Solved Need help on a Google redirect virus

Status
Not open for further replies.

Rudy1

Posts: 30   +0
Hi,

I have gotten a google redirect virus a week ago and i ve been trying to fix it with no avail. Its affecting both my IE and Chrome, and I ve tried several wares to fix this,

here are the logs, hopefully someone can lend a helping hand :)
UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2012 at 04:56 PM

Application Version : 5.0.1148

Core Rules Database Version : 8519
Trace Rules Database Version: 6331

Scan type : Quick Scan
Total Scan Time : 00:06:55

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 632
Memory threats detected : 0
Registry items scanned : 55200
Registry threats detected : 16
File items scanned : 11280
File threats detected : 43

Trojan.Agent/Gen-Sino[TAO]
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}#AppID
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\InprocServer32
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\ProgID
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\Programmable
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\TypeLib
(x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\VersionIndependentProgID
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}
(x86) HKCR\CLSID\{01443AEC-0FD1-40fd-9C87-E93D1494C233}
(x86) HKCR\XLF24.ThunderAtOnce.1
(x86) HKCR\XLF24.ThunderAtOnce
(x86) HKCR\TypeLib\{A3187009-B303-458C-9F01-0DAF932ECA17}
C:\PROGRAM FILES (X86)\THUNDER\COMDLLS\TDMEDIADETECTOR5.9.26.1538.DLL
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
(x86) HKU\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}

Adware.Tracking Cookie
C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Cookies\ZQJZO9I2.txt [ /atdmt.com ]
C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Cookies\2R7HKQZF.txt [ /microsoftinternetexplorer.112.2o7.net ]
C:\USERS\RANDOM MCGILL GUY\Cookies\ZQJZO9I2.txt [ Cookie:random mcgill guy@atdmt.com/ ]
accounts.google.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.expandsearchanswers.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bridge2.admarketplace.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.admarketplace.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bravenet.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedcomms.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedcomms.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedcomms.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lstat.youku.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s10.flagcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.findsearchengineresults.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
ComboFix 12-04-26.01 - Random McGill Guy 26/04/2012 18:00:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.2415 [GMT -4:00]
执行位置: c:\users\Random McGill Guy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eqvpbaa.tmp
c:\programdata\szlfbaa.tmp
c:\programdata\whnsbaa.tmp
c:\programdata\xhnsbaa.tmp
.
.
((((((((((((((((((((((((( 2012-03-26 至 2012-04-26 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-26 22:10 . 2012-04-26 22:10--------d-----w-c:\users\Default\AppData\Local\temp
2012-04-26 22:02 . 2012-04-26 22:0269000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\offreg.dll
2012-04-26 21:43 . 2012-04-26 21:43--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 21:43 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\program files\SUPERAntiSpyware
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-04-26 06:20 . 2012-04-26 06:20--------d-----w-C:\TDSSKiller_Quarantine
2012-04-26 06:05 . 2012-04-26 21:53--------d-----w-C:\MGtools
2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\program files\HitmanPro
2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\programdata\HitmanPro
2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\programdata\Spybot - Search & Destroy
2012-04-25 15:05 . 2012-04-25 23:42--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\vlc
2012-04-24 23:19 . 2012-04-24 23:19--------d-----w-c:\users\Random McGill Guy\AppData\Local\WindowsApplication1
2012-04-24 17:00 . 2012-04-13 08:468917360----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
2012-04-22 01:44 . 2012-04-22 01:45--------d-----w-c:\programdata\Battle.net
2012-04-20 15:07 . 2012-04-20 15:07--------d-----w-c:\programdata\IObit
2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Malwarebytes
2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\programdata\Malwarebytes
2012-04-16 05:44 . 2012-04-16 05:44--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\IObit
2012-04-16 05:44 . 2012-04-20 15:07--------d-----w-c:\program files (x86)\IObit
2012-04-16 05:35 . 2011-04-05 21:3560504----a-w-c:\windows\system32\drivers\sbhips.sys
2012-04-16 05:35 . 2011-04-05 21:3594296----a-w-c:\windows\system32\drivers\sbtis.sys
2012-04-16 05:35 . 2011-04-05 21:35253528----a-w-c:\windows\system32\drivers\SbFw.sys
2012-04-16 05:35 . 2011-02-08 13:1484568----a-w-c:\windows\system32\drivers\SbFwIm.sys
2012-04-15 12:24 . 2012-04-15 12:24418464----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 00:00 . 2012-04-26 20:16--------d-----w-c:\program files (x86)\Ludashi
2012-04-13 22:51 . 2012-04-13 22:51--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\360mobilemgr
2012-04-13 22:43 . 2012-04-13 23:59--------d-----w-c:\programdata\360safe
2012-04-13 22:40 . 2011-08-31 10:1819800----a-w-c:\windows\system32\drivers\efimon.sys
2012-04-13 22:40 . 2012-04-13 22:40--------d-----w-c:\program files (x86)\360
2012-04-13 22:39 . 2012-04-14 03:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\360inst
2012-04-13 20:17 . 2012-04-15 12:240--sha-w-c:\windows\system32\dds_trash_log.cmd
2012-04-13 17:45 . 2012-04-13 17:45--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Caiyun
2012-04-13 17:44 . 2012-04-13 21:18--------d-----w-c:\program files (x86)\彩云游戏浏览器
2012-04-12 20:13 . 2012-04-22 06:28--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\KuGou7
2012-04-12 20:13 . 2012-04-12 20:13--------d-----w-c:\program files (x86)\KuGou2012
2012-04-12 06:46 . 2012-04-13 17:45--------d-----w-C:\TGGAME
2012-04-12 04:18 . 2012-04-12 04:18--------d-----w-c:\users\Random McGill Guy\AppData\Local\Mozilla
2012-04-12 04:01 . 2012-02-28 06:422382848----a-w-c:\windows\system32\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:032382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:58141112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 07:37174392----a-w-c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 06:47304640----a-w-c:\program files\Internet Explorer\IEShims.dll
2012-04-12 04:01 . 2012-02-28 06:562311168----a-w-c:\windows\system32\jscript9.dll
2012-04-12 04:01 . 2012-02-28 01:08194048----a-w-c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-12 03:59 . 2012-03-06 06:435504880----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-12 03:59 . 2012-03-06 05:593958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:59 . 2012-03-06 05:593902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:55 . 2012-03-01 06:5422896----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:4080896----a-w-c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:45158720----a-w-c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:45220672----a-w-c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:355120----a-w-c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:49172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:405120----a-w-c:\windows\SysWow64\wmi.dll
2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Common Files\Tencent
2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Tencent
2012-04-09 01:06 . 2012-04-09 01:07--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Tencent
2012-04-09 01:06 . 2012-04-09 01:0618760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
2012-04-08 00:21 . 2012-04-08 00:22--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\GRETECH
2012-04-08 00:21 . 2012-04-08 00:27--------d-----w-c:\program files (x86)\GRETECH
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\Common Files\duowan
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\duowan
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\duowan
2012-03-31 17:05 . 2012-03-31 17:05--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Unity
2012-03-31 16:54 . 2012-03-31 16:54--------d-----w-c:\users\Random McGill Guy\AppData\Local\Unity
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\ATI
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Local\ATI
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\programdata\ATI
2012-03-29 05:00 . 2012-03-29 05:000----a-w-c:\windows\ativpsrm.bin
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD AVT
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD APP
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files\Common Files\ATI Technologies
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\Common Files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files (x86)\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:58--------d-----w-c:\program files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files\ATI
2012-03-29 04:52 . 2012-02-15 08:13496128----a-w-c:\windows\system32\atieclxx.exe
2012-03-29 03:06 . 2012-02-15 07:1658880----a-w-c:\windows\system32\coinst.dll
2012-03-29 03:01 . 2012-03-29 03:01--------d-----w-c:\users\Random McGill Guy\AppData\Local\Leshcat & Co
2012-03-29 01:26 . 2012-03-29 01:42--------d-----w-c:\program files (x86)\ImageJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 06:05 . 2012-04-26 06:0533660----a-w-C:\MGlogs.zip
2012-04-15 12:24 . 2011-11-07 22:5570304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 01:30 . 2009-07-14 02:36152064----a-w-c:\windows\SysWow64\msclmd.dll
2012-03-29 01:30 . 2009-07-14 02:36175104----a-w-c:\windows\system32\msclmd.dll
2012-03-22 19:12 . 2012-03-22 19:124435968----a-w-c:\windows\SysWow64\GPhotos.scr
2012-02-23 14:18 . 2010-12-21 09:07279656------w-c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 08:441031680----a-w-c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 08:44826368----a-w-c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 08:44204800----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 08:4423552----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-15 02:05 . 2012-02-15 02:0569632----a-w-c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:0559904----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:0561952----a-w-c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:0554784----a-w-c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:0516507904----a-w-c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:0413238272----a-w-c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:0354272----a-w-c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:0348128----a-w-c:\windows\SysWow64\OpenCL.dll
2012-02-10 10:08 . 2012-03-20 23:26279840----a-w-c:\windows\system32\ikutm.dll
2012-02-10 06:24 . 2012-03-14 16:551544192----a-w-c:\windows\system32\DWrite.dll
2012-02-10 06:23 . 2012-03-14 16:551837568----a-w-c:\windows\system32\d3d10warp.dll
2012-02-10 06:23 . 2012-03-14 16:55902656----a-w-c:\windows\system32\d2d1.dll
2012-02-10 06:23 . 2012-03-14 16:55320512----a-w-c:\windows\system32\d3d10_1core.dll
2012-02-10 06:23 . 2012-03-14 16:55197120----a-w-c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 16:551077248----a-w-c:\windows\SysWow64\DWrite.dll
2012-02-10 05:35 . 2012-03-14 16:55218624----a-w-c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 16:551170944----a-w-c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:35 . 2012-03-14 16:55739840----a-w-c:\windows\SysWow64\d2d1.dll
2012-02-10 05:35 . 2012-03-14 16:55161792----a-w-c:\windows\SysWow64\d3d10_1.dll
2012-02-03 04:16 . 2012-03-14 16:553143168----a-w-c:\windows\system32\win32k.sys
2012-01-31 10:02 . 2012-01-31 10:0221504----a-w-c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:0016896----a-w-c:\windows\SysWow64\kdbsdk32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2009-07-14 . 738ABEE48BAF965B161A7A3E75EB444D . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
quietHDD - Shortcut.lnk - c:\users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe [2010-12-24 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime FileREG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-03 820768]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_NotSynced]
@="{87B33B34-0E92-4821-B787-9DF83BDC3BEA}"
[HKEY_CLASSES_ROOT\CLSID\{87B33B34-0E92-4821-B787-9DF83BDC3BEA}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Synced]
@="{78C3446F-4276-4AC1-B17F-F580836D7AD6}"
[HKEY_CLASSES_ROOT\CLSID\{78C3446F-4276-4AC1-B17F-F580836D7AD6}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Syncing]
@="{E427F712-D68E-4BE6-886F-B088037A87CB}"
[HKEY_CLASSES_ROOT\CLSID\{E427F712-D68E-4BE6-886F-B088037A87CB}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-03 496160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 使用迅雷下载 - c:\program files (x86)\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder\Program\GetAllUrl.htm
LSP: c:\program files (x86)\YouKu\common\ikutm.dll
TCP: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{01443AEC-0FD1-40FD-9C87-E93D1494C233}"=hex:51,66,7a,6c,4c,1d,38,12,82,39,57,
05,e3,41,93,05,e3,91,aa,7d,11,ca,86,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,52,53,04,f3,22,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"慤慴"=hex:47,b5,77,c6,35,85,e5,ba,81,8b,d8,e4,3c,48,33,d0,d8,1b,06,34,1b,dd,
63,cc,0e,f7,95,84,82,51,4e,61,17,69,bc,94,67,8d,73,c9,51,0b,b0,5e,19,00,c2,\
"歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,b1,07,fa,28,8f,9a,55,c6,6b,ce,3f,9b,9e,6a,c2,50,38,6c,28,92,
b0,62,83,d3,9e,9a,8a,85,2d,9d,9e,80,3a,6e,29,15,93,3f,ed,ff,55,59,cb,fe,7d,\
"rkeysecu"=hex:eb,3f,2e,50,0b,a5,eb,8b,44,7b,20,03,d6,14,a8,b6
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-04-26 18:12:48
ComboFix-quarantined-files.txt 2012-04-26 22:12
ComboFix2.txt 2012-04-16 06:27
.
Pre-Run: 53,691,072,512 bytes free
Post-Run: 53,618,073,600 bytes free
.
- - End Of File - - 864B4A4C1B86BA6708CC02F497959572
 
