0901 5800 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:46:19.0903 5800 KSecPkg - ok
    21:46:19.0906 5800 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:46:19.0907 5800 ksthunk - ok
    21:46:19.0933 5800 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:46:19.0937 5800 KtmRm - ok
    21:46:19.0965 5800 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:46:19.0968 5800 LanmanServer - ok
    21:46:19.0996 5800 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:46:19.0998 5800 LanmanWorkstation - ok
    21:46:20.0022 5800 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:46:20.0023 5800 lltdio - ok
    21:46:20.0044 5800 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:46:20.0048 5800 lltdsvc - ok
    21:46:20.0061 5800 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:46:20.0063 5800 lmhosts - ok
    21:46:20.0075 5800 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:46:20.0076 5800 LSI_FC - ok
    21:46:20.0089 5800 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:46:20.0091 5800 LSI_SAS - ok
    21:46:20.0103 5800 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:46:20.0105 5800 LSI_SAS2 - ok
    21:46:20.0119 5800 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:46:20.0121 5800 LSI_SCSI - ok
    21:46:20.0148 5800 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:46:20.0149 5800 luafv - ok
    21:46:20.0176 5800 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:46:20.0178 5800 Mcx2Svc - ok
    21:46:20.0198 5800 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    21:46:20.0199 5800 megasas - ok
    21:46:20.0217 5800 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    21:46:20.0220 5800 MegaSR - ok
    21:46:20.0288 5800 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    21:46:20.0289 5800 Microsoft Office Groove Audit Service - ok
    21:46:20.0299 5800 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:46:20.0300 5800 MMCSS - ok
    21:46:20.0309 5800 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:46:20.0310 5800 Modem - ok
    21:46:20.0321 5800 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:46:20.0322 5800 monitor - ok
    21:46:20.0328 5800 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:46:20.0329 5800 mouclass - ok
    21:46:20.0333 5800 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:46:20.0333 5800 mouhid - ok
    21:46:20.0356 5800 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:46:20.0357 5800 mountmgr - ok
    21:46:20.0400 5800 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    21:46:20.0402 5800 MozillaMaintenance - ok
    21:46:20.0467 5800 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    21:46:20.0469 5800 MpFilter - ok
    21:46:20.0496 5800 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:46:20.0498 5800 mpio - ok
    21:46:20.0505 5800 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:46:20.0506 5800 mpsdrv - ok
    21:46:20.0538 5800 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:46:20.0546 5800 MpsSvc - ok
    21:46:20.0574 5800 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:46:20.0576 5800 MRxDAV - ok
    21:46:20.0604 5800 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:46:20.0606 5800 mrxsmb - ok
    21:46:20.0633 5800 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:46:20.0636 5800 mrxsmb10 - ok
    21:46:20.0644 5800 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:46:20.0646 5800 mrxsmb20 - ok
    21:46:20.0657 5800 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:46:20.0658 5800 msahci - ok
    21:46:20.0682 5800 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:46:20.0684 5800 msdsm - ok
    21:46:20.0697 5800 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:46:20.0699 5800 MSDTC - ok
    21:46:20.0716 5800 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:46:20.0717 5800 Msfs - ok
    21:46:20.0723 5800 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:46:20.0724 5800 mshidkmdf - ok
    21:46:20.0730 5800 MSICDSetup - ok
    21:46:20.0756 5800 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:46:20.0757 5800 msisadrv - ok
    21:46:20.0777 5800 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:46:20.0780 5800 MSiSCSI - ok
    21:46:20.0783 5800 msiserver - ok
    21:46:20.0797 5800 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:46:20.0798 5800 MSKSSRV - ok
    21:46:20.0855 5800 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    21:46:20.0855 5800 MsMpSvc - ok
    21:46:20.0869 5800 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:46:20.0870 5800 MSPCLOCK - ok
    21:46:20.0875 5800 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:46:20.0876 5800 MSPQM - ok
    21:46:20.0906 5800 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:46:20.0909 5800 MsRPC - ok
    21:46:20.0914 5800 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    21:46:20.0915 5800 mssmbios - ok
    21:46:20.0923 5800 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:46:20.0923 5800 MSTEE - ok
    21:46:20.0937 5800 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    21:46:20.0937 5800 MTConfig - ok
    21:46:20.0956 5800 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    21:46:20.0957 5800 MTsensor - ok
    21:46:20.0976 5800 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:46:20.0977 5800 Mup - ok
    21:46:21.0010 5800 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:46:21.0015 5800 napagent - ok
    21:46:21.0029 5800 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:46:21.0032 5800 NativeWifiP - ok
    21:46:21.0072 5800 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:46:21.0079 5800 NDIS - ok
    21:46:21.0088 5800 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:46:21.0088 5800 NdisCap - ok
    21:46:21.0091 5800 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:46:21.0092 5800 NdisTapi - ok
    21:46:21.0116 5800 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:46:21.0117 5800 Ndisuio - ok
    21:46:21.0145 5800 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:46:21.0147 5800 NdisWan - ok
    21:46:21.0170 5800 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:46:21.0171 5800 NDProxy - ok
    21:46:21.0237 5800 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    21:46:21.0245 5800 Nero BackItUp Scheduler 4.0 - ok
    21:46:21.0274 5800 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    21:46:21.0276 5800 Net Driver HPZ12 - ok
    21:46:21.0285 5800 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:46:21.0286 5800 NetBIOS - ok
    21:46:21.0312 5800 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:46:21.0315 5800 NetBT - ok
    21:46:21.0323 5800 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:46:21.0323 5800 Netlogon - ok
    21:46:21.0345 5800 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:46:21.0348 5800 Netman - ok
    21:46:21.0372 5800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:46:21.0374 5800 NetMsmqActivator - ok
    21:46:21.0387 5800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:46:21.0387 5800 NetPipeActivator - ok
    21:46:21.0403 5800 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:46:21.0408 5800 netprofm - ok
    21:46:21.0440 5800 [ D66596DB0A0739A89C25B590CE36D628 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    21:46:21.0447 5800 netr28x - ok
    21:46:21.0453 5800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:46:21.0454 5800 NetTcpActivator - ok
    21:46:21.0458 5800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:46:21.0458 5800 NetTcpPortSharing - ok
    21:46:21.0472 5800 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    21:46:21.0473 5800 nfrd960 - ok
    21:46:21.0517 5800 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    21:46:21.0518 5800 NisDrv - ok
    21:46:21.0545 5800 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    21:46:21.0548 5800 NisSrv - ok
    21:46:21.0671 5800 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:46:21.0697 5800 NlaSvc - ok
    21:46:21.0726 5800 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:46:21.0754 5800 Npfs - ok
    21:46:21.0780 5800 npggsvc - ok
    21:46:21.0783 5800 NPPTNT2 - ok
    21:46:21.0792 5800 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:46:21.0793 5800 nsi - ok
    21:46:21.0796 5800 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:46:21.0797 5800 nsiproxy - ok
    21:46:21.0850 5800 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:46:21.0871 5800 Ntfs - ok
    21:46:21.0901 5800 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:46:21.0902 5800 Null - ok
    21:46:21.0913 5800 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
    21:46:21.0914 5800 nusb3hub - ok
    21:46:21.0925 5800 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
    21:46:21.0926 5800 nusb3xhc - ok
    21:46:21.0951 5800 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:46:21.0953 5800 nvraid - ok
    21:46:21.0966 5800 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:46:21.0968 5800 nvstor - ok
    21:46:21.0995 5800 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:46:21.0996 5800 nv_agp - ok
    21:46:22.0052 5800 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:46:22.0056 5800 odserv - ok
    21:46:22.0082 5800 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:46:22.0084 5800 ohci1394 - ok
    21:46:22.0113 5800 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:46:22.0115 5800 ose - ok
    21:46:22.0140 5800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:46:22.0143 5800 p2pimsvc - ok
    21:46:22.0153 5800 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:46:22.0158 5800 p2psvc - ok
    21:46:22.0168 5800 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    21:46:22.0169 5800 Parport - ok
    21:46:22.0194 5800 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:46:22.0195 5800 partmgr - ok
    21:46:22.0209 5800 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:46:22.0211 5800 PcaSvc - ok
    21:46:22.0234 5800 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:46:22.0236 5800 pci - ok
    21:46:22.0245 5800 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:46:22.0246 5800 pciide - ok
    21:46:22.0260 5800 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    21:46:22.0263 5800 pcmcia - ok
    21:46:22.0277 5800 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:46:22.0278 5800 pcw - ok
    21:46:22.0294 5800 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:46:22.0300 5800 PEAUTH - ok
    21:46:22.0353 5800 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:46:22.0354 5800 PerfHost - ok
    21:46:22.0395 5800 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:46:22.0408 5800 pla - ok
    21:46:22.0459 5800 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:46:22.0463 5800 PlugPlay - ok
    21:46:22.0485 5800 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    21:46:22.0486 5800 Pml Driver HPZ12 - ok
    21:46:22.0501 5800 PnkBstrA - ok
    21:46:22.0508 5800 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:46:22.0510 5800 PNRPAutoReg - ok
    21:46:22.0515 5800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:46:22.0517 5800 PNRPsvc - ok
    21:46:22.0536 5800 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    21:46:22.0537 5800 Point64 - ok
    21:46:22.0550 5800 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:46:22.0555 5800 PolicyAgent - ok
    21:46:22.0574 5800 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:46:22.0577 5800 Power - ok
    21:46:22.0603 5800 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:46:22.0605 5800 PptpMiniport - ok
    21:46:22.0617 5800 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    21:46:22.0618 5800 Processor - ok
    21:46:22.0653 5800 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:46:22.0656 5800 ProfSvc - ok
    21:46:22.0664 5800 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:46:22.0665 5800 ProtectedStorage - ok
    21:46:22.0694 5800 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:46:22.0695 5800 Psched - ok
    21:46:22.0728 5800 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    21:46:22.0729 5800 PxHlpa64 - ok
    21:46:22.0757 5800 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    21:46:22.0781 5800 ql2300 - ok
    21:46:22.0802 5800 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    21:46:22.0804 5800 ql40xx - ok
    21:46:22.0821 5800 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:46:22.0824 5800 QWAVE - ok
    21:46:22.0830 5800 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:46:22.0831 5800 QWAVEdrv - ok
    21:46:22.0838 5800 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:46:22.0838 5800 RasAcd - ok
    21:46:22.0858 5800 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:46:22.0859 5800 RasAgileVpn - ok
    21:46:22.0863 5800 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:46:22.0865 5800 RasAuto - ok
    21:46:22.0894 5800 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:46:22.0896 5800 Rasl2tp - ok
    21:46:22.0927 5800 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:46:22.0931 5800 RasMan - ok
    21:46:22.0935 5800 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:46:22.0936 5800 RasPppoe - ok
    21:46:22.0943 5800 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:46:22.0944 5800 RasSstp - ok
    21:46:22.0959 5800 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:46:22.0962 5800 rdbss - ok
    21:46:22.0975 5800 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    21:46:22.0976 5800 rdpbus - ok
    21:46:22.0985 5800 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:46:22.0985 5800 RDPCDD - ok
    21:46:23.0004 5800 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:46:23.0004 5800 RDPENCDD - ok
    21:46:23.0009 5800 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:46:23.0009 5800 RDPREFMP - ok
    21:46:23.0035 5800 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:46:23.0037 5800 RDPWD - ok
    21:46:23.0064 5800 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:46:23.0066 5800 rdyboost - ok
    21:46:23.0086 5800 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:46:23.0088 5800 RemoteAccess - ok
    21:46:23.0094 5800 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:46:23.0096 5800 RemoteRegistry - ok
    21:46:23.0103 5800 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:46:23.0105 5800 RpcEptMapper - ok
    21:46:23.0120 5800 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:46:23.0121 5800 RpcLocator - ok
    21:46:23.0149 5800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:46:23.0152 5800 RpcSs - ok
    21:46:23.0156 5800 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:46:23.0157 5800 rspndr - ok
    21:46:23.0181 5800 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:46:23.0184 5800 RTL8167 - ok
    21:46:23.0196 5800 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
    21:46:23.0197 5800 RtNdPt60 - ok
    21:46:23.0219 5800 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
    21:46:23.0220 5800 RTTEAMPT - ok
    21:46:23.0227 5800 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
    21:46:23.0228 5800 RTVLANPT - ok
  5. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    21:46:23.0254 5800 [ 45C74BA1D62DFA8B9A1AF48689C99DAF ] rzendpt C:\Windows\system32\DRIVERS\rzendpt.sys
    21:46:23.0254 5800 rzendpt - ok
    21:46:23.0274 5800 [ 4A7F736E0DA669E5D67B7D6787A2CD69 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
    21:46:23.0275 5800 rzudd - ok
    21:46:23.0278 5800 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:46:23.0279 5800 SamSs - ok
    21:46:23.0306 5800 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:46:23.0307 5800 sbp2port - ok
    21:46:23.0373 5800 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    21:46:23.0383 5800 SBSDWSCService - ok
    21:46:23.0388 5800 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:46:23.0391 5800 SCardSvr - ok
    21:46:23.0414 5800 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:46:23.0414 5800 scfilter - ok
    21:46:23.0445 5800 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:46:23.0455 5800 Schedule - ok
    21:46:23.0467 5800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:46:23.0468 5800 SCPolicySvc - ok
    21:46:23.0494 5800 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:46:23.0497 5800 SDRSVC - ok
    21:46:23.0502 5800 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:46:23.0503 5800 secdrv - ok
    21:46:23.0515 5800 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:46:23.0517 5800 seclogon - ok