18:35:15.0555 2484TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:35:15.0867 2484============================================================
18:35:15.0867 2484Current date / time: 2012/04/26 18:35:15.0867
18:35:15.0867 2484SystemInfo:
18:35:15.0867 2484
18:35:15.0867 2484OS Version: 6.1.7600 ServicePack: 0.0
18:35:15.0867 2484Product type: Workstation
18:35:15.0867 2484ComputerName: RANDOMMCGILLGUY
18:35:15.0867 2484UserName: Random McGill Guy
18:35:15.0867 2484Windows directory: C:\Windows
18:35:15.0867 2484System windows directory: C:\Windows
18:35:15.0867 2484Running under WOW64
18:35:15.0867 2484Processor architecture: Intel x64
18:35:15.0867 2484Number of processors: 4
18:35:15.0867 2484Page size: 0x1000
18:35:15.0867 2484Boot type: Normal boot
18:35:15.0867 2484============================================================
18:35:16.0257 2484Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:35:16.0257 2484============================================================
18:35:16.0257 2484\Device\Harddisk0\DR0:
18:35:16.0257 2484MBR partitions:
18:35:16.0257 2484\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
18:35:16.0257 2484\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x1D230830
18:35:16.0288 2484\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EBC8000, BlocksNum 0xC350000
18:35:16.0303 2484\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AF18800, BlocksNum 0xF46D000
18:35:16.0303 2484============================================================
18:35:16.0350 2484C: <-> \Device\Harddisk0\DR0\Partition1
18:35:16.0413 2484G: <-> \Device\Harddisk0\DR0\Partition3
18:35:16.0444 2484S: <-> \Device\Harddisk0\DR0\Partition2
18:35:16.0444 2484============================================================
18:35:16.0444 2484Initialize success
18:35:16.0444 2484============================================================
18:35:17.0801 2348============================================================
18:35:17.0801 2348Scan started
18:35:17.0801 2348Mode: Manual;
18:35:17.0801 2348============================================================
18:35:18.0690 2348!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:35:18.0690 2348!SASCORE - ok
18:35:18.0877 23481394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
18:35:18.0877 23481394ohci - ok
18:35:18.0955 2348ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
18:35:18.0955 2348ACPI - ok
18:35:19.0002 2348AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
18:35:19.0002 2348AcpiPmi - ok
18:35:19.0236 2348AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:35:19.0236 2348AdobeFlashPlayerUpdateSvc - ok
18:35:19.0314 2348adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:35:19.0330 2348adp94xx - ok
18:35:19.0392 2348adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:35:19.0392 2348adpahci - ok
18:35:19.0439 2348adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:35:19.0439 2348adpu320 - ok
18:35:19.0501 2348AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:35:19.0501 2348AeLookupSvc - ok
18:35:19.0595 2348AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:35:19.0595 2348AFD - ok
18:35:19.0673 2348agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:35:19.0673 2348agp440 - ok
18:35:19.0969 2348Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
18:35:19.0969 2348Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
18:35:19.0969 2348Akamai ( HiddenFile.Multi.Generic ) - warning
18:35:19.0969 2348Akamai - detected HiddenFile.Multi.Generic (1)
18:35:20.0110 2348ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:35:20.0110 2348ALG - ok
18:35:20.0203 2348aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:35:20.0203 2348aliide - ok
18:35:20.0281 2348AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
18:35:20.0281 2348AMD External Events Utility - ok
18:35:20.0359 2348amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:35:20.0359 2348amdide - ok
18:35:20.0406 2348AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:35:20.0406 2348AmdK8 - ok
18:35:20.0983 2348amdkmdag (0d6feb25d280b428a9e4085b4abd9d58) C:\Windows\system32\DRIVERS\atikmdag.sys
18:35:21.0030 2348amdkmdag - ok
18:35:21.0233 2348amdkmdap (337d7877710463c0f6f0cce3d560ffbf) C:\Windows\system32\DRIVERS\atikmpag.sys
18:35:21.0233 2348amdkmdap - ok
18:35:21.0280 2348AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:35:21.0280 2348AmdPPM - ok
18:35:21.0327 2348amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:35:21.0327 2348amdsata - ok
18:35:21.0389 2348amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:35:21.0389 2348amdsbs - ok
18:35:21.0451 2348AmdTools64 (deda72a4ab5416ad0a09faecfa6056c2) C:\Windows\system32\DRIVERS\AmdTools64.sys
18:35:21.0451 2348AmdTools64 - ok
18:35:21.0467 2348amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:35:21.0467 2348amdxata - ok
18:35:21.0529 2348AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
18:35:21.0529 2348AmUStor - ok
18:35:21.0592 2348androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
18:35:21.0592 2348androidusb - ok
18:35:21.0685 2348ApfiltrService (6f9ef180bb9cec92d3e8ec9163748de5) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:35:21.0685 2348ApfiltrService - ok
18:35:21.0748 2348AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:35:21.0748 2348AppID - ok
18:35:21.0779 2348AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:35:21.0779 2348AppIDSvc - ok
18:35:21.0826 2348Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:35:21.0826 2348Appinfo - ok
18:35:21.0951 2348Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:35:21.0951 2348Apple Mobile Device - ok
18:35:22.0044 2348arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:35:22.0044 2348arc - ok
18:35:22.0060 2348arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:35:22.0060 2348arcsas - ok
18:35:22.0107 2348AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:35:22.0107 2348AsyncMac - ok
18:35:22.0153 2348atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:35:22.0153 2348atapi - ok
18:35:22.0434 2348athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
18:35:22.0434 2348athr - ok
18:35:22.0621 2348AtiHDAudioService - ok
18:35:22.0637 2348AtiHdmiService - ok
18:35:22.0731 2348atillk64 - ok
18:35:22.0824 2348AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:35:22.0840 2348AudioEndpointBuilder - ok
18:35:22.0840 2348AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:35:22.0840 2348AudioSrv - ok
18:35:22.0887 2348AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:35:22.0887 2348AxInstSV - ok
18:35:22.0980 2348b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:35:22.0980 2348b06bdrv - ok
18:35:23.0058 2348b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:35:23.0074 2348b57nd60a - ok
18:35:23.0214 2348BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:35:23.0230 2348BCM43XX - ok
18:35:23.0355 2348BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:35:23.0355 2348BDESVC - ok
18:35:23.0464 2348Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:35:23.0464 2348Beep - ok
18:35:23.0589 2348BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:35:23.0589 2348BFE - ok
18:35:23.0682 2348BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:35:23.0698 2348BITS - ok
18:35:23.0776 2348blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:35:23.0776 2348blbdrive - ok
18:35:23.0901 2348Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:35:23.0901 2348Bonjour Service - ok
18:35:23.0963 2348bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:35:23.0963 2348bowser - ok
18:35:23.0994 2348BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:35:23.0994 2348BrFiltLo - ok
18:35:24.0010 2348BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:35:24.0010 2348BrFiltUp - ok
18:35:24.0057 2348BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:35:24.0057 2348BridgeMP - ok
18:35:24.0135 2348Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:35:24.0135 2348Browser - ok
18:35:24.0166 2348Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:35:24.0181 2348Brserid - ok
18:35:24.0213 2348BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:35:24.0213 2348BrSerWdm - ok
18:35:24.0228 2348BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:35:24.0228 2348BrUsbMdm - ok
18:35:24.0228 2348BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:35:24.0228 2348BrUsbSer - ok
18:35:24.0306 2348BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:35:24.0306 2348BthEnum - ok
18:35:24.0337 2348BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:35:24.0337 2348BTHMODEM - ok
18:35:24.0369 2348BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:35:24.0369 2348BthPan - ok
18:35:24.0478 2348BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
18:35:24.0478 2348BTHPORT - ok
18:35:24.0525 2348bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:35:24.0525 2348bthserv - ok
18:35:24.0571 2348BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
18:35:24.0571 2348BTHUSB - ok
18:35:24.0618 2348catchme - ok
18:35:24.0681 2348cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:35:24.0681 2348cdfs - ok
18:35:24.0743 2348cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
18:35:24.0759 2348cdrom - ok
18:35:24.0805 2348CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:35:24.0805 2348CertPropSvc - ok
18:35:24.0852 2348circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:35:24.0852 2348circlass - ok
18:35:24.0899 2348CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:35:24.0915 2348CLFS - ok
18:35:25.0008 2348clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:35:25.0008 2348clr_optimization_v2.0.50727_32 - ok
18:35:25.0071 2348clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:35:25.0071 2348clr_optimization_v2.0.50727_64 - ok
18:35:25.0180 2348clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:35:25.0180 2348clr_optimization_v4.0.30319_32 - ok
18:35:25.0227 2348clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:35:25.0227 2348clr_optimization_v4.0.30319_64 - ok
18:35:25.0289 2348CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:35:25.0289 2348CmBatt - ok
18:35:25.0320 2348cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:35:25.0320 2348cmdide - ok
18:35:25.0383 2348CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:35:25.0383 2348CNG - ok
18:35:25.0445 2348Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:35:25.0445 2348Compbatt - ok
18:35:25.0507 2348CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
18:35:25.0507 2348CompositeBus - ok
18:35:25.0523 2348COMSysApp - ok
18:35:25.0554 2348crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:35:25.0554 2348crcdisk - ok
18:35:25.0601 2348CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:35:25.0601 2348CryptSvc - ok
18:35:25.0679 2348dc3d (a5d3d53178394cc7a8a26bb532575b59) C:\Windows\system32\DRIVERS\dc3d.sys
18:35:25.0679 2348dc3d - ok
18:35:25.0757 2348DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:35:25.0757 2348DcomLaunch - ok
18:35:25.0819 2348defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:35:25.0835 2348defragsvc - ok
18:35:25.0897 2348DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:35:25.0897 2348DfsC - ok
18:35:25.0991 2348Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:35:26.0007 2348Dhcp - ok
18:35:26.0022 2348discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:35:26.0022 2348discache - ok
18:35:26.0085 2348Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:35:26.0085 2348Disk - ok
18:35:26.0147 2348Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:35:26.0147 2348Dnscache - ok
18:35:26.0194 2348dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:35:26.0209 2348dot3svc - ok
18:35:26.0287 2348Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:35:26.0287 2348Dot4 - ok
18:35:26.0334 2348Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\drivers\Dot4Prt.sys
18:35:26.0334 2348Dot4Print - ok
18:35:26.0350 2348dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:35:26.0365 2348dot4usb - ok
18:35:26.0397 2348DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:35:26.0397 2348DPS - ok
18:35:26.0443 2348drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:35:26.0443 2348drmkaud - ok
18:35:26.0553 2348DsiWMIService (2643274535fc1770daa9b73346a027b8) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:35:26.0553 2348DsiWMIService - ok
18:35:26.0677 2348DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:35:26.0693 2348DXGKrnl - ok
18:35:26.0755 2348EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:35:26.0755 2348EapHost - ok
18:35:27.0021 2348ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:35:27.0036 2348ebdrv - ok
18:35:27.0192 2348EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:35:27.0192 2348EFS - ok
18:35:27.0301 2348ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:35:27.0301 2348ehRecvr - ok
18:35:27.0364 2348ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:35:27.0364 2348ehSched - ok
18:35:27.0504 2348elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:35:27.0520 2348elxstor - ok
18:35:27.0660 2348ePowerSvc (da751bd36852bb7f4515dfc9ee213245) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
18:35:27.0660 2348ePowerSvc - ok
18:35:27.0816 2348ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:35:27.0816 2348ErrDev - ok
18:35:27.0910 2348EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:35:27.0910 2348EventSystem - ok
18:35:27.0972 2348exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:35:27.0972 2348exfat - ok
18:35:28.0035 2348fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:35:28.0035 2348fastfat - ok
18:35:28.0113 2348Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:35:28.0128 2348Fax - ok
18:35:28.0128 2348fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:35:28.0128 2348fdc - ok
18:35:28.0175 2348fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:35:28.0175 2348fdPHost - ok
18:35:28.0191 2348FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:35:28.0191 2348FDResPub - ok
18:35:28.0222 2348FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:35:28.0222 2348FileInfo - ok
18:35:28.0237 2348Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:35:28.0253 2348Filetrace - ok
18:35:28.0269 2348flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:35:28.0269 2348flpydisk - ok
18:35:28.0331 2348FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:35:28.0331 2348FltMgr - ok
18:35:28.0487 2348FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
18:35:28.0503 2348FontCache - ok
18:35:28.0596 2348FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:35:28.0596 2348FontCache3.0.0.0 - ok
18:35:28.0643 2348FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:35:28.0643 2348FsDepends - ok
18:35:28.0705 2348fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:35:28.0705 2348fssfltr - ok
18:35:28.0939 2348fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:35:28.0939 2348fsssvc - ok
18:35:29.0064 2348Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:35:29.0064 2348Fs_Rec - ok
18:35:29.0127 2348fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:35:29.0142 2348fvevol - ok
18:35:29.0220 2348gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:35:29.0220 2348gagp30kx - ok
18:35:29.0236 2348GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:35:29.0236 2348GEARAspiWDM - ok
18:35:29.0345 2348gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:35:29.0345 2348gpsvc - ok
18:35:29.0454 2348GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:35:29.0454 2348GREGService - ok
18:35:29.0563 2348gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:35:29.0563 2348gupdate - ok
18:35:29.0595 2348gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:35:29.0595 2348gupdatem - ok
18:35:29.0657 2348gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:35:29.0657 2348gusvc - ok
18:35:29.0673 2348hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:35:29.0673 2348hcw85cir - ok
18:35:29.0735 2348HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:35:29.0735 2348HdAudAddService - ok
18:35:29.0782 2348HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
18:35:29.0782 2348HDAudBus - ok
18:35:29.0829 2348HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:35:29.0829 2348HECIx64 - ok
18:35:29.0844 2348HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:35:29.0844 2348HidBatt - ok
18:35:29.0875 2348HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:35:29.0875 2348HidBth - ok
18:35:29.0907 2348HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:35:29.0907 2348HidIr - ok
18:35:29.0938 2348hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:35:29.0938 2348hidserv - ok
18:35:30.0000 2348HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:35:30.0000 2348HidUsb - ok
18:35:30.0063 2348hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:35:30.0063 2348hkmsvc - ok
18:35:30.0078 2348HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:35:30.0078 2348HomeGroupListener - ok
18:35:30.0125 2348HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:35:30.0125 2348HomeGroupProvider - ok
18:35:30.0328 2348hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:35:30.0328 2348hpqcxs08 - ok
18:35:30.0375 2348hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:35:30.0375 2348hpqddsvc - ok
18:35:30.0437 2348HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
18:35:30.0437 2348HpSAMD - ok
18:35:30.0531 2348HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:35:30.0546 2348HTTP - ok
18:35:30.0546 2348hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:35:30.0562 2348hwpolicy - ok
18:35:30.0609 2348i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:35:30.0624 2348i8042prt - ok
18:35:30.0702 2348iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
18:35:30.0702 2348iaStor - ok
18:35:30.0780 2348iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:35:30.0780 2348iaStorV - ok
18:35:30.0952 2348idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:35:30.0952 2348idsvc - ok
18:35:31.0872 2348igfx (83d2f51e5ec1e45f38f38fa520986b43) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:35:31.0935 2348igfx - ok
18:35:32.0106 2348iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:35:32.0106 2348iirsp - ok
18:35:32.0215 2348IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:35:32.0215 2348IKEEXT - ok
18:35:32.0527 2348IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
18:35:32.0543 2348IntcAzAudAddService - ok
18:35:32.0683 2348intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:35:32.0683 2348intelide - ok
18:35:33.0619 2348intelkmd (83d2f51e5ec1e45f38f38fa520986b43) C:\Windows\system32\DRIVERS\igdpmd64.sys
18:35:33.0682 2348intelkmd - ok
18:35:33.0853 2348intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:35:33.0853 2348intelppm - ok
18:35:33.0916 2348IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:35:33.0916 2348IPBusEnum - ok
18:35:33.0963 2348IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:35:33.0963 2348IpFilterDriver - ok
18:35:34.0056 2348iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:35:34.0072 2348iphlpsvc - ok
18:35:34.0103 2348IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
18:35:34.0103 2348IPMIDRV - ok
18:35:34.0134 2348IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:35:34.0134 2348IPNAT - ok
18:35:34.0275 2348iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
18:35:34.0275 2348iPod Service - ok
18:35:34.0321 2348IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:35:34.0337 2348IRENUM - ok
18:35:34.0368 2348isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:35:34.0368 2348isapnp - ok
18:35:34.0399 2348iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
18:35:34.0399 2348iScsiPrt - ok
18:35:34.0446 2348kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:35:34.0446 2348kbdclass - ok
18:35:34.0493 2348kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:35:34.0493 2348kbdhid - ok
18:35:34.0524 2348KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:35:34.0524 2348KeyIso - ok
18:35:34.0555 2348KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:35:34.0555 2348KSecDD - ok
18:35:34.0571 2348KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:35:34.0571 2348KSecPkg - ok
18:35:34.0602 2348ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:35:34.0602 2348ksthunk - ok
18:35:34.0696 2348KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:35:34.0696 2348KtmRm - ok
18:35:34.0743 2348L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:35:34.0743 2348L1C - ok
18:35:34.0821 2348L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
18:35:34.0821 2348L1E - ok
18:35:34.0867 2348LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:35:34.0867 2348LanmanServer - ok
18:35:34.0899 2348LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:35:34.0899 2348LanmanWorkstation - ok
18:35:34.0961 2348lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:35:34.0961 2348lltdio - ok
18:35:35.0039 2348lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:35:35.0039 2348lltdsvc - ok
18:35:35.0070 2348lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:35:35.0086 2348lmhosts - ok
18:35:35.0226 2348LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:35:35.0226 2348LMS - ok
18:35:35.0289 2348LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:35:35.0289 2348LSI_FC - ok
18:35:35.0304 2348LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:35:35.0304 2348LSI_SAS - ok
18:35:35.0320 2348LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:35:35.0320 2348LSI_SAS2 - ok
18:35:35.0367 2348LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:35:35.0382 2348LSI_SCSI - ok
18:35:35.0429 2348luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:35:35.0429 2348luafv - ok
18:35:35.0507 2348MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:35:35.0507 2348MBAMProtector - ok
18:35:35.0647 2348MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:35:35.0647 2348MBAMService - ok
18:35:35.0710 2348Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:35:35.0710 2348Mcx2Svc - ok
18:35:35.0741 2348megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:35:35.0741 2348megasas - ok
18:35:35.0788 2348MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:35:35.0788 2348MegaSR - ok
18:35:35.0897 2348Microsoft SharePoint Workspace Audit Service - ok
18:35:35.0959 2348MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:35:35.0959 2348MMCSS - ok
18:35:35.0975 2348Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:35:35.0975 2348Modem - ok
18:35:36.0022 2348monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:35:36.0022 2348monitor - ok
18:35:36.0069 2348mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:35:36.0069 2348mouclass - ok
18:35:36.0100 2348mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:35:36.0100 2348mouhid - ok
18:35:36.0131 2348mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:35:36.0131 2348mountmgr - ok
18:35:36.0162 2348mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
18:35:36.0162 2348mpio - ok
18:35:36.0193 2348mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:35:36.0193 2348mpsdrv - ok
18:35:36.0349 2348MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:35:36.0349 2348MpsSvc - ok
18:35:36.0381 2348MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:35:36.0381 2348MRxDAV - ok
18:35:36.0443 2348mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:35:36.0443 2348mrxsmb - ok
18:35:36.0505 2348mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:35:36.0505 2348mrxsmb10 - ok
18:35:36.0552 2348mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:35:36.0552 2348mrxsmb20 - ok
18:35:36.0599 2348msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
18:35:36.0599 2348msahci - ok
18:35:36.0646 2348msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
18:35:36.0646 2348msdsm - ok
18:35:36.0677 2348MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:35:36.0677 2348MSDTC - ok
18:35:36.0724 2348Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:35:36.0724 2348Msfs - ok
18:35:36.0771 2348mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:35:36.0771 2348mshidkmdf - ok
18:35:36.0802 2348msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:35:36.0802 2348msisadrv - ok
18:35:36.0849 2348MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:35:36.0849 2348MSiSCSI - ok
18:35:36.0849 2348msiserver - ok
18:35:36.0895 2348MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:35:36.0895 2348MSKSSRV - ok
18:35:36.0942 2348MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:35:36.0942 2348MSPCLOCK - ok
18:35:36.0942 2348MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:35:36.0942 2348MSPQM - ok
18:35:37.0005 2348MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:35:37.0005 2348MsRPC - ok
18:35:37.0051 2348mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:35:37.0051 2348mssmbios - ok
18:35:37.0083 2348MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:35:37.0083 2348MSTEE - ok
18:35:37.0083 2348MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:35:37.0083 2348MTConfig - ok
18:35:37.0129 2348Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:35:37.0129 2348Mup - ok
18:35:37.0192 2348napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:35:37.0192 2348napagent - ok
18:35:37.0270 2348NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:35:37.0270 2348NativeWifiP - ok
18:35:37.0395 2348NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:35:37.0395 2348NDIS - ok
18:35:37.0441 2348NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:35:37.0441 2348NdisCap - ok
18:35:37.0488 2348NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:35:37.0488 2348NdisTapi - ok
18:35:37.0519 2348Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:35:37.0519 2348Ndisuio - ok
18:35:37.0566 2348NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:35:37.0566 2348NdisWan - ok
18:35:37.0597 2348NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:35:37.0597 2348NDProxy - ok
18:35:37.0675 2348Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
18:35:37.0675 2348Net Driver HPZ12 - ok
18:35:37.0722 2348Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
18:35:37.0722 2348Netaapl - ok
18:35:37.0769 2348NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:35:37.0769 2348NetBIOS - ok
18:35:37.0816 2348NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:35:37.0816 2348NetBT - ok
18:35:37.0863 2348Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:35:37.0863 2348Netlogon - ok
18:35:37.0925 2348Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:35:37.0925 2348Netman - ok
18:35:37.0987 2348netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:35:38.0003 2348netprofm - ok
18:35:38.0112 2348NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:35:38.0112 2348NetTcpPortSharing - ok
18:35:38.0175 2348nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:35:38.0175 2348nfrd960 - ok
18:35:38.0237 2348NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:35:38.0253 2348NlaSvc - ok
18:35:38.0268 2348Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:35:38.0268 2348Npfs - ok
18:35:38.0268 2348nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:35:38.0268 2348nsi - ok
18:35:38.0299 2348nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:35:38.0299 2348nsiproxy - ok
18:35:38.0455 2348Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:35:38.0471 2348Ntfs - ok
18:35:38.0565 2348NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
18:35:38.0565 2348NTI IScheduleSvc - ok
18:35:38.0705 2348NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
18:35:38.0705 2348NTIDrvr - ok
18:35:38.0767 2348NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:35:38.0767 2348NuidFltr - ok
18:35:38.0783 2348Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:35:38.0783 2348Null - ok
18:35:38.0861 2348nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:35:38.0861 2348nvraid - ok
 