    21:46:23.0520 5800 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    21:46:23.0522 5800 SENS - ok
    21:46:23.0525 5800 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:46:23.0527 5800 SensrSvc - ok
    21:46:23.0545 5800 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    21:46:23.0545 5800 Serenum - ok
    21:46:23.0559 5800 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    21:46:23.0560 5800 Serial - ok
    21:46:23.0581 5800 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    21:46:23.0581 5800 sermouse - ok
    21:46:23.0648 5800 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:46:23.0650 5800 SessionEnv - ok
    21:46:23.0669 5800 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:46:23.0670 5800 sffdisk - ok
    21:46:23.0682 5800 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:46:23.0682 5800 sffp_mmc - ok
    21:46:23.0691 5800 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:46:23.0692 5800 sffp_sd - ok
    21:46:23.0706 5800 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    21:46:23.0707 5800 sfloppy - ok
    21:46:23.0732 5800 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:46:23.0735 5800 SharedAccess - ok
    21:46:23.0763 5800 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:46:23.0767 5800 ShellHWDetection - ok
    21:46:23.0789 5800 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:46:23.0790 5800 SiSRaid2 - ok
    21:46:23.0800 5800 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    21:46:23.0801 5800 SiSRaid4 - ok
    21:46:23.0905 5800 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    21:46:23.0949 5800 Skype C2C Service - ok
    21:46:23.0992 5800 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    21:46:23.0993 5800 SkypeUpdate - ok
    21:46:24.0012 5800 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:46:24.0013 5800 Smb - ok
    21:46:24.0046 5800 [ B84440E7554FC85E900EEF0A7AABA228 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
    21:46:24.0048 5800 snapman - ok
    21:46:24.0053 5800 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:46:24.0054 5800 SNMPTRAP - ok
    21:46:24.0067 5800 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:46:24.0068 5800 spldr - ok
    21:46:24.0098 5800 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    21:46:24.0104 5800 Spooler - ok
    21:46:24.0195 5800 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:46:24.0236 5800 sppsvc - ok
    21:46:24.0241 5800 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:46:24.0243 5800 sppuinotify - ok
    21:46:24.0276 5800 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:46:24.0280 5800 srv - ok
    21:46:24.0290 5800 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:46:24.0294 5800 srv2 - ok
    21:46:24.0303 5800 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:46:24.0305 5800 srvnet - ok
    21:46:24.0325 5800 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:46:24.0328 5800 SSDPSRV - ok
    21:46:24.0338 5800 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:46:24.0340 5800 SstpSvc - ok
    21:46:24.0346 5800 Steam Client Service - ok
    21:46:24.0358 5800 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    21:46:24.0358 5800 stexstor - ok
    21:46:24.0394 5800 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:46:24.0399 5800 stisvc - ok
    21:46:24.0423 5800 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    21:46:24.0424 5800 swenum - ok
    21:46:24.0485 5800 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    21:46:24.0561 5800 SwitchBoard - ok
    21:46:24.0575 5800 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:46:24.0580 5800 swprv - ok
    21:46:24.0627 5800 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:46:24.0652 5800 SysMain - ok
    21:46:24.0681 5800 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:46:24.0683 5800 TabletInputService - ok
    21:46:24.0785 5800 [ 25999F2134BE3EA656D1F8D50FA089E6 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
    21:46:25.0030 5800 TabletServicePen - ok
    21:46:25.0041 5800 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:46:25.0045 5800 TapiSrv - ok
    21:46:25.0058 5800 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:46:25.0060 5800 TBS - ok
    21:46:25.0112 5800 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:46:25.0137 5800 Tcpip - ok
    21:46:25.0173 5800 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:46:25.0181 5800 TCPIP6 - ok
    21:46:25.0206 5800 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:46:25.0207 5800 tcpipreg - ok
    21:46:25.0220 5800 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:46:25.0220 5800 TDPIPE - ok
    21:46:25.0247 5800 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:46:25.0248 5800 TDTCP - ok
    21:46:25.0282 5800 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:46:25.0284 5800 tdx - ok
    21:46:25.0293 5800 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
    21:46:25.0294 5800 TEAM - ok
    21:46:25.0386 5800 [ 01A402D34732CA3DA91786ADCC765069 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    21:46:25.0421 5800 TeamViewer6 - ok
    21:46:25.0481 5800 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    21:46:25.0515 5800 TeamViewer7 - ok
    21:46:25.0522 5800 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    21:46:25.0523 5800 TermDD - ok
    21:46:25.0552 5800 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:46:25.0558 5800 TermService - ok
    21:46:25.0572 5800 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:46:25.0573 5800 Themes - ok
    21:46:25.0590 5800 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:46:25.0591 5800 THREADORDER - ok
    21:46:25.0605 5800 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:46:25.0607 5800 TrkWks - ok
    21:46:25.0640 5800 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:46:25.0642 5800 TrustedInstaller - ok
    21:46:25.0677 5800 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:46:25.0678 5800 tssecsrv - ok
    21:46:25.0697 5800 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:46:25.0699 5800 TsUsbFlt - ok
    21:46:25.0734 5800 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:46:25.0735 5800 tunnel - ok
    21:46:25.0748 5800 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    21:46:25.0749 5800 uagp35 - ok
    21:46:25.0781 5800 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:46:25.0784 5800 udfs - ok
    21:46:25.0801 5800 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:46:25.0803 5800 UI0Detect - ok
    21:46:25.0815 5800 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:46:25.0817 5800 uliagpkx - ok
    21:46:25.0851 5800 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:46:25.0852 5800 umbus - ok
    21:46:25.0866 5800 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    21:46:25.0867 5800 UmPass - ok
    21:46:25.0876 5800 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:46:25.0880 5800 upnphost - ok
    21:46:25.0910 5800 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    21:46:25.0911 5800 USBAAPL64 - ok
    21:46:25.0938 5800 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:46:25.0939 5800 usbccgp - ok
    21:46:25.0969 5800 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:46:25.0970 5800 usbcir - ok
    21:46:25.0977 5800 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:46:25.0978 5800 usbehci - ok
    21:46:25.0987 5800 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:46:25.0991 5800 usbhub - ok
    21:46:26.0000 5800 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    21:46:26.0001 5800 usbohci - ok
    21:46:26.0005 5800 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:46:26.0005 5800 usbprint - ok
    21:46:26.0019 5800 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    21:46:26.0020 5800 usbscan - ok
    21:46:26.0032 5800 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:46:26.0033 5800 USBSTOR - ok
    21:46:26.0043 5800 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    21:46:26.0044 5800 usbuhci - ok
    21:46:26.0058 5800 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:46:26.0060 5800 UxSms - ok
    21:46:26.0064 5800 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:46:26.0065 5800 VaultSvc - ok
    21:46:26.0105 5800 [ 9304501324486866F91B3AE4C420F206 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    21:46:26.0106 5800 VBoxNetAdp - ok
    21:46:26.0117 5800 VBoxNetFlt - ok
    21:46:26.0121 5800 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:46:26.0122 5800 vdrvroot - ok
    21:46:26.0151 5800 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:46:26.0156 5800 vds - ok
    21:46:26.0166 5800 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:46:26.0167 5800 vga - ok
    21:46:26.0189 5800 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:46:26.0190 5800 VgaSave - ok
    21:46:26.0215 5800 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:46:26.0217 5800 vhdmp - ok
    21:46:26.0238 5800 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:46:26.0239 5800 viaide - ok
    21:46:26.0252 5800 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:46:26.0253 5800 volmgr - ok
    21:46:26.0284 5800 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:46:26.0287 5800 volmgrx - ok
    21:46:26.0316 5800 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:46:26.0319 5800 volsnap - ok
    21:46:26.0338 5800 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    21:46:26.0339 5800 vsmraid - ok
    21:46:26.0381 5800 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:46:26.0407 5800 VSS - ok
    21:46:26.0422 5800 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:46:26.0423 5800 vwifibus - ok
    21:46:26.0434 5800 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:46:26.0435 5800 vwififlt - ok
    21:46:26.0463 5800 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    21:46:26.0464 5800 vwifimp - ok
    21:46:26.0474 5800 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:46:26.0479 5800 W32Time - ok
    21:46:26.0522 5800 [ 4F1FBD963F8520B7CE80FFA73EF7DE1D ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    21:46:26.0523 5800 wacmoumonitor - ok
    21:46:26.0538 5800 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
    21:46:26.0539 5800 wacommousefilter - ok
    21:46:26.0554 5800 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    21:46:26.0554 5800 WacomPen - ok
    21:46:26.0590 5800 [ 26B430E7C5F598FE7353E3BC4B261321 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    21:46:26.0600 5800 wacomvhid - ok
    21:46:26.0638 5800 [ 8B4255329EDFBA3ECFBD0714476FAD38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
    21:46:26.0639 5800 WacomVKHid - ok
    21:46:26.0660 5800 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:46:26.0662 5800 WANARP - ok
    21:46:26.0664 5800 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:46:26.0665 5800 Wanarpv6 - ok
    21:46:26.0700 5800 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:46:26.0722 5800 WatAdminSvc - ok
    21:46:26.0759 5800 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:46:26.0782 5800 wbengine - ok
    21:46:26.0787 5800 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:46:26.0790 5800 WbioSrvc - ok
    21:46:26.0823 5800 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:46:26.0827 5800 wcncsvc - ok
    21:46:26.0833 5800 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:46:26.0835 5800 WcsPlugInService - ok
    21:46:26.0841 5800 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    21:46:26.0842 5800 Wd - ok
    21:46:26.0863 5800 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    21:46:26.0863 5800 WDC_SAM - ok
    21:46:26.0929 5800 [ B4C34EB650EB1309F1B0C5EB34AFE091 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    21:46:26.0931 5800 WDDMService - ok
    21:46:26.0973 5800 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:46:26.0980 5800 Wdf01000 - ok
    21:46:27.0010 5800 [ 1BD70AA3D8C7A6178D180D0643643B14 ] WDFMEService C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    21:46:27.0069 5800 WDFMEService - ok
    21:46:27.0097 5800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:46:27.0100 5800 WdiServiceHost - ok
    21:46:27.0102 5800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:46:27.0104 5800 WdiSystemHost - ok
    21:46:27.0136 5800 [ 834B4943472296EFDE82D3E3E9D69377 ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    21:46:27.0146 5800 WDRulesService - ok
    21:46:27.0172 5800 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:46:27.0175 5800 WebClient - ok
    21:46:27.0182 5800 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:46:27.0185 5800 Wecsvc - ok
    21:46:27.0191 5800 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:46:27.0193 5800 wercplsupport - ok
    21:46:27.0205 5800 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:46:27.0207 5800 WerSvc - ok
    21:46:27.0213 5800 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:46:27.0214 5800 WfpLwf - ok
    21:46:27.0224 5800 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:46:27.0224 5800 WIMMount - ok
    21:46:27.0240 5800 WinHttpAutoProxySvc - ok
    21:46:27.0294 5800 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:46:27.0297 5800 Winmgmt - ok
    21:46:27.0347 5800 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:46:27.0370 5800 WinRM - ok
    21:46:27.0426 5800 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    21:46:27.0427 5800 WinUsb - ok
    21:46:27.0447 5800 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:46:27.0455 5800 Wlansvc - ok
    21:46:27.0479 5800 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    21:46:27.0480 5800 wlcrasvc - ok
    21:46:27.0525 5800 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:46:27.0559 5800 wlidsvc - ok
    21:46:27.0649 5800 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:46:27.0650 5800 WmiAcpi - ok
    21:46:27.0716 5800 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:46:27.0746 5800 wmiApSrv - ok
    21:46:27.0819 5800 WMPNetworkSvc - ok
    21:46:27.0829 5800 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:46:27.0831 5800 WPCSvc - ok
    21:46:27.0839 5800 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:46:27.0842 5800 WPDBusEnum - ok
    21:46:27.0853 5800 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:46:27.0854 5800 ws2ifsl - ok
    21:46:27.0858 5800 WSearch - ok
    21:46:27.0907 5800 [ 21903F2FC8F70C1FC2AAAA2F06C2C665 ] WTouchService C:\Program Files\WTouch\WTouchService.exe
    21:46:27.0936 5800 WTouchService - ok
    21:46:27.0976 5800 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:46:28.0002 5800 wuauserv - ok
    21:46:28.0036 5800 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:46:28.0037 5800 WudfPf - ok
    21:46:28.0061 5800 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:46:28.0063 5800 WUDFRd - ok
    21:46:28.0087 5800 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:46:28.0090 5800 wudfsvc - ok
    21:46:28.0094 5800 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:46:28.0098 5800 WwanSvc - ok
    21:46:28.0122 5800 ================ Scan global ===============================
    21:46:28.0137 5800 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:46:28.0168 5800 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    21:46:28.0175 5800 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    21:46:28.0188 5800 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:46:28.0209 5800 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:46:28.0213 5800 [Global] - ok
    21:46:28.0213 5800 ================ Scan MBR ==================================
    21:46:28.0224 5800 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:46:28.0347 5800 \Device\Harddisk0\DR0 - ok
    21:46:28.0348 5800 ================ Scan VBR ==================================
    21:46:28.0350 5800 [ 0CAD4137DCBD2A962FD68A029DF34B41 ] \Device\Harddisk0\DR0\Partition1
    21:46:28.0350 5800 \Device\Harddisk0\DR0\Partition1 - ok
    21:46:28.0377 5800 [ FDAC0694374A3A5A5CBD149B28A65F2A ] \Device\Harddisk0\DR0\Partition2
    21:46:28.0378 5800 \Device\Harddisk0\DR0\Partition2 - ok
    21:46:28.0378 5800 ============================================================
    21:46:28.0378 5800 Scan finished
    21:46:28.0378 5800 ============================================================
    21:46:28.0385 7968 Detected object count: 0
    21:46:28.0385 7968 Actual detected object count: 0




    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Julian Liu [Admin rights]
    Mode : Remove -- Date : 11/14/2012 21:49:01

    ¤¤¤ Bad processes : 4 ¤¤¤
    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Julian Liu\AppData\Roaming\necscu.dll -> KILLED [TermProc]
    [SUSP PATH] splwow64.exe -- C:\Windows\splwow64.exe -> KILLED [TermProc]
    [WIN][HJNAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    [SUSP PATH] TDSSKiller.exe -- C:\Users\Julian Liu\Desktop\TDSSKiller.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][ROGUE ST] HKCU\[...]\Run : Dyyno Launcher ("C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : necscu ("C:\Windows\System32\rundll32.exe" "C:\Users\Julian Liu\AppData\Roaming\necscu.dll",Method_Self) -> DELETED
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{839A803F-833A-40CD-843B-BFEB67466485} : NameServer (206.10.10.1) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{839A803F-833A-40CD-843B-BFEB67466485} : NameServer (206.10.10.1) -> NOT REMOVED, USE DNSFIX
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD1502FAEX-007BA0 ATA Device +++++
    --- User ---
    [MBR] e7463f02936960df2fcf3e84bee6aa22
    [BSP] 0822e2c7948438af1bb093dc0249a982 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 235 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 481950 | Size: 1430561 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11142012_02d2149.txt >>
    RKreport[1]_S_11142012_02d2148.txt ; RKreport[2]_D_11142012_02d2149.txt
  6. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-14 21:50:55
    -----------------------------
    21:50:55.413 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:50:55.413 Number of processors: 4 586 0x403
    21:50:55.413 ComputerName: JULIANLIU-PC UserName: Julian Liu
    21:50:56.754 Initialize success
    22:03:23.994 AVAST engine defs: 12111401
    22:05:44.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T1L0-7
    22:05:44.847 Disk 0 Vendor: WDC_WD1502FAEX-007BA0 05.01D05 Size: 1430799MB BusType: 3
    22:05:44.847 Disk 0 MBR read successfully
    22:05:44.862 Disk 0 MBR scan
    22:05:44.862 Disk 0 Windows 7 default MBR code
    22:05:44.862 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 235 MB offset 63
    22:05:44.894 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430561 MB offset 481950
    22:05:44.956 Disk 0 scanning C:\Windows\system32\drivers
    22:05:56.108 Service scanning
    22:06:21.894 Modules scanning
    22:06:21.894 Disk 0 trace - called modules:
    22:06:21.910 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    22:06:21.910 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062a0060]
    22:06:21.910 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8005c11520]
    22:06:21.910 5 ACPI.sys[fffff88000fa07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T1L0-7[0xfffffa80052f2680]
    22:06:24.032 AVAST engine scan C:\Windows
    22:06:28.306 AVAST engine scan C:\Windows\system32
    22:10:11.885 AVAST engine scan C:\Windows\system32\drivers
    22:10:26.096 AVAST engine scan C:\Users\Julian Liu
    22:41:32.740 Disk 0 MBR has been saved successfully to "C:\Users\Julian Liu\Desktop\MBR.dat"
    22:41:32.780 The log file has been saved successfully to "C:\Users\Julian Liu\Desktop\aswMBR.txt"
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  8. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    ComboFix 12-11-15.01 - Julian Liu 11/15/2012 20:39:17.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3041 [GMT -5:00]
    Running from: c:\users\Julian Liu\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\programdata\50124640
    c:\users\Guest\AppData\Roaming\WTouch
    c:\users\Guest\AppData\Roaming\WTouch\WTouch.xml
    c:\users\Julian Liu\AppData\Roaming\Dyyno
    c:\users\Julian Liu\AppData\Roaming\Dyyno\dgcsrv.xml
    c:\users\Julian Liu\AppData\Roaming\Dyyno\dyyno.xml
    c:\users\Julian Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
    c:\users\Julian Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
    c:\users\Julian Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
    c:\users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\searchplugins\bing-zugo.xml
    c:\users\Julian Liu\AppData\Roaming\necscu.dll
    c:\users\Julian Liu\AppData\Roaming\WTouch
    c:\users\Julian Liu\AppData\Roaming\WTouch\WTouch.xml
    c:\users\Julian Liu\Documents\~WRL0005.tmp
    c:\users\Waksman\AppData\Roaming\WTouch
    c:\users\Waksman\AppData\Roaming\WTouch\WTouch.xml
    c:\windows\apppatch\AppLoc.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-16 01:47 . 2012-11-16 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-16 01:47 . 2012-11-16 01:47 -------- d-----w- c:\users\Waksman\AppData\Local\temp
    2012-11-16 01:47 . 2012-11-16 01:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-11-15 09:11 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38350292-96CB-4069-BF58-17CD8F39C356}\mpengine.dll
    2012-11-15 01:21 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-14 08:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-14 08:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-14 08:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 08:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-14 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-14 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-14 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-14 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-14 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-14 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-14 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-12 21:11 . 2012-11-12 21:11 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-11-05 05:10 . 2012-11-05 05:11 -------- d-----w- c:\users\Julian Liu\AppData\Local\ConduitEngine
    2012-11-05 05:10 . 2012-11-05 05:10 -------- d-----w- c:\users\Julian Liu\AppData\Local\uTorrentControl2
    2012-11-05 05:10 . 2012-11-05 05:10 -------- d-----w- c:\users\Julian Liu\AppData\Local\NCH
    2012-11-02 19:24 . 2012-11-02 19:24 -------- d-----w- c:\users\Julian Liu\AppData\Local\ArmA 2
    2012-10-20 01:04 . 2012-10-02 21:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBE5B974-6830-4C81-9DD9-ABECD361D33C}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-14 08:01 . 2011-01-08 18:15 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-11-10 16:16 . 2011-01-23 20:40 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-11-10 16:16 . 2010-12-22 11:29 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-11-10 16:15 . 2010-12-22 11:29 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-10-12 20:21 . 2012-10-12 20:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-12 20:21 . 2012-08-16 23:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-10-12 20:21 . 2010-12-15 05:22 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-10-10 03:10 . 2012-10-10 03:10 148480 ----a-w- c:\windows\SysWow64\rztouchdll.dll
    2012-10-10 03:10 . 2012-10-10 03:10 617472 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
    2012-10-10 03:10 . 2012-10-10 03:10 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
    2012-10-09 04:54 . 2012-04-11 14:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 04:54 . 2011-07-02 05:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-02 21:17 . 2011-09-08 07:49 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-30 00:54 . 2011-02-11 22:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-18 06:21 . 2012-09-18 06:21 22016 ----a-w- c:\windows\system32\drivers\rzendpt.sys
    2012-09-18 06:21 . 2012-09-18 06:21 112640 ----a-w- c:\windows\system32\drivers\rzudd.sys
    2012-09-14 19:19 . 2012-10-10 10:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 10:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-08-31 18:19 . 2012-10-10 10:28 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 02:03 . 2010-10-25 01:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-30 18:03 . 2012-10-10 10:28 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 10:28 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 10:28 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05 . 2012-10-10 10:27 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 18:05 . 2012-09-22 13:54 1188864 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 18:05 . 2012-09-22 13:54 1494528 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 18:05 . 2012-09-22 13:54 134144 ----a-w- c:\windows\system32\url.dll
    2012-08-24 18:03 . 2012-09-22 13:54 9056256 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 18:03 . 2012-09-22 13:54 97792 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 18:03 . 2012-09-22 13:54 735744 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 18:03 . 2012-09-22 13:54 64512 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 18:02 . 2012-09-22 13:54 247808 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 18:02 . 2012-09-22 13:54 12295680 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 18:02 . 2012-09-22 13:54 2453504 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 16:57 . 2012-10-10 10:27 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-08-24 16:57 . 2012-09-22 13:54 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 15:59 . 2012-09-22 13:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 15:20 . 2012-09-22 13:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-11 22:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-11 22:25 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-11 22:25 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-25 22:54 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 18:48 . 2012-10-10 10:28 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-08-20 18:48 . 2012-10-10 10:28 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-08-20 18:48 . 2012-10-10 10:28 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-08-20 18:48 . 2012-10-10 10:28 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 18:48 . 2012-10-10 10:28 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-08-20 18:48 . 2012-10-10 10:28 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 18:48 . 2012-10-10 10:28 1162240 ----a-w- c:\windows\system32\kernel32.dll
    2012-08-20 18:46 . 2012-10-10 10:28 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 18:38 . 2012-10-10 10:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 17:40 . 2012-10-10 10:28 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38 . 2012-10-10 10:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-20 17:38 . 2012-10-10 10:28 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2012-08-20 17:37 . 2012-10-10 10:28 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-08-20 17:37 . 2012-10-10 10:28 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-08-20 17:32 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\prxtbNCH.dll" [2011-01-17 175912]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
    2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\NCH\prxtbNCH.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\prxtbNCH.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-06 1353080]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-19 896912]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-05 3093624]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-09-24 393216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-10-11 336304]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-12 2254768]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Origin Games\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe [2011-02-24 25832]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
    R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-17 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-12 283200]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
    S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-08-31 415072]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-12 2452912]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328]
    S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256]
    S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-09-18 22016]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-09-18 112640]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 14665309
    *NewlyCreated* - ASWMBR
    *Deregistered* - 14665309
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:54]
    .
    2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 03:59]
    .
    2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 03:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{839A803F-833A-40CD-843B-BFEB67466485}: NameServer = 206.10.10.1
    FF - ProfilePath - c:\users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - Google.com
    FF - ExtSQL: 2012-09-27 21:59; jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack; c:\users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
    FF - ExtSQL: 2012-11-14 04:20; {87bd0c45-2e04-11e2-8271-b8ac6f996f26}; c:\users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\{87bd0c45-2e04-11e2-8271-b8ac6f996f26}.xpi
    FF - ExtSQL: !HIDDEN! 2011-05-15 17:44; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    Wow6432Node-HKLM-Run-Launch PC Probe II - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
    AddRemove-CraftBukkit - c:\users\Julian Liu\Desktop\HISTORY\Uninstall.exe
    AddRemove-Floris Mod Pack_is1 - c:\program files (x86)\Steam\steamapps\common\MountBlade Warband\Modules\Modules\unins000.exe
    AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files (x86)\Malwarebytes' Anti-Malware\unins000.exe
    AddRemove-Police Pursuit Mod 7.6d 7.6d - c:\program files (x86)\Rockstar Games\Grand Theft Auto IV\Uninstall.exe
    AddRemove-Project Reality_is1 - c:\program files (x86)\EA Games\Battlefield 2\unins000.exe
    AddRemove-?????????????? - c:\august\??????????????\Uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1559364911-4103696722-2751451576-1001\Software\SecuROM\License information*]
    "datasecu"=hex:27,7b,b6,be,21,6e,74,53,22,c8,14,41,32,8f,fc,82,93,75,5e,d7,35,
    58,51,79,2f,93,f7,fc,1b,eb,a7,f4,23,e8,17,47,99,be,4d,cc,78,96,6e,2e,b3,00,\
    "rkeysecu"=hex:c5,c5,11,36,d6,3d,e7,3b,77,8e,97,81,e1,de,3e,04
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-15 20:50:18
    ComboFix-quarantined-files.txt 2012-11-16 01:50
    .
    Pre-Run: 475,853,328,384 bytes free
    Post-Run: 486,850,744,320 bytes free
    .
    - - End Of File - - 624BBB1B7ACEA773B394621032AE1CEF
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Looks good :)