18:35:38.0923 2348nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:35:38.0923 2348nvstor - ok
18:35:38.0986 2348nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:35:38.0986 2348nv_agp - ok
18:35:39.0017 2348ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:35:39.0017 2348ohci1394 - ok
18:35:39.0111 2348ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:35:39.0111 2348ose64 - ok
18:35:39.0501 2348osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:35:39.0532 2348osppsvc - ok
18:35:39.0688 2348p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:35:39.0688 2348p2pimsvc - ok
18:35:39.0735 2348p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:35:39.0735 2348p2psvc - ok
18:35:39.0781 2348Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:35:39.0781 2348Parport - ok
18:35:39.0797 2348partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:35:39.0797 2348partmgr - ok
18:35:39.0844 2348PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:35:39.0844 2348PcaSvc - ok
18:35:39.0891 2348pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
18:35:39.0891 2348pci - ok
18:35:39.0906 2348pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:35:39.0906 2348pciide - ok
18:35:39.0953 2348pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:35:39.0953 2348pcmcia - ok
18:35:39.0969 2348pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:35:39.0969 2348pcw - ok
18:35:40.0047 2348PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:35:40.0047 2348PEAUTH - ok
18:35:40.0171 2348PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:35:40.0171 2348PerfHost - ok
18:35:40.0390 2348pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:35:40.0405 2348pla - ok
18:35:40.0468 2348PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:35:40.0468 2348PlugPlay - ok
18:35:40.0530 2348Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
18:35:40.0530 2348Pml Driver HPZ12 - ok
18:35:40.0546 2348PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:35:40.0546 2348PNRPAutoReg - ok
18:35:40.0593 2348PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:35:40.0593 2348PNRPsvc - ok
18:35:40.0671 2348Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
18:35:40.0686 2348Point64 - ok
18:35:40.0733 2348PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:35:40.0749 2348PolicyAgent - ok
18:35:40.0795 2348Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:35:40.0811 2348Power - ok
18:35:40.0858 2348PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:35:40.0858 2348PptpMiniport - ok
18:35:40.0889 2348Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:35:40.0889 2348Processor - ok
18:35:40.0967 2348ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:35:40.0967 2348ProfSvc - ok
18:35:40.0998 2348ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:35:40.0998 2348ProtectedStorage - ok
18:35:41.0045 2348Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:35:41.0045 2348Psched - ok
18:35:41.0217 2348ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:35:41.0217 2348ql2300 - ok
18:35:41.0373 2348ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:35:41.0373 2348ql40xx - ok
18:35:41.0419 2348QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:35:41.0419 2348QWAVE - ok
18:35:41.0435 2348QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:35:41.0435 2348QWAVEdrv - ok
18:35:41.0451 2348RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:35:41.0451 2348RasAcd - ok
18:35:41.0497 2348RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:35:41.0497 2348RasAgileVpn - ok
18:35:41.0544 2348RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:35:41.0544 2348RasAuto - ok
18:35:41.0575 2348Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:35:41.0575 2348Rasl2tp - ok
18:35:41.0638 2348RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:35:41.0638 2348RasMan - ok
18:35:41.0653 2348RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:35:41.0669 2348RasPppoe - ok
18:35:41.0716 2348RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:35:41.0716 2348RasSstp - ok
18:35:41.0747 2348rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:35:41.0747 2348rdbss - ok
18:35:41.0763 2348rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:35:41.0763 2348rdpbus - ok
18:35:41.0809 2348RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:35:41.0809 2348RDPCDD - ok
18:35:41.0841 2348RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:35:41.0841 2348RDPENCDD - ok
18:35:41.0872 2348RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:35:41.0887 2348RDPREFMP - ok
18:35:41.0934 2348RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
18:35:41.0934 2348RDPWD - ok
18:35:41.0981 2348rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:35:41.0981 2348rdyboost - ok
18:35:42.0059 2348RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:35:42.0059 2348RemoteAccess - ok
18:35:42.0090 2348RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:35:42.0090 2348RemoteRegistry - ok
18:35:42.0153 2348RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:35:42.0153 2348RFCOMM - ok
18:35:42.0168 2348RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:35:42.0168 2348RpcEptMapper - ok
18:35:42.0199 2348RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:35:42.0199 2348RpcLocator - ok
18:35:42.0262 2348RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:35:42.0262 2348RpcSs - ok
18:35:42.0309 2348rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:35:42.0309 2348rspndr - ok
18:35:42.0402 2348RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
18:35:42.0418 2348RS_Service - ok
18:35:42.0449 2348SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:35:42.0449 2348SamSs - ok
18:35:42.0558 2348SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:35:42.0558 2348SASDIFSV - ok
18:35:42.0605 2348SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:35:42.0605 2348SASKUTIL - ok
18:35:42.0714 2348SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
18:35:42.0714 2348SbFw - ok
18:35:42.0777 2348SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
18:35:42.0777 2348SBFWIMCL - ok
18:35:42.0792 2348SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
18:35:42.0792 2348SBFWIMCLMP - ok
18:35:42.0823 2348sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
18:35:42.0823 2348sbhips - ok
18:35:42.0855 2348sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
18:35:42.0855 2348sbp2port - ok
18:35:42.0870 2348SBRE - ok
18:35:42.0917 2348SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
18:35:42.0917 2348SbTis - ok
18:35:42.0979 2348SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:35:42.0979 2348SCardSvr - ok
18:35:42.0995 2348scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:35:43.0011 2348scfilter - ok
18:35:43.0104 2348Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:35:43.0120 2348Schedule - ok
18:35:43.0151 2348SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:35:43.0151 2348SCPolicySvc - ok
18:35:43.0198 2348SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:35:43.0198 2348SDRSVC - ok
18:35:43.0276 2348secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:35:43.0276 2348secdrv - ok
18:35:43.0276 2348seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:35:43.0276 2348seclogon - ok
18:35:43.0323 2348SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:35:43.0323 2348SENS - ok
18:35:43.0369 2348SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:35:43.0369 2348SensrSvc - ok
18:35:43.0369 2348Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:35:43.0369 2348Serenum - ok
18:35:43.0447 2348Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:35:43.0447 2348Serial - ok
18:35:43.0510 2348sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:35:43.0510 2348sermouse - ok
18:35:43.0541 2348SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:35:43.0557 2348SessionEnv - ok
18:35:43.0588 2348sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:35:43.0588 2348sffdisk - ok
18:35:43.0603 2348sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:35:43.0603 2348sffp_mmc - ok
18:35:43.0619 2348sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
18:35:43.0619 2348sffp_sd - ok
18:35:43.0635 2348sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:35:43.0635 2348sfloppy - ok
18:35:43.0713 2348SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:35:43.0713 2348SharedAccess - ok
18:35:43.0775 2348ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:35:43.0775 2348ShellHWDetection - ok
18:35:43.0806 2348SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:35:43.0806 2348SiSRaid2 - ok
18:35:43.0837 2348SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:35:43.0837 2348SiSRaid4 - ok
18:35:43.0869 2348Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:35:43.0869 2348Smb - ok
18:35:43.0947 2348SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:35:43.0947 2348SNMPTRAP - ok
18:35:43.0962 2348spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:35:43.0962 2348spldr - ok
18:35:44.0025 2348Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:35:44.0040 2348Spooler - ok
18:35:44.0305 2348sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:35:44.0321 2348sppsvc - ok
18:35:44.0430 2348sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:35:44.0446 2348sppuinotify - ok
18:35:44.0586 2348sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
18:35:44.0602 2348sptd - ok
18:35:44.0680 2348srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:35:44.0680 2348srv - ok
18:35:44.0727 2348srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:35:44.0727 2348srv2 - ok
18:35:44.0773 2348srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:35:44.0773 2348srvnet - ok
18:35:44.0820 2348ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
18:35:44.0820 2348ssadbus - ok
18:35:44.0883 2348ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:35:44.0883 2348ssadmdfl - ok
18:35:44.0929 2348ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
18:35:44.0929 2348ssadmdm - ok
18:35:44.0992 2348sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
18:35:44.0992 2348sscdbus - ok
18:35:45.0039 2348sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:35:45.0039 2348sscdmdfl - ok
18:35:45.0085 2348sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
18:35:45.0085 2348sscdmdm - ok
18:35:45.0163 2348SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:35:45.0163 2348SSDPSRV - ok
18:35:45.0195 2348SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:35:45.0195 2348SstpSvc - ok
18:35:45.0288 2348Steam Client Service - ok
18:35:45.0304 2348stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:35:45.0304 2348stexstor - ok
18:35:45.0397 2348stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:35:45.0413 2348stisvc - ok
18:35:45.0429 2348swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:35:45.0429 2348swenum - ok
18:35:45.0585 2348SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:35:45.0600 2348SwitchBoard - ok
18:35:45.0647 2348swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:35:45.0663 2348swprv - ok
18:35:45.0819 2348SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:35:45.0819 2348SysMain - ok
18:35:45.0943 2348TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:35:45.0943 2348TabletInputService - ok
18:35:46.0006 2348TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:35:46.0006 2348TapiSrv - ok
18:35:46.0021 2348TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:35:46.0021 2348TBS - ok
18:35:46.0240 2348Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:35:46.0255 2348Tcpip - ok
18:35:46.0536 2348TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:35:46.0536 2348TCPIP6 - ok
18:35:46.0645 2348tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:35:46.0645 2348tcpipreg - ok
18:35:46.0661 2348TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:35:46.0661 2348TDPIPE - ok
18:35:46.0708 2348TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:35:46.0708 2348TDTCP - ok
18:35:46.0755 2348tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:35:46.0755 2348tdx - ok
18:35:46.0801 2348TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
18:35:46.0801 2348TermDD - ok
18:35:46.0895 2348TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:35:46.0895 2348TermService - ok
18:35:46.0926 2348Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:35:46.0926 2348Themes - ok
18:35:46.0942 2348THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:35:46.0942 2348THREADORDER - ok
18:35:46.0973 2348TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:35:46.0973 2348TrkWks - ok
18:35:47.0035 2348TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:35:47.0035 2348TrustedInstaller - ok
18:35:47.0082 2348tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:35:47.0082 2348tssecsrv - ok
18:35:47.0129 2348tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:35:47.0129 2348tunnel - ok
18:35:47.0176 2348TVICHW32 (1a006963644c7fde5be60036f3a43e68) C:\Windows\system32\DRIVERS\TVICHW32.SYS
18:35:47.0176 2348TVICHW32 - ok
18:35:47.0191 2348uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:35:47.0191 2348uagp35 - ok
18:35:47.0223 2348UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
18:35:47.0223 2348UBHelper - ok
18:35:47.0269 2348udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:35:47.0269 2348udfs - ok
18:35:47.0301 2348UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:35:47.0301 2348UI0Detect - ok
18:35:47.0347 2348uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:35:47.0347 2348uliagpkx - ok
18:35:47.0410 2348umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
18:35:47.0410 2348umbus - ok
18:35:47.0441 2348UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:35:47.0441 2348UmPass - ok
18:35:47.0722 2348UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:35:47.0737 2348UNS - ok
18:35:47.0831 2348Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:35:47.0831 2348Updater Service - ok
18:35:48.0003 2348upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:35:48.0003 2348upnphost - ok
18:35:48.0065 2348USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:35:48.0065 2348USBAAPL64 - ok
18:35:48.0112 2348usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
18:35:48.0112 2348usbccgp - ok
18:35:48.0143 2348usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:35:48.0143 2348usbcir - ok
18:35:48.0174 2348usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
18:35:48.0174 2348usbehci - ok
18:35:48.0237 2348usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
18:35:48.0237 2348usbhub - ok
18:35:48.0268 2348usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
18:35:48.0268 2348usbohci - ok
18:35:48.0299 2348usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:35:48.0299 2348usbprint - ok
18:35:48.0346 2348usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:35:48.0346 2348usbscan - ok
18:35:48.0377 2348USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:35:48.0377 2348USBSTOR - ok
18:35:48.0393 2348usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
18:35:48.0393 2348usbuhci - ok
18:35:48.0471 2348usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:35:48.0471 2348usbvideo - ok
18:35:48.0486 2348UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:35:48.0502 2348UxSms - ok
18:35:48.0549 2348VaneFltr (81a9f455bf2c9180348949f7c8d93e66) C:\Windows\system32\drivers\Lachesis.sys
18:35:48.0549 2348VaneFltr - ok
18:35:48.0595 2348VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:35:48.0595 2348VaultSvc - ok
18:35:48.0673 2348vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:35:48.0673 2348vdrvroot - ok
18:35:48.0751 2348vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:35:48.0751 2348vds - ok
18:35:48.0798 2348vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:35:48.0798 2348vga - ok
18:35:48.0829 2348VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:35:48.0829 2348VgaSave - ok
18:35:48.0876 2348vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
18:35:48.0876 2348vhdmp - ok
18:35:48.0907 2348viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:35:48.0907 2348viaide - ok
18:35:48.0939 2348volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
18:35:48.0939 2348volmgr - ok
18:35:48.0985 2348volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:35:49.0001 2348volmgrx - ok
18:35:49.0032 2348volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
18:35:49.0032 2348volsnap - ok
18:35:49.0079 2348vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:35:49.0079 2348vsmraid - ok
18:35:49.0235 2348VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:35:49.0235 2348VSS - ok
18:35:49.0375 2348vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:35:49.0375 2348vwifibus - ok
18:35:49.0391 2348vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:35:49.0391 2348vwififlt - ok
18:35:49.0422 2348vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:35:49.0422 2348vwifimp - ok
18:35:49.0485 2348W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:35:49.0485 2348W32Time - ok
18:35:49.0500 2348WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:35:49.0500 2348WacomPen - ok
18:35:49.0547 2348WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:35:49.0547 2348WANARP - ok
18:35:49.0578 2348Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:35:49.0578 2348Wanarpv6 - ok
18:35:49.0734 2348WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:35:49.0734 2348WatAdminSvc - ok
18:35:49.0890 2348wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:35:49.0906 2348wbengine - ok
18:35:50.0031 2348WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:35:50.0031 2348WbioSrvc - ok
18:35:50.0093 2348wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:35:50.0093 2348wcncsvc - ok
18:35:50.0109 2348WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:35:50.0109 2348WcsPlugInService - ok
18:35:50.0155 2348Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:35:50.0155 2348Wd - ok
18:35:50.0218 2348WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:35:50.0218 2348WDC_SAM - ok
18:35:50.0280 2348Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:35:50.0280 2348Wdf01000 - ok
18:35:50.0327 2348WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:35:50.0327 2348WdiServiceHost - ok
18:35:50.0327 2348WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:35:50.0327 2348WdiSystemHost - ok
18:35:50.0389 2348WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:35:50.0389 2348WebClient - ok
18:35:50.0421 2348Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:35:50.0421 2348Wecsvc - ok
18:35:50.0452 2348wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:35:50.0467 2348wercplsupport - ok
18:35:50.0499 2348WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:35:50.0514 2348WerSvc - ok
18:35:50.0577 2348WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:35:50.0592 2348WfpLwf - ok
18:35:50.0592 2348WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:35:50.0592 2348WIMMount - ok
18:35:50.0670 2348WinDefend - ok
18:35:50.0670 2348WinHttpAutoProxySvc - ok
18:35:50.0748 2348Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:35:50.0748 2348Winmgmt - ok
18:35:50.0951 2348WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:35:50.0951 2348WinRM - ok
18:35:51.0154 2348WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:35:51.0154 2348WinUsb - ok
18:35:51.0247 2348Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:35:51.0263 2348Wlansvc - ok
18:35:51.0325 2348wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:35:51.0325 2348wlcrasvc - ok
18:35:51.0606 2348wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:35:51.0622 2348wlidsvc - ok
18:35:51.0778 2348WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:35:51.0778 2348WmiAcpi - ok
18:35:51.0856 2348wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:35:51.0856 2348wmiApSrv - ok
18:35:51.0918 2348WMPNetworkSvc - ok
18:35:51.0949 2348WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:35:51.0949 2348WPCSvc - ok
18:35:51.0981 2348WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:35:51.0981 2348WPDBusEnum - ok
18:35:52.0012 2348ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:35:52.0012 2348ws2ifsl - ok
18:35:52.0074 2348wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:35:52.0074 2348wscsvc - ok
18:35:52.0074 2348WSearch - ok
18:35:52.0277 2348wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:35:52.0293 2348wuauserv - ok
18:35:52.0449 2348WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:35:52.0449 2348WudfPf - ok
18:35:52.0511 2348WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:35:52.0511 2348WUDFRd - ok
18:35:52.0558 2348wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:35:52.0558 2348wudfsvc - ok
18:35:52.0589 2348WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:35:52.0589 2348WwanSvc - ok
18:35:52.0651 2348MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:35:52.0714 2348\Device\Harddisk0\DR0 - ok
18:35:52.0714 2348Boot (0x1200) (449b5532bc69073a98b1ee9609605bc1) \Device\Harddisk0\DR0\Partition0
18:35:52.0714 2348\Device\Harddisk0\DR0\Partition0 - ok
18:35:52.0729 2348Boot (0x1200) (0618f564671d2c05bbab03172f52fcc2) \Device\Harddisk0\DR0\Partition1
18:35:52.0745 2348\Device\Harddisk0\DR0\Partition1 - ok
18:35:52.0761 2348Boot (0x1200) (73507fa2dc37d5b08c4692b7fc0e708a) \Device\Harddisk0\DR0\Partition2
18:35:52.0761 2348\Device\Harddisk0\DR0\Partition2 - ok
18:35:52.0792 2348Boot (0x1200) (eb3eea752150b0ec38592bdbf226bd5b) \Device\Harddisk0\DR0\Partition3
18:35:52.0792 2348\Device\Harddisk0\DR0\Partition3 - ok
18:35:52.0792 2348============================================================
18:35:52.0792 2348Scan finished
18:35:52.0792 2348============================================================
18:35:52.0807 4924Detected object count: 1
18:35:52.0807 4924Actual detected object count: 1
18:35:57.0347 4924Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:35:57.0347 4924Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Never run Combofix on your own.
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.26.04
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Random McGill Guy :: RANDOMMCGILLGUY [administrator]
Protection: Disabled
26/04/2012 11:03:15 PM
mbam-log-2012-04-26 (23-03-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205602
Time elapsed: 3 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-26 23:30:52
Windows 6.1.7600
Running: i8oi3ijv.exe

---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f3d79
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f3d79@7cc537d29fda 0xCF 0x9D 0xEF 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0x1D 0xAE 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x3E 0xDD 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x9B 0x65 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f3d79 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f3d79@7cc537d29fda 0xCF 0x9D 0xEF 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0x1D 0xAE 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x3E 0xDD 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x9B 0x65 0x25 ...
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Random McGill Guy at 23:31:58 on 2012-04-26
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.2705 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
StartupFolder: C:\Users\RANDOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\RANDOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\QUIETH~1.LNK - C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 使用迅雷下载 - C:\Program Files (x86)\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder\Program\GetAllUrl.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\YouKu\common\ikutm.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
TCP: DhcpNameServer = 132.206.85.18 132.206.85.19 132.206.85.36 132.206.44.21 132.206.25.21
TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E} : DhcpNameServer = 132.206.85.18 132.206.85.19 132.206.85.36 132.206.44.21 132.206.25.21
TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\34963736F63393832323 : DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\34F6E636F62746961675962756C656373794E666F6 : DhcpNameServer = 132.205.7.81 132.205.122.20
TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\3557E6378696E65684F6573756 : DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\B4169716370275962756C6563737F5441364739383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\E696576616D696C697 : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-17 325200]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-9-17 820768]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-26 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-9-17 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-17 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-5-13 243232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
txtfile=C:\Windows\notepad.exe %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-27 02:54:45 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-27 02:27:41 -------- d-----w- C:\ComboFix
2012-04-27 01:01:17 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-27 00:32:35 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2012-04-27 00:32:35 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2012-04-27 00:32:34 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Simply Super Software
2012-04-27 00:32:34 -------- d-----w- C:\ProgramData\Simply Super Software
2012-04-27 00:32:34 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-04-26 21:43:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-26 21:43:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-26 20:49:26 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
2012-04-26 20:49:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-26 20:49:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-26 06:20:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-26 06:05:38 -------- d-----w- C:\MGtools
2012-04-26 04:27:13 -------- d-----w- C:\Program Files\HitmanPro
2012-04-26 04:27:07 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-25 18:32:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-25 18:32:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-24 23:19:52 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\WindowsApplication1
2012-04-24 17:00:24 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
2012-04-22 01:44:56 -------- d-----w- C:\ProgramData\Battle.net
2012-04-20 15:07:36 -------- d-----w- C:\ProgramData\IObit
2012-04-16 06:33:43 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Malwarebytes
2012-04-16 06:33:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 06:02:51 98816 ----a-w- C:\Windows\sed.exe
2012-04-16 06:02:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-16 06:02:51 256000 ----a-w- C:\Windows\PEV.exe
2012-04-16 06:02:51 208896 ----a-w- C:\Windows\MBR.exe
2012-04-16 05:44:35 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\IObit
2012-04-16 05:44:28 -------- d-----w- C:\Program Files (x86)\IObit
2012-04-16 05:35:44 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-16 05:35:41 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-16 05:35:20 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-16 05:35:20 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-15 12:24:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-14 00:00:18 -------- d-----w- C:\Program Files (x86)\Ludashi
2012-04-13 22:51:52 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\360mobilemgr
2012-04-13 22:43:48 -------- d-----w- C:\ProgramData\360safe
2012-04-13 22:40:42 19800 ----a-w- C:\Windows\System32\drivers\efimon.sys
2012-04-13 22:40:05 -------- d-----w- C:\Program Files (x86)\360
2012-04-13 22:39:34 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\360inst
2012-04-13 20:17:46 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-13 17:45:23 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Caiyun
2012-04-13 17:44:51 -------- d-----w- C:\Program Files (x86)\彩云游戏浏览器
2012-04-12 20:13:21 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\KuGou7
2012-04-12 20:13:16 -------- d-----w- C:\Program Files (x86)\KuGou2012
2012-04-12 06:46:02 -------- d-----w- C:\TGGAME
2012-04-12 04:18:02 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\Mozilla
2012-04-12 04:01:05 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-12 04:01:05 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-12 04:01:02 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-04-12 04:01:01 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-04-12 04:01:01 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-04-12 04:01:00 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-04-12 04:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-04-12 03:59:48 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 03:59:47 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:59:46 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 03:55:42 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 03:55:42 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 03:55:42 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 03:55:41 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 03:55:41 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 03:55:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 03:55:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 01:06:21 61440 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-04-09 01:06:21 61440 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-04-09 01:06:21 106496 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-04-09 01:06:21 106496 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-04-09 01:06:21 106496 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-04-09 01:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2012-04-09 01:06:14 -------- d-----w- C:\Program Files (x86)\Tencent
2012-04-09 01:06:05 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll
2012-04-09 01:06:05 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Tencent
2012-04-08 00:21:41 -------- d-----w- C:\Program Files (x86)\GRETECH
2012-04-07 13:32:42 -------- d-----w- C:\Program Files (x86)\Common Files\duowan
2012-04-07 13:32:12 -------- d-----w- C:\Program Files (x86)\duowan
2012-04-07 13:32:09 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\duowan
2012-04-04 05:54:08 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-31 17:05:31 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Unity
2012-03-31 16:54:30 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\Unity
2012-03-29 05:04:05 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\ATI
2012-03-29 05:00:35 0 ----a-w- C:\Windows\ativpsrm.bin
2012-03-29 04:58:41 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-29 04:58:38 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-29 04:58:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-03-29 04:58:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-03-29 04:54:29 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-03-29 04:54:17 -------- d-----w- C:\Program Files\ATI Technologies
2012-03-29 04:54:15 -------- d-----w- C:\Program Files\ATI
2012-03-29 04:52:39 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-29 03:06:01 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-29 03:01:35 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\Leshcat & Co
2012-03-29 01:26:24 -------- d-----w- C:\Program Files (x86)\ImageJ
.
==================== Find3M ====================
.
2012-04-15 12:24:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 01:30:43 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-29 01:30:41 175104 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-21 22:07:02 12311168 ----a-w- C:\Windows\System32\drivers\igdpmd64.sys
2012-03-21 22:07:02 12311168 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-03-08 19:07:16 328736 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-08 19:07:10 10858016 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 08:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 08:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 08:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 08:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 08:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 08:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 08:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 08:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 08:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 08:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 08:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 07:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 07:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 07:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 07:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 07:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 07:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 07:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 07:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 07:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 07:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 07:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 07:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 07:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 07:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 07:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 07:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 07:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 07:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 07:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 07:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 07:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 07:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 07:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 07:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 07:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 07:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 07:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 07:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 07:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-10 10:08:02 279840 ----a-w- C:\Windows\System32\ikutm.dll
2012-02-10 06:24:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:23:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:23:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:23:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:23:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:35:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:35:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-10 05:35:25 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35:25 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:35:25 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 10:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 10:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 23:32:46.24 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/12/2010 3:13:29 AM
System Uptime: 26/04/2012 10:57:59 PM (1 hours ago)
.
Motherboard: Acer | | JM31_CP
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 2394/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 53.896 GiB free.
G: is FIXED (NTFS) - 122 GiB total, 54.637 GiB free.
S: is FIXED (NTFS) - 98 GiB total, 29.12 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye webcam
Acer eRecovery Management
Acer PowerSmart Manager
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Photoshop CS5
AIDA64 Extreme Edition v1.85
Akamai NetSession Interface
Alcor Micro USB Card Reader
AMD GPU Clock Tool
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.13 (Unicode)
Auslogics Disk Defrag
Avidemux 2.5
Backup Manager Basic
BufferChm
C4400
calibre
CambridgeSoft Activation Client
CambridgeSoft ChemOffice Ultra 2010
CambridgeSoft ChemScript 12.0
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 1.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
D3DX10
DcOo CS1.6
Destinations
DeviceDiscovery
DivX Setup
DocProc
Dropbox
EndNote X5
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Feedback Tool
foobar2000 v1.1.7
Foxit Reader 5.0
Game Booster 3
GOM Player
GOMTV Streamer
Google Chrome
Google Talk Plugin
Google Update Helper
GPBaseService2
Guild Wars
Heroes of Newerth
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HydraVision
Identity Card
iKu 2
ImageJ 1.45s
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iPhoneBrowser
J2SE Runtime Environment 5.0 Update 5
Junk Mail filter update
Launch Manager
League of Legends
Mafia II
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Mass Effect 2
Medieval CUE Splitter
Mesh Runtime
Messenger Companion
MestReNova LITE 5.2.5-5780
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Minitab 15 English
Mobile Mouse Server
Monkey's Audio
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA PhysX
OpenAL
Orbit Downloader
Pando Media Booster
PDF Settings CS5
Picasa 3
PPLite 1.0.0.0090
PPS影音 V2.7.0.1345 正式版
PS_AIO_03_C4400_Software_Min
PX Profile Update
Python 2.5
Python 2.5 pywin32-210
QuickTime
Realtek High Definition Audio Driver
ResearchSoft Direct Export Helper
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype? 4.1
SmartWebPrinting
SolutionCenter
Star Wars: The Old Republic
StarCraft II
STATISTICA 8.0.725.0 CS
STATISTICA CambridgeSoft Integration
Status
Steam
System Requirements Lab CYRI
Tencent QQ
TI-83 Plus Flash Debugger
Toolbox
TrayApp
Trojan Remover 6.8.3
Ubisoft Game Launcher
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.4053
VLC media player 2.0.1
WebReg
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! Detect
YY4
μTorrent
彩云游戏浏览器 3.80
搜狐影音2.5.0.3
数据银行
百度影音1.0.23.105
迅雷
酷狗音乐2012 版本 7.1.60.15288
.
==== Event Viewer Messages From Past Week ========
.
26/04/2012 8:38:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SBRE
26/04/2012 8:37:59 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
26/04/2012 8:31:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
26/04/2012 5:57:47 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
26/04/2012 5:57:46 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
26/04/2012 4:18:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
26/04/2012 2:50:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
26/04/2012 2:49:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache SBRE spldr sptd Wanarpv6
26/04/2012 2:48:56 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
26/04/2012 11:49:15 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
26/04/2012 11:31:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
26/04/2012 10:58:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
26/04/2012 10:58:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/04/2012 10:58:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/04/2012 10:58:48 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 21
26/04/2012 10:58:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
26/04/2012 10:58:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache SASDIFSV SASKUTIL SBRE spldr Wanarpv6
26/04/2012 10:58:31 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
26/04/2012 10:44:28 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
26/04/2012 10:38:35 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
26/04/2012 10:27:21 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
26/04/2012 10:27:21 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
25/04/2012 11:53:28 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
22/04/2012 7:09:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004f26060, 0xfffff80000b9c518, 0xfffffa80047e1500). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042212-31090-01.
22/04/2012 11:50:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
22/04/2012 11:50:03 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/04/2012 11:48:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004f3a060, 0xfffff80000b9c518, 0xfffffa8009c5c760). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042212-33540-01.
21/04/2012 5:02:24 PM, Error: Microsoft Antimalware [3002] -
21/04/2012 1:27:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004f3b060, 0xfffff80000b9c518, 0xfffffa8004a29590). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042112-30997-01.
19/04/2012 7:22:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
 