    Any current issues?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    OTL logfile created on: 11/15/2012 10:23:01 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian Liu\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 43.68% Memory free
    12.00 Gb Paging File | 8.78 Gb Available in Paging File | 73.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1397.03 Gb Total Space | 453.49 Gb Free Space | 32.46% Space Free | Partition Type: NTFS
    Drive D: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JULIANLIU-PC | User Name: Julian Liu | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/15 22:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian Liu\Downloads\OTL.exe
    PRC - [2012/10/11 09:55:32 | 000,336,304 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    PRC - [2012/09/19 16:51:24 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/08/24 06:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/02/15 18:52:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/02/13 03:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2012/02/13 03:06:52 | 002,602,304 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    PRC - [2011/11/03 13:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/08/31 13:20:48 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
    PRC - [2011/08/31 13:20:38 | 000,415,072 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
    PRC - [2010/06/14 11:00:26 | 005,309,056 | ---- | M] (
    ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
    PRC - [2010/06/03 02:12:20 | 000,623,104 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AASP\1.01.05\aaCenter.exe
    PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/03/27 12:41:20 | 001,137,280 | ---- | M] (
    ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    PRC - [2010/03/25 11:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
    PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    PRC - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/11/02 10:27:30 | 002,164,864 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/14 03:36:52 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll
    MOD - [2012/11/14 03:35:38 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
    MOD - [2012/11/14 03:35:37 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
    MOD - [2012/11/14 03:35:26 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
    MOD - [2012/11/14 03:35:26 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
    MOD - [2012/11/14 03:35:25 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
    MOD - [2012/11/14 03:35:24 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
    MOD - [2012/11/14 03:35:08 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
    MOD - [2012/11/14 03:35:04 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll
    MOD - [2012/11/14 03:09:16 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
    MOD - [2012/11/14 03:09:07 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
    MOD - [2012/11/14 03:09:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
    MOD - [2012/11/14 03:08:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
    MOD - [2012/11/14 03:06:20 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
    MOD - [2012/11/14 03:06:19 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
    MOD - [2012/11/14 03:06:17 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
    MOD - [2012/11/14 03:06:15 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
    MOD - [2012/11/14 03:06:14 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
    MOD - [2012/11/14 03:06:14 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
    MOD - [2012/11/14 03:06:10 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/31 13:20:48 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
    MOD - [2010/01/08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
    MOD - [2010/01/08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
    MOD - [2009/09/29 22:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
    MOD - [2009/04/12 21:37:34 | 000,188,928 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.01.05\aasp.dll
    MOD - [2009/04/07 09:25:44 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\vvc.dll
    MOD - [2008/01/17 16:46:20 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\cpuutil.dll
    MOD - [2008/01/17 03:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.01.05\cpuutil.dll
    MOD - [2005/06/22 17:39:56 | 000,204,851 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\PowerDll.dll
    MOD - [2005/06/22 04:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.01.05\PowerDll.dll
    MOD - [2004/12/14 10:08:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\AsHtmlEngine.dll
    MOD - [2004/02/05 17:44:58 | 000,373,760 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\SoundPlay.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/08/06 11:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2012/07/27 21:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/06/29 07:02:24 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
    SRV:64bit: - [2011/06/29 07:02:24 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV:64bit: - [2011/06/29 07:02:16 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/15 11:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
    SRV:64bit: - [2009/07/15 11:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/12 14:22:38 | 002,452,912 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/10/26 20:25:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/24 11:36:26 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/08 23:54:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/08/24 06:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/15 18:52:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/11/03 13:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/08/31 13:20:38 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
    SRV - [2011/05/12 15:35:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/02/24 00:42:54 | 000,025,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Origin Games\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
    SRV - [2011/02/16 14:15:48 | 003,922,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/18 01:21:54 | 000,112,640 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
    DRV:64bit: - [2012/09/18 01:21:54 | 000,022,016 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/07/27 23:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/07/27 20:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/03/12 16:17:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
    DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/09/08 16:03:28 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2011/07/28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/22 15:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/06/23 04:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/01/14 07:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
    DRV:64bit: - [2010/01/14 07:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
    DRV:64bit: - [2010/01/14 07:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
    DRV:64bit: - [2010/01/14 07:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
    DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/20 14:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/01/30 16:29:52 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2007/02/15 19:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
    DRV - [2012/02/02 17:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 8A F3 51 0C 9C CB 01 [binary data]
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "Google.com"
    FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
    FF - prefs.js..extensions.enabledAddons: {30E08C68-889E-11E0-95EF-DA7E4824019B}:0.8
    FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
    FF - prefs.js..extensions.enabledAddons: {87bd0c45-2e04-11e2-8271-b8ac6f996f26}:2.0.14


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Julian Liu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Julian Liu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julian Liu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julian Liu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Julian Liu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/15 16:44:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 20:25:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 20:24:49 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/15 16:44:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 20:25:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 20:24:49 | 000,000,000 | ---D | M]