Please observe rules I posted:
Please refrain from running tools or applying updates other than those I suggest.

===================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-26 23:43:12
-----------------------------
23:43:12.747 OS Version: Windows x64 6.1.7600
23:43:12.747 Number of processors: 4 586 0x2505
23:43:12.747 ComputerName: RANDOMMCGILLGUY UserName:
23:43:13.605 Initialize success
23:43:40.554 AVAST engine defs: 12042601
23:43:53.814 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:43:53.814 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:43:53.829 Disk 0 MBR read successfully
23:43:53.829 Disk 0 MBR scan
23:43:53.829 Disk 0 Windows VISTA default MBR code
23:43:53.845 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
23:43:53.860 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
23:43:53.876 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238689 MB offset 26830848
23:43:53.876 Disk 0 Partition - 00 0F Extended LBA 225148 MB offset 515667968
23:43:53.907 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 100000 MB offset 515670016
23:43:53.907 Disk 0 Partition - 00 05 Extended 125147 MB offset 720470016
23:43:53.938 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 125146 MB offset 720472064
23:43:53.970 Disk 0 scanning C:\Windows\system32\drivers
23:44:05.685 Service scanning
23:44:42.657 Modules scanning
23:44:42.657 Disk 0 trace - called modules:
23:44:42.673 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:44:42.673 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005249060]
23:44:42.688 3 CLASSPNP.SYS[fffff88001a8f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004fb0050]
23:44:43.702 AVAST engine scan C:\Windows
23:44:49.225 AVAST engine scan C:\Windows\system32
23:48:44.280 AVAST engine scan C:\Windows\system32\drivers
23:49:23.542 AVAST engine scan C:\Users\Random McGill Guy
23:58:38.403 Disk 0 MBR has been saved successfully to "C:\Users\Random McGill Guy\Desktop\MBR.dat"
23:58:38.419 The log file has been saved successfully to "C:\Users\Random McGill Guy\Desktop\aswMBR.txt"

i dunno if aswbr has run successfully it seem be to stuck at a folder in appdata/roaming
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`32d00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
 
Looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-04-26.01 - Random McGill Guy 27/04/2012 0:21.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.2542 [GMT -4:00]
执行位置: c:\users\Random McGill Guy\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kjxibaa.tmp
c:\programdata\ljxibaa.tmp
.
---- 早前运行的结果 -------
.
c:\programdata\wxzqbaa.tmp
c:\programdata\xxzqbaa.tmp
.
.
((((((((((((((((((((((((( 2012-03-27 至 2012-04-27 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-27 04:32 . 2012-04-27 04:32--------d-----w-c:\users\Default\AppData\Local\temp
2012-04-27 01:01 . 2012-04-27 01:01--------d-----w-c:\program files (x86)\ESET
2012-04-27 00:32 . 2003-02-03 00:06153088----a-w-c:\windows\SysWow64\UNRAR3.dll
2012-04-27 00:32 . 2002-03-06 05:0075264----a-w-c:\windows\SysWow64\unacev2.dll
2012-04-27 00:32 . 2012-04-27 00:32--------d-----w-c:\program files (x86)\Trojan Remover
2012-04-27 00:32 . 2012-04-27 00:32--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Simply Super Software
2012-04-27 00:32 . 2012-04-27 00:32--------d-----w-c:\programdata\Simply Super Software
2012-04-26 21:43 . 2012-04-26 21:43--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 21:43 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\program files\SUPERAntiSpyware
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-04-26 06:20 . 2012-04-26 06:20--------d-----w-C:\TDSSKiller_Quarantine
2012-04-26 06:05 . 2012-04-26 21:53--------d-----w-C:\MGtools
2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\program files\HitmanPro
2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\programdata\HitmanPro
2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\programdata\Spybot - Search & Destroy
2012-04-25 15:05 . 2012-04-26 23:40--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\vlc
2012-04-24 23:19 . 2012-04-24 23:19--------d-----w-c:\users\Random McGill Guy\AppData\Local\WindowsApplication1
2012-04-24 17:00 . 2012-04-13 08:468917360----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
2012-04-22 01:44 . 2012-04-22 01:45--------d-----w-c:\programdata\Battle.net
2012-04-20 15:07 . 2012-04-20 15:07--------d-----w-c:\programdata\IObit
2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Malwarebytes
2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\programdata\Malwarebytes
2012-04-16 05:44 . 2012-04-16 05:44--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\IObit
2012-04-16 05:44 . 2012-04-20 15:07--------d-----w-c:\program files (x86)\IObit
2012-04-16 05:35 . 2011-04-05 21:3560504----a-w-c:\windows\system32\drivers\sbhips.sys
2012-04-16 05:35 . 2011-04-05 21:3594296----a-w-c:\windows\system32\drivers\sbtis.sys
2012-04-16 05:35 . 2011-04-05 21:35253528----a-w-c:\windows\system32\drivers\SbFw.sys
2012-04-16 05:35 . 2011-02-08 13:1484568----a-w-c:\windows\system32\drivers\SbFwIm.sys
2012-04-15 12:24 . 2012-04-15 12:24418464----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 00:00 . 2012-04-26 20:16--------d-----w-c:\program files (x86)\Ludashi
2012-04-13 22:43 . 2012-04-13 23:59--------d-----w-c:\programdata\360safe
2012-04-13 22:40 . 2011-08-31 10:1819800----a-w-c:\windows\system32\drivers\efimon.sys
2012-04-13 22:40 . 2012-04-13 22:40--------d-----w-c:\program files (x86)\360
2012-04-13 20:17 . 2012-04-15 12:240--sha-w-c:\windows\system32\dds_trash_log.cmd
2012-04-13 17:45 . 2012-04-13 17:45--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Caiyun
2012-04-13 17:44 . 2012-04-13 21:18--------d-----w-c:\program files (x86)\彩云游戏浏览器
2012-04-12 20:13 . 2012-04-22 06:28--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\KuGou7
2012-04-12 20:13 . 2012-04-12 20:13--------d-----w-c:\program files (x86)\KuGou2012
2012-04-12 06:46 . 2012-04-13 17:45--------d-----w-C:\TGGAME
2012-04-12 04:18 . 2012-04-12 04:18--------d-----w-c:\users\Random McGill Guy\AppData\Local\Mozilla
2012-04-12 04:01 . 2012-02-28 06:422382848----a-w-c:\windows\system32\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:032382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:58141112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 07:37174392----a-w-c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 06:47304640----a-w-c:\program files\Internet Explorer\IEShims.dll
2012-04-12 04:01 . 2012-02-28 06:562311168----a-w-c:\windows\system32\jscript9.dll
2012-04-12 04:01 . 2012-02-28 01:08194048----a-w-c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-12 03:59 . 2012-03-06 06:435504880----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-12 03:59 . 2012-03-06 05:593958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:59 . 2012-03-06 05:593902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:55 . 2012-03-01 06:5422896----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:4080896----a-w-c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:45158720----a-w-c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:45220672----a-w-c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:355120----a-w-c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:49172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:405120----a-w-c:\windows\SysWow64\wmi.dll
2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Common Files\Tencent
2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Tencent
2012-04-09 01:06 . 2012-04-09 01:07--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Tencent
2012-04-09 01:06 . 2012-04-09 01:0618760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
2012-04-08 00:21 . 2012-04-08 00:22--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\GRETECH
2012-04-08 00:21 . 2012-04-08 00:27--------d-----w-c:\program files (x86)\GRETECH
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\Common Files\duowan
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\duowan
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\duowan
2012-03-31 16:54 . 2012-03-31 16:54--------d-----w-c:\users\Random McGill Guy\AppData\Local\Unity
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\ATI
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Local\ATI
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\programdata\ATI
2012-03-29 05:00 . 2012-03-29 05:000----a-w-c:\windows\ativpsrm.bin
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD AVT
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD APP
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files\Common Files\ATI Technologies
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\Common Files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files (x86)\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:58--------d-----w-c:\program files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files\ATI
2012-03-29 04:52 . 2012-02-15 08:13496128----a-w-c:\windows\system32\atieclxx.exe
2012-03-29 03:06 . 2012-02-15 07:1658880----a-w-c:\windows\system32\coinst.dll
2012-03-29 03:01 . 2012-03-29 03:01--------d-----w-c:\users\Random McGill Guy\AppData\Local\Leshcat & Co
2012-03-29 01:26 . 2012-03-29 01:42--------d-----w-c:\program files (x86)\ImageJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 06:05 . 2012-04-26 06:0533660----a-w-C:\MGlogs.zip
2012-04-15 12:24 . 2011-11-07 22:5570304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 01:30 . 2009-07-14 02:36152064----a-w-c:\windows\SysWow64\msclmd.dll
2012-03-29 01:30 . 2009-07-14 02:36175104----a-w-c:\windows\system32\msclmd.dll
2012-03-22 19:12 . 2012-03-22 19:124435968----a-w-c:\windows\SysWow64\GPhotos.scr
2012-02-23 14:18 . 2010-12-21 09:07279656------w-c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 08:441031680----a-w-c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 08:44826368----a-w-c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 08:44204800----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 08:4423552----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-15 02:05 . 2012-02-15 02:0569632----a-w-c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:0559904----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:0561952----a-w-c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:0554784----a-w-c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:0516507904----a-w-c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:0413238272----a-w-c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:0354272----a-w-c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:0348128----a-w-c:\windows\SysWow64\OpenCL.dll
2012-02-10 10:08 . 2012-03-20 23:26279840----a-w-c:\windows\system32\ikutm.dll
2012-02-10 06:24 . 2012-03-14 16:551544192----a-w-c:\windows\system32\DWrite.dll
2012-02-10 06:23 . 2012-03-14 16:551837568----a-w-c:\windows\system32\d3d10warp.dll
2012-02-10 06:23 . 2012-03-14 16:55902656----a-w-c:\windows\system32\d2d1.dll
2012-02-10 06:23 . 2012-03-14 16:55320512----a-w-c:\windows\system32\d3d10_1core.dll
2012-02-10 06:23 . 2012-03-14 16:55197120----a-w-c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 16:551077248----a-w-c:\windows\SysWow64\DWrite.dll
2012-02-10 05:35 . 2012-03-14 16:55218624----a-w-c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 16:551170944----a-w-c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:35 . 2012-03-14 16:55739840----a-w-c:\windows\SysWow64\d2d1.dll
2012-02-10 05:35 . 2012-03-14 16:55161792----a-w-c:\windows\SysWow64\d3d10_1.dll
2012-02-03 04:16 . 2012-03-14 16:553143168----a-w-c:\windows\system32\win32k.sys
2012-01-31 10:02 . 2012-01-31 10:0221504----a-w-c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:0016896----a-w-c:\windows\SysWow64\kdbsdk32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2009-07-14 . 738ABEE48BAF965B161A7A3E75EB444D . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_22.10.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-25 14:53 . 2012-04-27 04:1916384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-04-25 14:53 . 2012-04-26 21:4216384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-04-27 04:00 . 2012-04-27 04:2032768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042720120428\index.dat
+ 2012-04-27 01:07 . 2012-04-27 01:0717920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E3A39D1-9005-11E1-91C6-206A8A1429CE}.dat
- 2012-04-25 14:52 . 2012-04-25 14:5232768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2012-04-25 14:52 . 2012-04-27 00:4432768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-05-14 03:49 . 2012-04-27 00:3965928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-27 04:1841502 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-21 08:15 . 2012-04-27 04:1822562 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-209557282-4168680159-3086812486-1000_UserData.bin
- 2010-12-21 11:08 . 2012-04-26 20:2816384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-21 11:08 . 2012-04-27 01:0116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-21 11:08 . 2012-04-26 20:2832768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-21 11:08 . 2012-04-27 01:0132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 01:0132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 20:2832768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-04-26 03:5384368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-04-27 00:5284368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-27 02:23 . 2012-04-27 02:235632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FFCAB5CC-900F-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:50 . 2012-04-27 00:504608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC253177-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:43 . 2012-04-27 00:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA98662F-9001-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:43 . 2012-04-27 00:434608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F779B583-9001-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:17 . 2012-04-27 01:235632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D14D4201-9006-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:25 . 2012-04-27 01:254608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D02DA4B9-9007-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:15 . 2012-04-27 02:205632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CF1BC4BB-900E-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:32 . 2012-04-27 01:324608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CDF1AFF1-9008-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:02 . 2012-04-27 01:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B04D66B5-9004-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:07 . 2012-04-27 02:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACE3A619-900D-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:07 . 2012-04-27 02:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ABEA7561-900D-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:23 . 2012-04-27 01:234608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A356C3FE-9007-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:52 . 2012-04-27 01:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E8CFF89-900B-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:08 . 2012-04-27 01:084608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C7FB93F-9005-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:51 . 2012-04-27 01:514608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86A682BA-900B-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:13 . 2012-04-27 02:134608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85E5D75A-900E-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:01 . 2012-04-27 01:085632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8581D528-9004-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:20 . 2012-04-27 02:204608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83769247-900F-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:08 . 2012-04-27 01:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82DF3AA1-9005-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:15 . 2012-04-27 01:154608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82572867-9006-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:27 . 2012-04-27 02:274608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82498199-9010-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 04:00 . 2012-04-27 04:015120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8058D754-901D-11E1-8C39-206A8A1429CE}.dat
+ 2012-04-27 01:58 . 2012-04-27 01:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8003F049-900C-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:58 . 2012-04-27 01:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D390DEA-900C-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 04:00 . 2012-04-27 04:004608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D0EA90E-901D-11E1-8C39-206A8A1429CE}.dat
+ 2012-04-27 01:36 . 2012-04-27 01:364608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78B9C20E-9009-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:44 . 2012-04-27 01:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78259635-900A-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:57 . 2012-04-27 01:574608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5EF7354B-900C-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 04:20 . 2012-04-27 04:204608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{47F614EC-9020-11E1-B0FE-206A8A1429CE}.dat
+ 2012-04-27 04:20 . 2012-04-27 04:204608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{44F46266-9020-11E1-B0FE-206A8A1429CE}.dat
+ 2012-04-27 00:52 . 2012-04-27 00:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{40C11065-9003-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:45 . 2012-04-27 00:454608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3FEED311-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:41 . 2012-04-27 01:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2159534E-900A-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:44 . 2012-04-27 00:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1FBF9614-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:44 . 2012-04-27 00:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B2ABA87-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:23 . 2012-04-27 02:276144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFCAB5CE-900F-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:50 . 2012-04-27 00:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC253178-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:43 . 2012-04-27 00:434608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA986630-9001-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:43 . 2012-04-27 00:434608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F779B584-9001-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:25 . 2012-04-27 01:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D02DA4BA-9007-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:32 . 2012-04-27 01:395120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CDF1AFF2-9008-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:07 . 2012-04-27 02:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACE3A61A-900D-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:23 . 2012-04-27 01:234096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A356C3FF-9007-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:52 . 2012-04-27 01:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E8CFF8A-900B-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:20 . 2012-04-27 02:216144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{992E18C2-900F-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:23 . 2012-04-27 01:246144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94F73572-9007-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:08 . 2012-04-27 01:085120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C7FB940-9005-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 04:00 . 2012-04-27 04:004096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{89F6608B-901D-11E1-8C39-206A8A1429CE}.dat
+ 2012-04-27 01:51 . 2012-04-27 01:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86A682BB-900B-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:13 . 2012-04-27 02:205120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85E5D75B-900E-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:20 . 2012-04-27 02:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83769248-900F-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:15 . 2012-04-27 01:154096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82572868-9006-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:27 . 2012-04-27 02:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8249819A-9010-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 04:00 . 2012-04-27 04:014608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8058D755-901D-11E1-8C39-206A8A1429CE}.dat
+ 2012-04-27 01:58 . 2012-04-27 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8003F04A-900C-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:58 . 2012-04-27 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D390DEB-900C-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 04:00 . 2012-04-27 04:005632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D0EA90F-901D-11E1-8C39-206A8A1429CE}.dat
+ 2012-04-27 01:36 . 2012-04-27 01:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78B9C20F-9009-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:44 . 2012-04-27 01:515632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78259636-900A-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:08 . 2012-04-27 01:086144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7110D631-9005-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 02:12 . 2012-04-27 02:136656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F978744-900E-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:57 . 2012-04-27 01:573584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5EF7354C-900C-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 04:20 . 2012-04-27 04:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47F614ED-9020-11E1-B0FE-206A8A1429CE}.dat
+ 2012-04-27 04:20 . 2012-04-27 04:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{44F46267-9020-11E1-B0FE-206A8A1429CE}.dat
+ 2012-04-27 00:52 . 2012-04-27 00:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40C11066-9003-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:45 . 2012-04-27 00:505120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3FEED312-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:44 . 2012-04-27 00:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{28052B62-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:41 . 2012-04-27 01:414096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2159534F-900A-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:44 . 2012-04-27 00:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1FBF9615-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 00:44 . 2012-04-27 00:446144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B2ABA88-9002-11E1-91C6-206A8A1429CE}.dat
+ 2012-04-27 01:12 . 2012-04-27 01:123584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0DF6EE45-9006-11E1-91C6-206A8A1429CE}.dat
- 2012-04-26 21:50 . 2012-04-26 21:502048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-27 02:54 . 2012-04-27 04:142048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-26 21:50 . 2012-04-26 21:502048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-27 02:54 . 2012-04-27 04:142048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-25 14:52 . 2012-04-27 04:20425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-04-13 20:43 . 2012-04-26 21:47262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-13 20:43 . 2012-04-27 04:20262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:20196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-26 06:21 . 2012-04-27 02:27229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042620120427\index.dat
+ 2012-04-27 01:07 . 2012-04-27 01:07133632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E3A39CF-9005-11E1-91C6-206A8A1429CE}.dat
+ 2010-12-23 19:35 . 2012-04-27 00:28736358 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-04-27 02:52470276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-26 21:471785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:201785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 21:479650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:209650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-04-27 02:544967904 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-04-27 00:407162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-13 23:577162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-12-21 10:35 . 2012-04-26 21:492044920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-21 10:35 . 2012-04-27 02:532044920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2012-04-27 04:2510797056 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-26 22:0310797056 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-12-21 20:37 . 2012-04-27 02:5253283684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-209557282-4168680159-3086812486-1000-12288.dat
+ 2012-04-13 23:03 . 2012-04-27 02:5210698444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
-- 快照技术重新设置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-04-13 1239312]
.
c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
quietHDD - Shortcut.lnk - c:\users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe [2010-12-24 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime FileREG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-03 820768]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_NotSynced]
@="{87B33B34-0E92-4821-B787-9DF83BDC3BEA}"
[HKEY_CLASSES_ROOT\CLSID\{87B33B34-0E92-4821-B787-9DF83BDC3BEA}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Synced]
@="{78C3446F-4276-4AC1-B17F-F580836D7AD6}"
[HKEY_CLASSES_ROOT\CLSID\{78C3446F-4276-4AC1-B17F-F580836D7AD6}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Syncing]
@="{E427F712-D68E-4BE6-886F-B088037A87CB}"
[HKEY_CLASSES_ROOT\CLSID\{E427F712-D68E-4BE6-886F-B088037A87CB}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-03 496160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
------- 而外的扫描 -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 使用迅雷下载 - c:\program files (x86)\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder\Program\GetAllUrl.htm
LSP: c:\program files (x86)\YouKu\common\ikutm.dll
TCP: DhcpNameServer = 132.206.85.18 132.206.85.19 132.206.85.36 132.206.44.21 132.206.25.21
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{01443AEC-0FD1-40FD-9C87-E93D1494C233}"=hex:51,66,7a,6c,4c,1d,38,12,82,39,57,
05,e3,41,93,05,e3,91,aa,7d,11,ca,86,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:9b,ad,37,9f,0e,24,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"慤慴"=hex:47,b5,77,c6,35,85,e5,ba,81,8b,d8,e4,3c,48,33,d0,d8,1b,06,34,1b,dd,
63,cc,0e,f7,95,84,82,51,4e,61,17,69,bc,94,67,8d,73,c9,51,0b,b0,5e,19,00,c2,\
"歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,b1,07,fa,28,8f,9a,55,c6,6b,ce,3f,9b,9e,6a,c2,50,38,6c,28,92,
b0,62,83,d3,9e,9a,8a,85,2d,9d,9e,80,3a,6e,29,15,93,3f,ed,ff,55,59,cb,fe,7d,\
"rkeysecu"=hex:eb,3f,2e,50,0b,a5,eb,8b,44,7b,20,03,d6,14,a8,b6
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-04-27 00:34:25
ComboFix-quarantined-files.txt 2012-04-27 04:34
ComboFix2.txt 2012-04-26 22:12
ComboFix3.txt 2012-04-16 06:27
.
Pre-Run: 57,848,197,120 bytes free
Post-Run: 57,910,321,152 bytes free
.
- - End Of File - - FA33153C5B01097426B255CAF486ED22
 