    [2010/12/21 21:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Extensions
    [2012/11/13 22:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions
    [2012/03/19 20:08:30 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
    [2011/10/15 21:07:57 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\battlefieldplay4free@ea.com
    [2012/09/27 20:59:30 | 000,000,000 | ---D | M] (ExHentai Easy) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
    [2011/04/28 15:38:46 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\searchtoolbar@zugo.com
    [2012/08/06 18:15:28 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\wecarereminder@bryan
    [2012/05/28 22:55:43 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\personas@christopher.beard.xpi
    [2012/08/16 17:45:39 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
    [2012/11/14 04:21:12 | 000,004,011 | ---- | M] () (No name found) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\{87bd0c45-2e04-11e2-8271-b8ac6f996f26}.xpi
    [2012/08/06 19:20:46 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/04/17 23:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\searchplugins\conduit.xml
    [2012/10/26 20:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/05 00:11:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/10/26 20:25:11 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/01/05 23:27:44 | 000,060,928 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
    [2012/08/29 21:23:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2012/10/12 00:55:23 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Julian Liu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Julian Liu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Julian Liu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Google Drive = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: We-Care Reminder = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.24_0\
    CHR - Extension: Skype Click to Call = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
    CHR - Extension: uTorrentControl2 = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\
    CHR - Extension: Gmail = C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/11/15 20:47:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files
  11. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
    ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
    O4 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{839A803F-833A-40CD-843B-BFEB67466485}: NameServer = 206.10.10.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9513DDDF-98C3-4494-A661-F687A3725B35}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/08/12 19:36:42 | 000,664,029 | R--- | M] () - D:\Autorun.dbd -- [ UDF ]
    O32 - AutoRun File - [2006/08/12 04:18:20 | 000,126,976 | R--- | M] (Macrovision Corporation) - D:\AutoRun.exe -- [ UDF ]
    O32 - AutoRun File - [2006/08/12 04:18:20 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2006/08/12 04:18:20 | 000,000,367 | R--- | M] () - D:\AutoRun.ini -- [ UDF ]
    O32 - AutoRun File - [2006/08/12 19:36:42 | 000,003,902 | R--- | M] () - D:\Autorun.txt -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-1559364911-4103696722-2751451576-1001..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/15 20:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
    [2012/11/15 20:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    [2012/11/15 20:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PosteRazor
    [2012/11/15 20:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
    [2012/11/15 20:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012/11/15 20:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
    [2012/11/15 20:37:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/15 20:37:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/15 20:37:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/15 20:36:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/15 20:36:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/15 20:31:44 | 005,001,745 | R--- | C] (Swearware) -- C:\Users\Julian Liu\Desktop\ComboFix.exe
    [2012/11/14 21:50:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Julian Liu\Desktop\aswMBR.exe
    [2012/11/14 21:48:21 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\Desktop\RK_Quarantine
    [2012/11/14 21:45:02 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Julian Liu\Desktop\TDSSKiller.exe
    [2012/11/14 20:23:21 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Julian Liu\Desktop\dds.com
    [2012/11/12 16:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2012/11/12 16:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2012/11/10 13:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942
    [2012/11/05 00:10:48 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\AppData\Local\ConduitEngine
    [2012/11/05 00:10:45 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\AppData\Local\uTorrentControl2
    [2012/11/05 00:10:44 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\AppData\Local\NCH
    [2012/11/04 02:31:37 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\Documents\My Cheat Tables
    [2012/11/02 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\AppData\Local\ArmA 2
    [2012/11/01 20:54:23 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\Desktop\New folder (3)
    [2012/10/26 20:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/24 13:04:55 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\Desktop\Group 5 picture
    [2012/10/17 14:46:03 | 000,000,000 | ---D | C] -- C:\Users\Julian Liu\Desktop\JULIANYOURSHIT
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/15 22:00:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/15 21:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/15 20:47:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/15 20:36:38 | 000,015,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/15 20:36:37 | 000,015,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/15 20:31:55 | 005,001,745 | R--- | M] (Swearware) -- C:\Users\Julian Liu\Desktop\ComboFix.exe
    [2012/11/14 23:00:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/14 22:41:32 | 000,000,512 | ---- | M] () -- C:\Users\Julian Liu\Desktop\MBR.dat
    [2012/11/14 21:50:29 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Julian Liu\Desktop\aswMBR.exe
    [2012/11/14 21:48:09 | 000,673,280 | ---- | M] () -- C:\Users\Julian Liu\Desktop\RogueKiller.exe
    [2012/11/14 20:23:24 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Julian Liu\Desktop\dds.com
    [2012/11/14 20:12:44 | 000,302,592 | ---- | M] () -- C:\Users\Julian Liu\Desktop\srk2glx7.exe
    [2012/11/14 03:58:29 | 005,267,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/14 03:58:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/14 03:57:39 | 536,219,647 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/14 03:08:18 | 000,793,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/14 03:08:18 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/14 03:08:18 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/10 13:38:11 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
    [2012/11/10 11:16:24 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/11/10 11:16:24 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/11/10 11:15:56 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/11/06 10:50:20 | 000,001,113 | ---- | M] () -- C:\Users\Julian Liu\Desktop\GameLauncher.exe - Shortcut.lnk
    [2012/11/02 02:10:33 | 000,001,760 | ---- | M] () -- C:\Users\Julian Liu\Desktop\Left 4 Dead Add-ons.lnk
    [2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Julian Liu\Desktop\TDSSKiller.exe
    [2012/10/29 08:40:02 | 000,002,048 | ---- | M] () -- C:\Users\Julian Liu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/10/28 23:53:56 | 000,009,741 | ---- | M] () -- C:\Users\Julian Liu\Desktop\BannedStory_Project.bsproj
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/15 20:44:46 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/11/15 20:44:41 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
    [2012/11/15 20:44:41 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/11/15 20:44:41 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/11/15 20:44:41 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2012/11/15 20:44:41 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/11/15 20:44:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/11/15 20:44:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/11/15 20:44:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/11/15 20:44:41 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2012/11/15 20:44:41 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/11/15 20:44:41 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/11/15 20:44:41 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/11/15 20:44:40 | 000,002,712 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/11/15 20:44:40 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/11/15 20:44:40 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
    [2012/11/15 20:44:40 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Play BF2 SF Online Now!.lnk
    [2012/11/15 20:44:40 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
    [2012/11/15 20:44:40 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Soldier Front.lnk
    [2012/11/15 20:44:40 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Play BF2 Online Now!.lnk
    [2012/11/15 20:44:40 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
    [2012/11/15 20:44:40 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\GTA San Andreas.lnk
    [2012/11/15 20:44:40 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
    [2012/11/15 20:44:40 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/11/15 20:44:40 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/11/15 20:44:40 | 000,001,603 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
    [2012/11/15 20:44:40 | 000,001,580 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS3.lnk
    [2012/11/15 20:44:40 | 000,001,527 | ---- | C] () -- C:\Users\Public\Desktop\Red Alert 2.lnk
    [2012/11/15 20:44:40 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
    [2012/11/15 20:44:40 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
    [2012/11/15 20:44:40 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
    [2012/11/15 20:44:40 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/11/15 20:44:40 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
    [2012/11/15 20:44:40 | 000,001,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS5.lnk
    [2012/11/15 20:44:40 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
    [2012/11/15 20:44:40 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
    [2012/11/15 20:44:40 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
    [2012/11/15 20:44:40 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    [2012/11/15 20:44:40 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/11/15 20:44:40 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
    [2012/11/15 20:44:40 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\PRmumble(0.5beta).lnk
    [2012/11/15 20:44:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/11/15 20:44:40 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
    [2012/11/15 20:44:40 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2012/11/15 20:44:40 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
    [2012/11/15 20:44:40 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2012/11/15 20:44:40 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
    [2012/11/15 20:44:40 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2012/11/15 20:44:40 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/11/15 20:44:40 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
    [2012/11/15 20:44:40 | 000,000,177 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
    [2012/11/15 20:44:40 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk.temp
    [2012/11/15 20:44:39 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk
    [2012/11/15 20:44:39 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk
    [2012/11/15 20:44:39 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
    [2012/11/15 20:44:39 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/11/15 20:44:39 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
    [2012/11/15 20:44:39 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
    [2012/11/15 20:37:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/15 20:37:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/15 20:37:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/15 20:37:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/15 20:37:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/14 22:41:32 | 000,000,512 | ---- | C] () -- C:\Users\Julian Liu\Desktop\MBR.dat
    [2012/11/14 21:48:04 | 000,673,280 | ---- | C] () -- C:\Users\Julian Liu\Desktop\RogueKiller.exe
    [2012/11/14 20:12:42 | 000,302,592 | ---- | C] () -- C:\Users\Julian Liu\Desktop\srk2glx7.exe
    [2012/11/14 03:07:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/14 03:01:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/10 13:38:11 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
    [2012/11/06 10:50:20 | 000,001,113 | ---- | C] () -- C:\Users\Julian Liu\Desktop\GameLauncher.exe - Shortcut.lnk
    [2012/11/02 02:10:33 | 000,001,760 | ---- | C] () -- C:\Users\Julian Liu\Desktop\Left 4 Dead Add-ons.lnk
    [2012/10/28 23:53:55 | 000,009,741 | ---- | C] () -- C:\Users\Julian Liu\Desktop\BannedStory_Project.bsproj
    [2012/06/21 09:57:44 | 000,000,049 | ---- | C] () -- C:\Users\Julian Liu\jagex_cl_runescape_LIVE.dat
    [2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/13 15:53:12 | 000,000,545 | ---- | C] () -- C:\Users\Julian Liu\.drjava
    [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/08/25 14:33:09 | 000,019,516 | ---- | C] () -- C:\Windows\DIIUnin.dat
    [2011/05/31 01:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2011/05/31 01:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2011/05/27 20:35:30 | 000,000,160 | ---- | C] () -- C:\ProgramData\~50124640r
    [2011/05/27 20:35:29 | 000,000,136 | ---- | C] () -- C:\ProgramData\~50124640
    [2011/05/22 22:57:43 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/15 16:36:06 | 000,221,344 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2011/05/15 16:36:04 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2011/04/28 20:44:14 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/04/11 20:08:50 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2011/03/19 09:32:15 | 000,075,902 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
    [2011/03/18 17:24:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
    [2011/03/07 22:35:18 | 000,028,367 | ---- | C] () -- C:\Users\Julian Liu\AppData\Roaming\OFMissionEditorConfig.xml
    [2011/02/12 12:16:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2011/02/12 12:16:44 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2011/02/01 16:42:44 | 000,007,612 | ---- | C] () -- C:\Users\Julian Liu\AppData\Local\Resmon.ResmonCfg
    [2011/01/25 22:56:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/01/02 16:02:29 | 000,000,600 | ---- | C] () -- C:\Users\Julian Liu\AppData\Local\PUTTY.RND
    [2010/12/22 06:29:38 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/12/22 06:29:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/12/15 00:13:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/12/14 23:42:08 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2010/12/14 23:42:08 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2010/12/14 23:40:46 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/12/14 23:40:44 | 000,033,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/02/22 19:05:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Rainmeter
    [2012/11/09 23:47:28 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\.minecraft
    [2012/08/09 09:42:58 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\.techniclauncher
    [2011/01/24 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\acccore
    [2011/08/20 02:04:10 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Audacity
    [2011/03/12 13:12:55 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Canon
    [2012/03/12 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\DAEMON Tools Lite
    [2011/03/12 14:41:06 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Downloaded Installations
    [2011/09/10 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\fltk.org
    [2011/07/17 09:22:50 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\go
    [2011/03/05 09:55:38 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Guitar Pro 6
    [2011/03/15 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\ijjigame
    [2011/09/10 19:39:44 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\mkvtoolnix
    [2012/09/17 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Mount&Blade Warband
    [2011/04/11 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Mumble(PR Edition)
    [2011/08/20 02:07:39 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\NCH Swift Sound
    [2011/02/07 17:08:22 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Notepad++
    [2012/04/17 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\ooVoo Details
    [2012/03/12 16:17:15 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\OpenCandy
    [2012/08/09 08:10:15 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Origin
    [2012/01/29 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\PACE Anti-Piracy
    [2011/10/26 17:24:12 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Publish Providers
    [2011/10/19 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\pymclevel
    [2012/02/14 22:37:33 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Rainmeter
    [2012/01/04 06:15:30 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\RenPy
    [2011/10/27 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Sony
    [2011/07/28 00:42:22 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Spotify
    [2011/03/13 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\SYSTEMAX Software Development
    [2011/01/30 15:49:07 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\TeamViewer
    [2012/08/08 10:41:46 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\TS3Client
    [2012/09/15 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\ts3overlay
    [2011/03/18 17:56:33 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Tunngle
    [2012/01/29 10:08:49 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\Unity
    [2012/11/15 22:31:00 | 000,000,000 | ---D | M] -- C:\Users\Julian Liu\AppData\Roaming\uTorrent
    [2012/02/22 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Waksman\AppData\Roaming\Rainmeter

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    (C:\Users\Julian Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????) -- C:\Users\Julian Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\オーガスト
    (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\オーガスト

    < End of report >
  12. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    OTL Extras logfile created on: 11/15/2012 10:23:01 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian Liu\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 43.68% Memory free
    12.00 Gb Paging File | 8.78 Gb Available in Paging File | 73.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1397.03 Gb Total Space | 453.49 Gb Free Space | 32.46% Space Free | Partition Type: NTFS
    Drive D: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JULIANLIU-PC | User Name: Julian Liu | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1559364911-4103696722-2751451576-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1CC58B96-C0B8-4045-B458-A535A7A42495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{20F3D880-BE25-49C2-9331-2F646017DE33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{27AD246A-F78C-4249-B09E-188388BEF50E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2A2B8D79-ED3E-495E-8BBE-D5199E733C79}" = rport=139 | protocol=6 | dir=out | app=system |
    "{38356ABE-AEC3-4C39-8517-8C57EBA40E04}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{53742E5A-4839-4E50-B242-E6A3A2849674}" = lport=137 | protocol=17 | dir=in | app=system |
    "{58A1546C-1969-469A-BA56-12297E6C5F2B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{5B5EB4BC-E06F-4152-AE5D-C04222827894}" = rport=138 | protocol=17 | dir=out | app=system |
    "{63F5EE0B-643B-40B2-B67B-70EF7B7736E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6834E430-1DEA-46FE-9F96-25B7CC2D7759}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6E9A7F6A-2296-4074-BF0E-F89603D0E505}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{71517A5E-A2BC-42BE-9F0E-6200DC43600D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{761AAD38-D2AE-4A82-8905-30FB76728EF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{82383ECA-74E0-4151-B4FC-354A6A819313}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{85E77853-1AB8-4A6F-9D49-FE404230E22D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8FF37836-31E7-4546-BD79-A6C94F8FB0A0}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{8FF64D0E-8F29-4CBD-8927-EC1DAF900918}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{911DAAC5-61F3-4C88-894D-0BC8FFBE25C0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{954686FC-C5E5-423A-AE0A-CF04329F2741}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B05917C7-F184-4CD0-90CF-3638708DDCDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B33CFCFD-A17C-438F-9843-2290F4A3A4A9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{B746DF63-413E-4C31-88D2-25FDA640B8C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CD5F6F83-A314-489A-B7F0-405AC79FFF89}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CEBC9C07-55E4-48E3-A554-ECBEB3847378}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DDFEA27F-7640-45B4-9F56-738ABAA4B396}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F24A02A8-5E08-40D1-97E4-81515ABACAB9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{F63E7225-368E-4C5E-8F98-A1DE784223FA}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F784576B-0C3D-43C5-94FC-86D3800812E1}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003B8030-4A17-4199-BDBA-832B3F92347F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{03031296-7A69-4650-8A9F-3A8EC6329F6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{03560C22-FB85-4E9B-8F97-E68C96D948D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{0524D740-8FE8-4CC0-87AC-CA92779515F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{066A7076-E380-45F6-ADB1-C3E096FCCFBC}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
    "{0BC6C7D4-1FFB-4587-9628-A6766DEAAD7F}" = protocol=6 | dir=out | app=system |
    "{0C52C759-A0B2-48A4-ACA3-98563696829E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{0C930ADF-BBB7-45A5-A666-B031691E1BC5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{0C938ACD-A9DE-4E6D-8C54-8FD87F5FF6B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{0D8A8C18-7CDD-4D3D-B17B-7F42C98B355C}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe |
    "{11EF9860-C2CA-4F38-92D4-EDD9229D2EC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{1286E1C4-8D0E-4433-8A8B-AA95106BC72E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
    "{142A7CB7-7A0D-45AA-86ED-CF5A2847812F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
    "{17D8177F-FEEF-447B-BC1C-504903CB4ACD}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
    "{186077BA-E113-490C-9FED-D08531663AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
    "{19F13713-E2B3-4B65-BF64-A050186FE22D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{19FE3FCD-0FFA-4D70-81C4-E5046D24946A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1C5EECBF-629E-4AF2-A15A-ABBC34C34786}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{1C9A314F-4DBA-4D77-965A-9A5F3E087C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\garrysmod\hl2.exe |
    "{1E30C5C8-5F70-4597-99BE-78F5B5975562}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{1E812440-CF79-421F-AB61-2B97F524DE63}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{1E8A79DF-3F80-441E-AF2C-16EB0F758ECB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{22C614FE-757C-4BE1-B433-250D82F26B2A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{246E3386-842A-479E-83BD-033E04736C13}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe |
    "{248BCD3D-2401-48CD-B438-0D7D266EE6A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{25434665-34DF-462D-9F15-1C1DDA74646B}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "{2661F9F2-BAF3-4F5A-A431-F5B3CF7716AB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
    "{278A7F0E-C53D-4273-A289-56D33DBD30EB}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe |
    "{288A16BC-8BEE-4CD3-898E-F2F4FE2B5E5C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{2A42EEFC-9775-4815-A1D4-874AF4FD0C43}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{2AA80248-23E6-40D1-B35C-DDFA3401A25A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{2ACC869A-5D07-4191-B077-A7097EF5B532}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{2D6D8F8F-8B06-4D52-B81B-B184BBBF6A31}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
    "{2D8C753B-5E00-4959-A712-A18A7F6D3276}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{2F142036-E33C-4705-9D98-574106BFA90B}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{2FC1C0D9-AFFB-4729-B6D7-0025E0DDF7EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
    "{3480503B-50CA-4D7F-9D65-DA597EB057FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{35CD6330-1163-424E-B27A-A0FC646889BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{398EB636-6DD5-4B7D-996D-83F4E7C6C790}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
    "{3A6E2F59-FF23-4E6F-8FF2-EF7CE36611A6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{3F726889-A3D6-402E-B4E0-0E8B935129D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{40EC5755-B496-46B7-88DF-26CAF8776061}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{4177F177-0E9A-4823-B207-36FE69601DD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{45CA0DD6-8EBA-4E78-B2EE-411B67EF223B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{4824B9F5-3BB6-4668-8D9F-F40D6F81B32B}" = protocol=6 | dir=in | app=c:\users\julian liu\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4AB1CCE0-433E-4DE0-AD48-F2AD81A874E1}" = dir=in | app=%userprofile%\downloads\minecraft.exe |
    "{4B6C526E-CAED-47D5-B0AC-45BEF7D6B8BA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{4D31DF0D-C147-42DC-B27B-3BFA21A17BE9}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{4D88495C-2366-49EC-8F3D-08C453D8C892}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
    "{4F7353E6-5B47-4FCB-BACB-4567C0D9A4B7}" = dir=in | app=%programfiles% (x86)\pando networks\media booster\pmb.exe |
    "{53185C93-DDE3-4A18-B770-44BA28E23A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{53E9C187-6A9D-4953-BE2A-1EF99176502B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{544AC731-124B-4A6A-88BE-CE651EE7DC7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{561A7164-1536-48DA-99EB-CBBCE0D28894}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{56AD41FF-F207-4465-9AD9-132B0BC9C957}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{576598CC-E95D-484E-83EE-5CCBD56F6B5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{58169532-DBE2-4B37-AC3C-7D4762A41459}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{588BC285-3A6C-41B3-BD94-CA1F8B936471}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "{5C805D58-AD2F-4781-BA3D-EE811B718ABC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5E3B1910-3AD6-4CE1-A659-1B5BAFC15888}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5F7248E8-A2FA-47D5-9CF6-AB8580EBBA0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{60B8F253-7363-4AE5-9E4E-F9F19C4E696D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{662A5C09-9BE2-4CFE-86EB-8CAF0475DC48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{664D444C-6F89-484F-B900-DD8487E7C3FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{67E0D72D-177C-4316-9708-333A6259D1F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
    "{685D2794-875B-4CAA-B15E-37FA902E06E7}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
    "{6B02240A-B603-48D9-8CAF-514FF4B30BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{6B07DA8C-8010-43D6-B190-B40E05C5C2BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{6DEBDBDC-4B5F-4B53-8A07-D6100FD6BC2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6DFA16EC-1680-4453-996D-7639A9B15637}" = protocol=6 | dir=in | app=c:\users\julian liu\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{6F383974-3615-4533-A543-D0E7496BAF05}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{739BEC30-2531-4CD2-BD9B-0638A533F16F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{74F82022-41E5-41CC-99DA-8F0019A637E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{779F82AC-BC02-40DD-A3C1-FCCF58DFD6E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{78473C6E-98B7-4561-AFC3-3A4873650EF1}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
    "{7946F85D-3917-40D7-8ADA-9D6D01899CDD}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
    "{7A235160-6CC0-47C6-8EA8-291A4347B17C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{7A7C1AAA-F5B7-4C60-82B4-6DDCEAB8DCA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{7BBC4791-5323-47E5-88FD-6C09325AA9C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{7C9294A6-076D-4B87-B9DE-AB33CCFC11EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{7D85921A-B4EA-4F63-BDC4-9904D6E1F200}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
    "{7E940C15-7727-4BB0-9B3B-35875D305BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
    "{7F37A0E3-7BE0-4382-B06D-DB1EA8912C20}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\daoriginslauncher.exe |
    "{8298F711-A023-44C9-8E86-8C47A9D20C44}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
    "{832AE5E1-B3E3-4E6C-AAE5-6B99445C2269}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
    "{847F46DA-BEED-4565-9582-D2DBBAD8027C}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{8644162F-F947-4F81-9542-BEFC81D1A448}" = protocol=6 | dir=in | app=c:\users\julian liu\appdata\local\temp\update_9ad5.exe |
    "{86F1F848-732B-402C-BC62-6BBD604A8469}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{8BC80AF8-03B1-4F03-83D9-89BF94BD8B40}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{8F36DCEB-8C27-4816-A223-53ECFECE15B3}" = protocol=17 | dir=in | app=c:\users\julian liu\appdata\local\temp\update_9ad5.exe |
    "{8FB63CE5-38E0-4EE5-ABA1-F159023555BD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
    "{92B6154F-7679-4C90-9EC8-FF18D358625F}" = protocol=17 | dir=in | app=c:\users\julian liu\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{948BD685-D82A-430A-B21F-4443068C7786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{969E3871-A3BB-42D1-8109-E3E36618CA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\garrysmod\hl2.exe |
    "{987BCCF0-CB16-4605-AB05-8566D9D20210}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
    "{994E7661-6842-4D79-9B65-6F4EE31BCD57}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
    "{99CA0DBA-84B9-41D6-A42F-0AD22A5A3F0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
    "{9AC11070-431B-49C0-B014-57EFDA3559DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
    "{9B7C05DE-6845-4D9D-97AB-44527E0A067E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{9E2669A2-5039-4D88-BB94-3085E9FD2CE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{9FEC8A7D-8B72-420B-BAB4-171A40FDFEF1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{A0D8D3C1-7C3E-42FE-8F52-F0AA8F426CA8}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{A13251C9-BF1A-4389-A597-F04C45656AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
    "{A214770F-1671-4277-BF1E-9FF057774A0F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\daoriginslauncher.exe |
    "{A34E8EF0-8890-46B5-B1A1-E626D5C58C03}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
    "{A59CF716-C673-499F-8F0E-5813806BC9B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{A6A53003-9F3D-4314-86A0-C011DDAE4BE0}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe |
    "{A8B29B39-4BBB-4E4B-9BC9-07C2B7D92E28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AB32E3D6-BBE8-4847-8C21-757DCE98B28E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
    "{AB32E45F-FAD7-4F5D-A374-0AFAAED60F9E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{AE15042E-EFA8-42BE-81D1-DEFCAE0AAF37}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{B13E7B24-AAB6-4099-867B-B9719DC59BE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{B1BBE534-2A9C-49A5-B801-EC8047BB3851}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{B4B9CC33-FDA6-4407-A0F6-E472D4F940F3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B5350A6A-18E8-4A3D-A2B2-F5C19FD1C944}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
    "{B5413EDB-544F-4C38-BD35-1FA6AFB16146}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{B8136117-20F0-4749-89DA-D0B653832DBC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{BB140732-E10D-4AC8-B908-BDF00ABF6C2D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{BC57F1D3-9738-48CA-940F-2318299304E8}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{C17FDA9B-2F41-4A27-A1C2-E9C9420A285E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
    "{C4B3D7C8-5866-4C79-8720-642CB0B969F9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe |
    "{C7A8177C-5A8D-4525-92B1-56F488CF447C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C8D18E26-4AD7-4407-97A9-5BD01094CF78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C95791EF-9365-401C-8098-D2ADC6B2EA61}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
    "{CAF7621B-2FF6-456F-B319-AAA06E958D86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
    "{CB89AABE-ACC5-4BBE-8F98-62C802F6F978}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
    "{CE9AEB37-C305-43E4-A447-566DD9D6B7D8}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{D0647D41-AD98-4473-BE5D-AE233C565096}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{D1CABD3D-5D4B-4EF6-BF4F-6F91454C07AB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{D7306878-B435-4B06-B812-9C52B3A9491F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
    "{D736B410-F0E4-474F-ACFD-F8988BBEF3F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
    "{D86C26DD-21C2-4B8A-8402-759AA90E2FA4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{DB8AE848-7575-42C5-9421-48F243625C17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DC43407D-4D28-4C07-A438-954E169F841A}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
    "{DE9806E0-487B-44DA-9940-7DE642A53C8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DF1EE18C-A0BE-44F6-9C23-55884DFC343E}" = protocol=17 | dir=in | app=c:\users\julian liu\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{DFE2B171-89A5-4E4C-A4CC-AB43B646BF23}" = protocol=58 | dir=in | app=system |
    "{E0B668FB-01FD-469A-9BE4-1939C469E69E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe |
    "{E0EBD2F6-888F-4AE5-8C66-1982772C15DD}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe |
    "{E20D7370-3DC8-40B0-AB08-D08B3B660D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe |
    "{E521FB41-EC24-49F5-84E8-907A41516267}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{EA33C413-579A-47DB-84FB-7577D79D35DC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{EAFA8F70-27FE-4477-889A-33AD898B8703}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{EB394BDF-0A05-4A52-93C1-3CA7735ABDAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
    "{EB5E8410-812B-476E-A2BF-5F57D667D03E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{ECCAAA03-ED12-4DEE-93FC-4BB7C64E770D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{ED611008-EFFB-494B-8C64-21D0885E9542}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{ED84F34A-4292-44B8-8437-3325F8B255D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
    "{EEAF0CE5-B4D1-4A58-B69D-5E4E099DC3E9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{EF6027C6-6E52-4E70-B860-DCD11833800E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{F49FD8EF-7A32-4D6D-922E-55C70E0E9761}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
    "{F7296F5F-BCAD-4CDA-B23E-3A9F04F0E759}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{F77E3072-6280-4906-AE0C-51475D091717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{F782ACD3-9AE1-42AF-9EC5-D2A0AED7F46B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{F94A0A05-09CC-4668-B62A-E64CF7F688A9}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{FB463A03-EB66-4B4C-9DC0-AC5A940056A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FEACE488-8633-448E-A884-BC87C685524C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{FED62590-0EE0-4E76-BA14-691697A279CB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{FFFCCC61-FBD7-4D2F-8C8D-33DED869B55B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "TCP Query User{0BF78028-DB94-4277-8BD2-E1AE55635FCB}C:\users\julian liu\desktop\folders\aiw-client\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\folders\aiw-client\iw4mp.dat |
    "TCP Query User{0CAF1E66-60C8-4740-A69B-46862CFEA409}C:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe |
    "TCP Query User{0E1D1472-C26E-48DB-AE1C-2E5A139C02BF}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
    "TCP Query User{150635EE-E079-43B8-BF8D-8A938A18BA3E}C:\users\julian liu\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\julian liu\appdata\local\temp\rarsfx0\hl.exe |
    "TCP Query User{182DED36-DA02-4EEF-8C21-84A19EE6A8BB}C:\users\julian liu\desktop\terraria\terraria.exe" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\terraria\terraria.exe |
    "TCP Query User{188ABA19-4EFD-4D30-8F3E-23B6B981AE6E}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "TCP Query User{19B816D2-4AFA-4BD3-9762-26EF3109A5BE}C:\program files (x86)\steam\steamapps\killarbob\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\source sdk base 2007\hl2.exe |
    "TCP Query User{1C403C2B-8A7D-4B89-9C55-285E8DBBA149}C:\program files (x86)\ea games\pte\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\pte\battlefield play4free\bfp4f.exe |
    "TCP Query User{29C0592A-167A-4AAA-A322-FC32D8549631}C:\users\julian liu\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\julian liu\downloads\starcraft_2_na_en-us.exe |
    "TCP Query User{2A3851AB-4DE9-4BD9-9789-0AD69BC7350C}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "TCP Query User{2B1C1144-05EF-420D-BC4C-3310CC3A0E17}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
    "TCP Query User{2B8997BB-5AAB-47A2-A921-B7B08CC06C03}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
    "TCP Query User{31753968-0825-4772-AA12-208931D80256}C:\users\julian liu\desktop\aiw-client\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\aiw-client\iw4mp.dat |
    "TCP Query User{33FD2150-88F0-4B18-9B4C-61C17CAFD85C}C:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe |
    "TCP Query User{37AC2510-F746-4828-B9D4-F3494EE0871F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
    "TCP Query User{3A62F259-BADA-4939-B635-49923489F3AC}C:\program files (x86)\origin games\dragon age\bin_ship\eacoreserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\eacoreserver.exe |
    "TCP Query User{3B78C136-D307-41EB-95BF-33CDF3F85706}C:\program files (x86)\steam\steamapps\killarbob\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\garrysmod\hl2.exe |
    "TCP Query User{3DEA4F51-ACD5-4782-A0CB-F9AFFD98266D}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
    "TCP Query User{40A7FC8A-F19F-431C-B1C4-CBFAB90DE1C6}C:\users\julian liu\desktop\folders\terraria\terraria.exe" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\folders\terraria\terraria.exe |
    "TCP Query User{4C3E6975-E5BD-473D-8728-0F4AB1318EC6}C:\users\julian liu\desktop\server wiht admin powers\zicores minecraft admin.exe" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\server wiht admin powers\zicores minecraft admin.exe |
    "TCP Query User{57D7CD9D-2521-485B-A3E3-65A042D2E61B}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
    "TCP Query User{596B6CB8-0C15-4F65-AFD0-8660D974054C}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
    "TCP Query User{669F8794-0D58-490F-BFE9-0979AAFA4F67}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{7080E139-AB6C-44DA-8A88-0CFD319C87B3}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
    "TCP Query User{733AF25A-C5A3-4530-96CF-BA55665455A5}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
    "TCP Query User{785A1D32-E447-4E35-905A-E50AF6E70CEF}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "TCP Query User{79C5E137-F015-43D0-BF4B-B5FD23892AC0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{80C9839E-EFA3-4B3F-9A83-41520E0E8547}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
    "TCP Query User{82695A97-4942-4ED4-BA29-CF1F9EE76739}C:\users\julian liu\desktop\aiw-client\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\aiw-client\iw4mp.exe |
    "TCP Query User{94F455E5-3289-4643-B4C4-20FE71461442}C:\users\julian liu\desktop\terraria test\terraria.exe" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\terraria test\terraria.exe |
    "TCP Query User{951B3441-B02D-40E7-9ABC-6A0B39E9D5ED}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
    "TCP Query User{968B5C9C-4773-4F69-8C9C-949EC9CBC3F5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{B5BF36B1-9F76-4835-9D9C-8EEBFE333936}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
    "TCP Query User{B669D3FF-762E-4C35-BFF5-0B15B25BE711}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "TCP Query User{B8E55D07-D3FF-4CBE-8A89-DFA61FE88D61}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe |
    "TCP Query User{BDA5E0FB-9748-40F6-A753-8E39D76CDBE6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{C2231267-F7AC-404C-847C-82F51167CDA1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{C41959F5-E310-4889-BF1A-51BBDD36FB92}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
    "TCP Query User{C62A1868-14E4-4FBB-A9CB-966ED7840721}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
    "TCP Query User{CD8FCD17-BF2C-47B6-B2AE-261F1E60C797}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
    "TCP Query User{D47494F4-E955-4398-82A6-189AD8B11DFA}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "TCP Query User{DC606BD9-5543-46E8-93EA-1631BFCCE952}C:\users\julian liu\desktop\folders\aiw-client\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\julian liu\desktop\folders\aiw-client\iw4mp.exe |
    "TCP Query User{E0B564F3-EE9D-4F5A-941E-89B5A07A0C16}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{EBC32272-2A43-469C-B47B-C527BFAE83FE}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
    "TCP Query User{EEA556E1-F1F9-4CA9-A2B5-937C190D5E70}C:\program files (x86)\steam\steamapps\killarbob\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\team fortress 2\hl2.exe |
    "TCP Query User{EF2B070E-B735-43D3-AB13-52705FBB2823}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
    "TCP Query User{F52055BB-79AB-4DA9-84A3-B510F7D83E2A}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
    "TCP Query User{F610B0E5-6514-4298-BF93-2009231AE31D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "UDP Query User{0C05E5C3-A2D9-4289-8679-FF35FA50EA1E}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
    "UDP Query User{0E2A875B-43D9-483B-83A5-846E012EECEE}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
    "UDP Query User{13D0AE6A-7A3C-4AAD-81B6-ED34719E9C9E}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
    "UDP Query User{13E71CBA-1607-4E0C-8677-AC5E8667FB1D}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "UDP Query User{20F54ECB-F426-4B6D-B090-7CAB5106CCDC}C:\users\julian liu\desktop\folders\aiw-client\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\folders\aiw-client\iw4mp.dat |
    "UDP Query User{240FFC4E-1765-43D1-9386-D222162FF830}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "UDP Query User{2884CCF3-86ED-4C1E-9DEC-974547B268D7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{2D830497-DD14-434C-8375-BC471AB76C6E}C:\users\julian liu\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\julian liu\appdata\local\temp\rarsfx0\hl.exe |
    "UDP Query User{2FF124D9-C801-459A-8B7B-6793223D23EB}C:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe |
    "UDP Query User{30657867-C5FB-4214-AEB0-A05EA1E264B0}C:\users\julian liu\desktop\folders\aiw-client\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\folders\aiw-client\iw4mp.exe |
    "UDP Query User{37C71764-6CA7-4E4F-8DA9-149B6E63F1C3}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
  13. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    "UDP Query User{3CA24A40-A778-4A7B-A4C9-30952EA8DADB}C:\users\julian liu\desktop\server wiht admin powers\zicores minecraft admin.exe" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\server wiht admin powers\zicores minecraft admin.exe |
    "UDP Query User{3CDE5CFA-7819-4882-B058-7D3D0B7EEBA1}C:\users\julian liu\desktop\aiw-client\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\aiw-client\iw4mp.exe |
    "UDP Query User{40FD2234-07D3-4671-A4A3-629F2F6220AD}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
    "UDP Query User{44538F2B-EBF0-4E53-A233-55C35AFE4E23}C:\program files (x86)\steam\steamapps\killarbob\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\team fortress 2\hl2.exe |
    "UDP Query User{461A14E1-FB31-4768-8F4B-E7ADFB390D93}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
    "UDP Query User{47DA3E7A-BBB3-436B-A4B7-6132E52EBF7A}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
    "UDP Query User{49AA5627-37FB-4928-9DE4-65CB420BFB34}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
    "UDP Query User{4D7ACA6A-E981-4385-8972-0A5DDA6CB5DB}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
    "UDP Query User{4FF9EC1C-1140-4FEB-A3FD-D7E29A80E4DD}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{64268B1E-5285-4B4E-A518-12C90EAED8BB}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "UDP Query User{65C9F364-048D-424C-AA03-20848CA990AA}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
    "UDP Query User{6EC5EBA1-7AB9-4AE7-BE31-67F5092B30F3}C:\program files (x86)\steam\steamapps\killarbob\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\source sdk base 2007\hl2.exe |
    "UDP Query User{7AA38A96-95CD-4205-9606-1D7A35049D28}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
    "UDP Query User{7D805D36-077F-499B-9B42-5CE6D58E0F37}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "UDP Query User{81D835FC-1240-4435-A9AF-5626F39CCAD6}C:\program files (x86)\ea games\pte\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\pte\battlefield play4free\bfp4f.exe |
    "UDP Query User{8412BD16-E00C-4622-ABA6-162809C2607D}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
    "UDP Query User{84863F06-1660-40B8-BD55-F96AE5E7F540}C:\users\julian liu\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\julian liu\downloads\starcraft_2_na_en-us.exe |
    "UDP Query User{92A4AEDA-4322-41EE-B2F9-F9AD0726CB3F}C:\users\julian liu\desktop\terraria\terraria.exe" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\terraria\terraria.exe |
    "UDP Query User{96148D09-1080-4FFD-918B-69F5BFCF58E8}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
    "UDP Query User{9640AB32-623C-433D-9E67-E44638966EE3}C:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_07\jre\bin\javaw.exe |
    "UDP Query User{9A37ECE8-E573-4BA1-B4FE-1AD4217E3868}C:\program files (x86)\steam\steamapps\killarbob\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killarbob\garrysmod\hl2.exe |
    "UDP Query User{A1656EC6-524D-4606-ABCD-300128BA0277}C:\program files (x86)\origin games\dragon age\bin_ship\eacoreserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\eacoreserver.exe |
    "UDP Query User{A271BE02-5758-4B44-B58B-F533DCDD0F4F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{A56AD621-FA46-4237-B25D-80729BE4D71D}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
    "UDP Query User{AA128616-53E8-41A8-802B-7C5E2A77D576}C:\users\julian liu\desktop\aiw-client\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\aiw-client\iw4mp.dat |
    "UDP Query User{B47B7271-3C60-4DDC-9EC8-7CF2E0CFB082}C:\users\julian liu\desktop\terraria test\terraria.exe" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\terraria test\terraria.exe |
    "UDP Query User{B7DA8A80-0A13-4495-905C-F99A6C366CEB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{BBB74FAD-A86B-4F66-A96E-9ADF20CDC220}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{BC6042DA-0021-4D2A-84B9-FBCFF2805DF7}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
    "UDP Query User{BF2A0135-44B7-4388-9E2D-BF27B16D1D7A}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
    "UDP Query User{CEEB8D44-21EA-49CE-B682-725E6BBD4BED}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
    "UDP Query User{DD4A65C5-0FAA-4DE9-A4B5-0015436D9952}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
    "UDP Query User{DEE427BA-8D3A-4348-B38C-AE88B68A6C88}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
    "UDP Query User{DEF0CA10-7035-4FF9-B9C7-763EE78A43E7}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe |
    "UDP Query User{E3D2A141-D850-4D78-9D38-64B0BB348BBF}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
    "UDP Query User{E64C3D83-4170-4500-B7B4-B930E1F1FFE1}C:\users\julian liu\desktop\folders\terraria\terraria.exe" = protocol=17 | dir=in | app=c:\users\julian liu\desktop\folders\terraria\terraria.exe |
    "UDP Query User{EAF50DCB-C74E-48B4-B4A0-94D4450EC7C8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{056B9C5B-2E8D-4EBC-941C-06C78A30ABB3}" = Microsoft_VC80_ATL_x86_x64
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{138D2BE4-7981-4F34-BA23-81B6B99D0DE6}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
    "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
    "{314DDDC0-E935-11E0-8F9F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
    "{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
    "{3D46855F-7B71-4CF7-A270-62E0E4F05037}" = Microsoft_VC80_CRT_x86_x64
    "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
    "{47A70BC0-BB3E-468B-9E01-56CCD6F2A911}" = Microsoft_VC80_MFC_x86_x64
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{4FEDA15F-C426-5241-0794-FDC432C67710}" = AMD Drag and Drop Transcoding
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5ED9FDE9-E24B-4AB3-9D6B-1303F0696BA8}" = WD SmartWare
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6DB97EF8-603B-FB96-9B56-6F0D23E14263}" = AMD Media Foundation Decoders
    "{6DC8FF97-A9CF-02F2-8FC1-F5E1B69A34E3}" = AMD AVIVO64 Codecs
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D10B35A6-786F-2879-DC2F-EBBD735E51B8}" = AMD Fuel
    "{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}" = AMD Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "DCS A-10C_is1" = DCS A-10C
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Shop for HP Supplies" = Shop for HP Supplies
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
    "{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
    "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0FE78EE7-611A-4422-B062-91039C96F311}" = LogMeIn Hamachi
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
    "{1C78514A-5E5A-E653-1271-DAC1744206E3}" = HydraVision
    "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
    "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
    "{311EBF70-9282-41D1-BAB0-AD22220301B9}" = 3Dカスタム少女
    "{32A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
    "{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
    "{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
    "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
    "{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
    "{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
    "{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{4D5C1F43-2D45-42C1-B4BF-F74BFA28E7FF}" = FinchTV
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
    "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
    "{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
    "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68C64BCD-A71E-4DAF-975A-F76F763372A2}" = Cn3D 4.3
    "{68f20cda-204a-4064-a822-6dcb1437e619}" = Nero 9 Essentials
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
    "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
    "{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
    "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
    "{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
    "{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
    "{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
    "{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94358C28-335B-4E43-BC4E-C59576BAB653}" = CWA Reminder by We-Care.com v4.0.16.3
    "{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
    "{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
    "Afterburner" = MSI Afterburner 2.0.0
    "ArmA 2" = ArmA 2 Free Uninstall
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "BattlEye A2 Free" = BattlEye (A2Free) Uninstall
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "conduitEngine" = Conduit Engine
    "CraftBukkit" = CraftBukkit
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Diablo II" = Diablo II
    "Dyyno Broadcaster" = Dyyno Broadcaster
    "EA Installer.140553725" = EA Installer
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESN Sonar-0.70.0" = ESN Sonar
    "ESN Sonar-0.70.4" = ESN Sonar
    "Floris Mod Pack_is1" = Floris Mod Pack 2.54
    "Fraps" = Fraps (remove only)
    "Google Chrome" = Google Chrome
    "Halo 2" = Halo 2 for Windows Vista
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
    "Katawa Shoujo" = Katawa Shoujo
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MapleStory" = MapleStory
    "MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
    "MKVtoolnix" = MKVtoolnix 4.9.1
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Mumble(PR Edition)" = Mumble(PR edition) and Murmur(PR edition)
    "NCH Toolbar" = NCH Toolbar
    "NirSoft VideoCacheView" = NirSoft VideoCacheView
    "Notepad++" = Notepad++
    "Origin" = Origin
    "Pen Tablet Driver" = Bamboo
    "Police Pursuit Mod 7.6d 7.6d" = Police Pursuit Mod 7.6d 7.6d
    "Project Reality_is1" = Project Reality
    "PunkBusterSvc" = PunkBuster Services
    "Red Alert 2" = Command & Conquer Red Alert 2
    "S.W.A.T. 4_is1" = S.W.A.T. 4
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Spotify" = Spotify
    "Steam App 105600" = Terraria
    "Steam App 1250" = Killing Floor
    "Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
    "Steam App 218" = Source SDK Base 2007
    "Steam App 4000" = Garry's Mod
    "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
    "Steam App 440" = Team Fortress 2
    "Steam App 48700" = Mount & Blade: Warband
    "Steam App 550" = Left 4 Dead 2
    "Switch" = Switch Sound File Converter
    "TeamViewer 6" = TeamViewer 6
    "TeamViewer 7" = TeamViewer 7
    "The Rosetta Stone" = The Rosetta Stone
    "Unity" = Unity
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "Vindictus" = Vindictus
    "WavePad" = WavePad Sound Editor
    "WinLiveSuite" = Windows Live Essentials
    "穢翼のユースティア【体験版】" = 穢翼のユースティア【体験版】

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1559364911-4103696722-2751451576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Game Organizer" = EasyBits GO
    "Sugar and Salt Solutions" = Sugar and Salt Solutions
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/21/2012 10:21:21 AM | Computer Name = JulianLiu-PC | Source = System Restore | ID = 8193
    Description =

    Error - 6/21/2012 5:48:20 PM | Computer Name = JulianLiu-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 6/21/2012 5:53:52 PM | Computer Name = JulianLiu-PC | Source = System Restore | ID = 8193
    Description =

    Error - 6/21/2012 8:00:00 PM | Computer Name = JulianLiu-PC | Source = System Restore | ID = 8193
    Description =

    Error - 6/22/2012 1:31:29 AM | Computer Name = JulianLiu-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 6/22/2012 2:13:18 AM | Computer Name = JulianLiu-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
    stamp: 0x4f7e4d8c Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
    0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
    id: 0x708 Faulting application start time: 0x01cd4fb792615d6a Faulting application
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 5b7582fc-bc31-11e1-8ffe-20cf30e4227b

    Error - 6/22/2012 10:39:19 AM | Computer Name = JulianLiu-PC | Source = System Restore | ID = 8193
    Description =

    Error - 6/22/2012 11:04:50 AM | Computer Name = JulianLiu-PC | Source = System Restore | ID = 8193
    Description =

    Error - 6/23/2012 1:41:20 AM | Computer Name = JulianLiu-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
    stamp: 0x4f7e4d8c Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
    0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
    id: 0x70c Faulting application start time: 0x01cd508344225a9d Faulting application
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 0f1bd5b9-bcf6-11e1-8a7c-20cf30e4227b

    Error - 6/23/2012 9:05:31 AM | Computer Name = JulianLiu-PC | Source = System Restore | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 1/21/2011 4:11:48 PM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 3:11:46 PM - Error connecting to the internet. 3:11:46 PM - Unable
    to contact server..

    Error - 1/24/2011 4:52:24 PM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 3:52:24 PM - Error connecting to the internet. 3:52:24 PM - Unable
    to contact server..

    Error - 1/24/2011 4:52:35 PM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 3:52:30 PM - Error connecting to the internet. 3:52:30 PM - Unable
    to contact server..

    Error - 2/27/2011 10:30:35 AM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 9:30:35 AM - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    Error - 2/27/2011 10:32:32 AM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 9:32:11 AM - Failed to retrieve NetTV (Error: Unable to connect to
    the remote server)

    Error - 2/27/2011 10:33:14 AM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 9:32:53 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 2/27/2011 10:33:56 AM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 9:33:35 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 2/27/2011 10:34:38 AM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 9:34:17 AM - Failed to retrieve SportsV2 (Error: Unable to connect
    to the remote server)

    Error - 2/27/2011 10:34:59 AM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 9:34:59 AM - Failed to retrieve Broadband (Error: Unable to connect
    to the remote server)

    Error - 3/16/2011 4:22:22 PM | Computer Name = JulianLiu-PC | Source = MCUpdate | ID = 0
    Description = 4:22:22 PM - Error connecting to the internet. 4:22:22 PM - Unable
    to contact server..

    [ System Events ]
    Error - 11/14/2012 4:56:50 AM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7034
    Description = The AMD FUEL Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 11/14/2012 4:58:30 AM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%2

    Error - 11/14/2012 4:58:35 AM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7003
    Description = The SBSD Security Center Service service depends the following service:
    wscsvc. This service might not be installed.

    Error - 11/14/2012 5:00:10 AM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Image Acquisition (WIA) service hung on starting.

    Error - 11/15/2012 9:36:02 PM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7034
    Description = The Skype C2C Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 11/15/2012 9:36:02 PM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7034
    Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
    time(s).

    Error - 11/15/2012 9:36:02 PM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7034
    Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 11/15/2012 9:44:48 PM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/15/2012 9:47:23 PM | Computer Name = JulianLiu-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/15/2012 9:47:58 PM | Computer Name = JulianLiu-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  14. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    Also Essentials no longer report a trojan every 5 min now :D
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Very well :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
      O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
      O4 - HKLM..\Run: [] File not found
      O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
      O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
      O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
      O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
      [2011/05/27 20:35:30 | 000,000,160 | ---- | C] () -- C:\ProgramData\~50124640r
      [2011/05/27 20:35:29 | 000,000,136 | ---- | C] () -- C:\ProgramData\~50124640
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    C:\ProgramData\~50124640r moved successfully.
    C:\ProgramData\~50124640 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 21461857 bytes
    ->Google Chrome cache emptied: 6532435 bytes
    ->Flash cache emptied: 42267 bytes

    User: Julian Liu
    ->Temp folder emptied: 11345130 bytes
    ->Temporary Internet Files folder emptied: 40987105 bytes
    ->Java cache emptied: 6308040 bytes
    ->FireFox cache emptied: 301018631 bytes
    ->Google Chrome cache emptied: 7596436 bytes
    ->Flash cache emptied: 238165 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Waksman
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 32325987 bytes
    ->Flash cache emptied: 42646 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25505 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 408.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Julian Liu
    ->Java cache emptied: 0 bytes

    User: Public

    User: Waksman

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Julian Liu
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Waksman
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11162012_145149

    Files\Folders moved on Reboot...
    C:\Users\Julian Liu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  17. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.1
    Java(TM) 6 Update 31
    Java 7 Update 7
    Java SE Development Kit 7 Update 7
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (16.0.2)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  18. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    Farbar Service Scanner Version: 09-11-2012
    Ran by Julian Liu (administrator) on 16-11-2012 at 15:40:57
    Running from "C:\Users\Julian Liu\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-11-13 16:17] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  19. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    # AdwCleaner v2.007 - Logfile created 11/16/2012 at 15:43:29
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Julian Liu - JULIANLIU-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Julian Liu\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Deleted : C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\searchplugins\Conduit.xml
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\ConduitEngine
    Folder Deleted : C:\Program Files (x86)\NCH
    Folder Deleted : C:\Program Files (x86)\uTorrentControl2
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Julian Liu\AppData\Local\Conduit
    Folder Deleted : C:\Users\Julian Liu\AppData\Local\ConduitEngine
    Folder Deleted : C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Folder Deleted : C:\Users\Julian Liu\AppData\Local\NCH
    Folder Deleted : C:\Users\Julian Liu\AppData\Local\uTorrentControl2
    Folder Deleted : C:\Users\Julian Liu\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Julian Liu\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Julian Liu\AppData\LocalLow\NCH
    Folder Deleted : C:\Users\Julian Liu\AppData\LocalLow\uTorrentControl2
    Folder Deleted : C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\ConduitCommon
    Folder Deleted : C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\extensions\wecarereminder@bryan
    Folder Deleted : C:\Users\Julian Liu\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\NCH
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\conduitEngine
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\NCH
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\uTorrentControl2
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B92836BC-B4A7-4EA5-8C63-C9AB20D2389F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\Software\NCH
    Key Deleted : HKLM\Software\OpenCandy NSIS SDK
    Key Deleted : HKLM\Software\uTorrentControl2
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B92836BC-B4A7-4EA5-8C63-C9AB20D2389F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{071C754C-C98D-4F79-AAD8-AFB31A7F641C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4469E33D-3173-4DA2-9D92-413F28AA23AB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9610A7AC-9D95-4F3D-A452-C560677AA472}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD0D4BA6-41F1-4263-951D-3846722528A0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D079C56C-C88A-45A6-824C-1CE07B306525}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\prefs.js

    C:\Users\Julian Liu\AppData\Roaming\Mozilla\Firefox\Profiles\hmgz5ec5.default\user.js ... Deleted !

    [OK] File is clean.

    Profile name : default
    File : C:\Users\Waksman\AppData\Roaming\Mozilla\Firefox\Profiles\1oklxrl7.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Julian Liu\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [10999 octets] - [16/11/2012 15:43:29]

    ########## EOF - C:\AdwCleaner[S1].txt - [11060 octets] ##########
  20. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    Uhhh do I remove quarantie and uninstall? for ESET online scan?
  21. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You can remove those files but I need to see the log.
    Keep Eset for future use.
  22. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\Julian Liu\AppData\Roaming\necscu.dll.vir a variant of Win32/Medfos.FG trojan cleaned by deleting - quarantined
    C:\Users\Julian Liu\Desktop\Folders\English Project\Sound\cnet_vegaspro11_0_371_64bit_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Users\Julian Liu\Downloads\SoftonicDownloader_for_eclipse.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
    C:\Users\Julian Liu\Downloads\Aether\cnet_pdr6free_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===========================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ========================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  24. killarbob

    killarbob Newcomer, in training Topic Starter Posts: 18

    My computer is great! Well before hand there wasn't anything noticable except that Essentials was freaking out. Now it is fine and its all good.
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Julian Liu
    ->Temp folder emptied: 10176668 bytes
    ->Temporary Internet Files folder emptied: 564946 bytes
    ->Java cache emptied: 1880 bytes
    ->FireFox cache emptied: 63386634 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 877 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Waksman
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13116 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 14470853126 bytes

    Total Files Cleaned = 13,871.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Julian Liu
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Waksman
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Julian Liu
    ->Java cache emptied: 0 bytes

    User: Public

    User: Waksman

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 11172012_010426

    Files\Folders moved on Reboot...
    C:\Users\Julian Liu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.