hi, i just tried to use internet this morning and the redirect is happenning to both IE and chrome still, also, chrome seems to use a lot of cpu (up to 50%) even when only 1 tab is open :(
 
Combofix log looks good.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
user32.dll
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
otl.txt

OTL logfile created on: 27/04/2012 12:02:27 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Random McGill Guy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 41.14% Memory free
7.35 Gb Paging File | 4.60 Gb Available in Paging File | 62.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.09 Gb Total Space | 55.69 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
Drive G: | 122.21 Gb Total Space | 54.64 Gb Free Space | 44.71% Space Free | Partition Type: NTFS
Drive S: | 97.66 Gb Total Space | 29.12 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

Computer Name: RANDOMMCGILLGUY | User Name: Random McGill Guy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 12:01:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe
PRC - [2012/04/12 20:12:00 | 001,239,312 | ---- | M] (Simply Super Software) -- C:\Program Files (x86)\Trojan Remover\Trjscan.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/21 14:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2012/02/14 22:49:08 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/05/25 22:31:20 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/05/25 22:31:20 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/05/25 22:31:18 | 000,960,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 19:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/07/13 21:14:35 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sdiagnhost.exe
PRC - [2009/07/13 21:14:25 | 000,983,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdt.exe
PRC - [2009/01/12 21:01:44 | 000,061,440 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/15 15:16:32 | 000,516,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster 3\sqlite3.dll
MOD - [2010/03/08 20:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/01/12 21:01:44 | 000,061,440 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/15 04:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/02 20:19:32 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/15 08:24:43 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/22 15:27:04 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/25 22:31:20 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/27 10:06:59 | 000,027,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/21 18:07:02 | 012,311,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/03/21 18:07:02 | 012,311,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/08 15:07:16 | 000,328,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/08 15:07:10 | 010,858,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/26 21:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/10/26 21:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011/10/26 21:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/10/26 21:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/10/26 21:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/10/26 21:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/10/26 21:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/08/02 21:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 21:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/12/24 12:45:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/12/21 06:08:45 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/07 14:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 01:21:26 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/12/22 13:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/01 22:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/28 13:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2010/12/21 06:08:45 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.105\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Random McGill Guy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Random McGill Guy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Random McGill Guy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Random McGill Guy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/03 18:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/03 18:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/04 23:20:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/04 23:20:43 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.105\npxbdyy.dll
CHR - plugin: Bio3D (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
CHR - plugin: ChemDraw (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Video Calling Plugin (Disabled) = C:\Users\Random McGill Guy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - Extension: YouTube = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/27 00:32:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - Startup: C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD - Shortcut.lnk = C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder\Program\geturl.htm ()
O8:64bit: - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder\Program\getAllurl.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder\Program\getAllurl.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.pplive.com/config/pplite/pluginsetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/08 00:56:05 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 12:01:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe
[2012/04/27 10:06:58 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/04/27 00:48:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/27 00:00:31 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Random McGill Guy\Desktop\boot_cleaner.exe
[2012/04/26 23:43:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Random McGill Guy\Desktop\aswMBR.exe
[2012/04/26 23:03:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Random McGill Guy\Desktop\dds.scr
[2012/04/26 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/26 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Documents\Simply Super Software
[2012/04/26 20:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/26 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/26 20:32:34 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Simply Super Software
[2012/04/26 20:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/04/26 20:30:53 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/04/26 20:02:38 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/04/26 17:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 17:43:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/26 17:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/26 17:04:06 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Desktop\AntiSpyware
[2012/04/26 16:49:26 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/26 16:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/26 16:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/26 16:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/26 16:38:27 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\Random McGill Guy\Desktop\ComboFix.exe
[2012/04/26 02:20:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/26 02:05:38 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/04/26 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/26 00:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/04/26 00:26:19 | 008,252,840 | ---- | C] (SurfRight B.V.) -- C:\Users\Random McGill Guy\Desktop\HitmanPro36_x64.exe
[2012/04/25 14:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/25 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/25 11:05:48 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\vlc
[2012/04/24 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\WindowsApplication1
[2012/04/21 21:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/04/20 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Desktop\MLG Music
[2012/04/20 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012/04/20 11:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/16 02:33:43 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Malwarebytes
[2012/04/16 02:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/16 02:02:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/16 02:02:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/16 02:02:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/16 02:02:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/16 02:02:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/16 01:44:35 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\IObit
[2012/04/16 01:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/04/16 01:35:44 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/04/16 01:35:41 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/04/16 01:35:20 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/04/16 01:35:20 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/04/13 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\鲁大师
[2012/04/13 20:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ludashi
[2012/04/13 18:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\360safe
[2012/04/13 18:40:42 | 000,019,800 | ---- | C] (360安全中心) -- C:\Windows\SysNative\drivers\efimon.sys
[2012/04/13 18:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\360
[2012/04/13 13:45:23 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Caiyun
[2012/04/13 13:44:52 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\彩云游戏浏览器
[2012/04/13 13:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\彩云游戏浏览器
[2012/04/13 13:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\彩云游戏浏览器
[2012/04/12 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\酷狗音乐2012
[2012/04/12 16:13:21 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\KuGou7
[2012/04/12 16:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KuGou2012
[2012/04/12 02:46:02 | 000,000,000 | ---D | C] -- C:\TGGAME
[2012/04/12 00:18:02 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\Mozilla
[2012/04/12 00:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/08 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2012/04/08 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Software
[2012/04/08 21:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2012/04/08 21:06:14 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Documents\Tencent Files
[2012/04/08 21:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2012/04/08 21:06:05 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Tencent
[2012/04/07 22:15:20 | 001,456,920 | ---- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Random McGill Guy\Desktop\free.exe
[2012/04/07 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\GRETECH
[2012/04/07 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Documents\GomPlayer
[2012/04/07 20:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2012/04/07 16:41:01 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Desktop\2012SVP Handbook
[2012/04/07 09:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\duowan
[2012/04/07 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\多玩
[2012/04/07 09:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\duowan
[2012/04/07 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\duowan
[2012/04/03 16:26:23 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Mozilla
[2012/03/31 12:54:30 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\Unity
[2012/03/29 01:04:05 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\ATI
[2012/03/29 01:04:05 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\ATI
[2012/03/29 01:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/29 00:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/29 00:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/03/29 00:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/03/29 00:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/03/29 00:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/29 00:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/03/29 00:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/03/29 00:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/29 00:52:39 | 000,496,128 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/03/29 00:52:39 | 000,235,520 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/03/29 00:52:36 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/03/29 00:52:33 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/03/28 23:06:01 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/03/28 23:01:35 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\Leshcat & Co
[2012/03/28 21:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ
[2012/03/28 21:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageJ
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/27 12:01:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe
[2012/04/27 10:15:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 10:15:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 10:08:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 10:08:15 | 2960,461,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/27 10:06:59 | 000,027,936 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/04/27 10:06:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/04/27 09:21:43 | 000,001,105 | ---- | M] () -- C:\Users\Random McGill Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/27 00:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/27 00:19:47 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Random McGill Guy\Desktop\ComboFix.exe
[2012/04/26 23:58:38 | 000,000,512 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\MBR.dat
[2012/04/26 23:02:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Random McGill Guy\Desktop\dds.scr
[2012/04/26 22:57:02 | 000,302,592 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\i8oi3ijv.exe
[2012/04/26 22:54:25 | 004,967,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/26 22:22:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Random McGill Guy\Desktop\aswMBR.exe
[2012/04/26 20:01:13 | 000,001,258 | ---- | M] () -- C:\Users\Random McGill Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/26 18:10:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.trb
[2012/04/26 16:45:01 | 000,000,020 | ---- | M] () -- C:\Users\Random McGill Guy\defogger_reenable
[2012/04/26 02:05:40 | 000,033,660 | ---- | M] () -- C:\MGlogs.zip
[2012/04/26 00:26:53 | 008,252,840 | ---- | M] (SurfRight B.V.) -- C:\Users\Random McGill Guy\Desktop\HitmanPro36_x64.exe
[2012/04/21 22:04:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/21 22:03:49 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/21 22:03:49 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/17 11:35:05 | 000,734,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/16 01:32:40 | 000,739,794 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/15 08:24:39 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/12 16:09:22 | 000,000,168 | ---- | M] () -- C:\ProgramData\GeorgeYohngVST.ini
[2012/04/10 01:56:21 | 000,000,120 | ---- | M] () -- C:\Users\Random McGill Guy\webct_upload_applet.properties
[2012/04/08 21:06:05 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012/04/07 22:15:50 | 001,456,920 | ---- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Random McGill Guy\Desktop\free.exe
[2012/04/07 09:32:43 | 000,000,256 | ---- | M] () -- C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/29 01:00:35 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/27 09:50:02 | 000,027,936 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/04/26 23:58:38 | 000,000,512 | ---- | C] () -- C:\Users\Random McGill Guy\Desktop\MBR.dat
[2012/04/26 23:00:10 | 000,302,592 | ---- | C] () -- C:\Users\Random McGill Guy\Desktop\i8oi3ijv.exe
[2012/04/26 20:32:35 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/04/26 20:32:35 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/04/26 20:31:12 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/04/26 16:45:01 | 000,000,020 | ---- | C] () -- C:\Users\Random McGill Guy\defogger_reenable
[2012/04/26 02:05:40 | 000,033,660 | ---- | C] () -- C:\MGlogs.zip
[2012/04/16 02:02:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/16 02:02:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/16 02:02:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/16 02:02:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/16 02:02:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/16 01:33:32 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/13 16:17:46 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/08 21:06:05 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012/04/07 09:32:43 | 000,000,256 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048
[2012/03/29 01:00:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/29 00:53:35 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/03/29 00:53:35 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/03/29 00:53:35 | 000,867,020 | ---- | C] () -- C:\Windows\SysNative\igkrng575.bin
[2012/03/29 00:53:35 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/03/29 00:53:35 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/03/29 00:53:35 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/03/29 00:53:35 | 000,017,496 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/03/29 00:53:35 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/03/29 00:53:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/03/29 00:53:32 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/03/29 00:53:32 | 000,105,608 | ---- | C] () -- C:\Windows\SysNative\igfcg575m.bin
[2012/03/29 00:53:28 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/03/29 00:53:28 | 000,128,204 | ---- | C] () -- C:\Windows\SysNative\igcompkrng575.bin
[2012/03/29 00:53:25 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/29 00:53:25 | 000,211,303 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/03/29 00:53:25 | 000,182,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/03/29 00:53:25 | 000,153,167 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/03/29 00:53:25 | 000,138,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/03/29 00:53:25 | 000,136,603 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/03/29 00:53:25 | 000,135,370 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/03/29 00:53:25 | 000,134,836 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/03/29 00:53:25 | 000,134,412 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/03/29 00:53:25 | 000,133,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/03/29 00:53:25 | 000,133,709 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/03/29 00:53:25 | 000,133,178 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/03/29 00:53:25 | 000,132,788 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/03/29 00:53:25 | 000,128,996 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/03/29 00:53:25 | 000,128,831 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/03/29 00:53:25 | 000,117,636 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/03/29 00:53:25 | 000,116,348 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/03/29 00:53:25 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/03/29 00:53:25 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/03/29 00:53:24 | 000,198,139 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/03/29 00:53:24 | 000,156,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/03/29 00:53:24 | 000,149,009 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/03/29 00:53:24 | 000,140,216 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/03/29 00:53:24 | 000,137,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/03/29 00:53:24 | 000,137,668 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/03/29 00:53:24 | 000,135,628 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/03/29 00:53:24 | 000,134,384 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/03/29 00:53:24 | 000,133,404 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/03/29 00:53:24 | 000,132,889 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/03/29 00:53:24 | 000,131,839 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/03/29 00:53:24 | 000,128,535 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/03/29 00:53:24 | 000,124,056 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/03/29 00:53:19 | 000,037,305 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/03/29 00:52:29 | 002,427,392 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/03/29 00:52:29 | 000,601,728 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/03/29 00:52:29 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/29 00:52:29 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/03/29 00:52:29 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/29 00:52:29 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2012/03/29 00:52:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/03/29 00:52:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2012/03/29 00:52:28 | 002,425,664 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/03/29 00:52:28 | 000,235,072 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/03/29 00:52:28 | 000,235,072 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/26 18:04:43 | 000,000,064 | ---- | C] () -- C:\Windows\minitab.ini
[2011/11/23 00:22:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\np_plugin.dll
[2011/11/13 01:56:21 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\bdsecushr.dat
[2011/11/13 01:54:59 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI
[2011/11/05 05:14:00 | 000,000,911 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Roaming\coreavc.ini
[2011/10/26 16:06:29 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/10/23 13:00:22 | 000,188,764 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/04 23:16:22 | 000,174,869 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/04 23:16:22 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/09/17 21:48:00 | 000,000,168 | ---- | C] () -- C:\ProgramData\GeorgeYohngVST.ini
[2011/08/22 23:01:21 | 000,003,584 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 16:21:46 | 000,000,600 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Roaming\winscp.rnd
[2011/02/15 16:18:30 | 000,000,600 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Local\PUTTY.RND
[2011/02/08 15:35:22 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2011/02/08 15:35:22 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2011/01/04 12:03:40 | 000,739,794 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/17 03:32:42 | 000,001,275 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/14 00:28:17 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/05/14 00:28:17 | 000,000,169 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/05/14 00:28:17 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini

========== LOP Check ==========

[2011/11/16 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Audacity
[2011/09/05 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Auslogics
[2011/11/02 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\avidemux
[2010/12/24 05:31:54 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Bioshock
[2012/04/13 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Caiyun
[2011/06/22 02:25:08 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\calibre
[2011/05/18 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Canon
[2010/12/24 12:48:23 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\DAEMON Tools Lite
[2012/04/27 12:00:03 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Dropbox
[2012/04/07 09:32:12 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\duowan
[2011/10/27 23:32:09 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\e-academy Inc
[2011/10/27 23:41:15 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\EndNote
[2012/04/12 16:09:22 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\foobar2000
[2011/12/25 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Foxit Software
[2011/10/24 20:55:01 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\GrabPro
[2011/05/10 20:58:50 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Hi-Rez Studios
[2012/04/16 01:44:35 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\IObit
[2011/06/13 23:21:25 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\KuGou
[2012/04/22 02:28:40 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\KuGou7
[2010/12/21 07:28:45 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\LolClient
[2012/04/25 10:22:47 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Orbit
[2012/02/06 11:03:51 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\PPlive
[2012/04/14 23:24:38 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\PPStream
[2011/10/24 20:55:03 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\ProgSense
[2011/12/28 06:27:25 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\redsn0w
[2011/09/15 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\SharePod
[2012/04/26 20:32:34 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Simply Super Software
[2011/01/04 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\SoftGrid Client
[2011/02/11 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\StatSoft
[2011/12/24 01:53:22 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\SystemRequirementsLab
[2012/04/08 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Tencent
[2011/05/07 16:07:31 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\The Creative Assembly
[2011/12/07 14:11:05 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Thinstall
[2011/01/04 12:04:13 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\TP
[2011/01/30 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Ubisoft
[2012/04/26 17:28:08 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\uTorrent
[2011/02/27 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Windows Live Writer
[2010/12/24 15:46:47 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\XRay Engine
[2012/03/05 10:02:42 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/02/08 00:56:05 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 16:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/04/27 00:34:26 | 000,057,142 | ---- | M] () -- C:\ComboFix.txt
[2012/04/27 10:08:15 | 2960,461,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 02:05:40 | 000,033,660 | ---- | M] () -- C:\MGlogs.zip
[2012/04/27 10:08:15 | 3947,286,528 | -HS- | M] () -- C:\pagefile.sys
[2010/06/23 02:38:44 | 000,000,920 | RHS- | M] () -- C:\Patch.rev
[2010/12/21 04:44:01 | 000,000,210 | RHS- | M] () -- C:\Preload.rev
[2010/09/17 02:55:26 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
[2012/04/26 22:26:47 | 000,000,522 | ---- | M] () -- C:\rkill.log
[2012/01/25 14:20:16 | 001,291,311 | ---- | M] () -- C:\s23g.3
[2012/01/25 14:20:16 | 000,698,147 | ---- | M] () -- C:\s23g.4
[2012/01/25 14:43:33 | 001,290,676 | ---- | M] () -- C:\s23g.a
[2012/01/25 14:43:33 | 000,697,899 | ---- | M] () -- C:\s23g.b
[2012/01/25 14:51:13 | 001,290,054 | ---- | M] () -- C:\s23g.g
[2012/01/25 14:51:13 | 000,697,839 | ---- | M] () -- C:\s23g.h
[2012/01/25 15:03:46 | 001,289,707 | ---- | M] () -- C:\s2b8.4
[2012/01/25 15:03:46 | 000,697,813 | ---- | M] () -- C:\s2b8.5
[2011/05/01 19:43:00 | 000,213,158 | ---- | M] () -- C:\shared.log
[2012/04/16 01:58:25 | 000,136,646 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_16.04.2012_01.56.46_log.txt
[2012/04/26 02:11:23 | 000,004,432 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_02.11.18_log.txt
[2012/04/26 02:20:24 | 000,137,524 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_02.17.18_log.txt
[2012/04/26 18:36:11 | 000,137,602 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_18.35.15_log.txt
[2012/03/29 00:48:09 | 000,613,113 | ---- | M] () -- C:\YUC_uninstall_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/26 20:01:13 | 000,000,221 | -HS- | M] () -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2002/06/30 12:30:36 | 000,024,576 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\AlwaysOnTopMaker.exe
[2012/04/26 22:22:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Random McGill Guy\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Random McGill Guy\Desktop\boot_cleaner.exe
[2012/04/27 00:19:47 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Random McGill Guy\Desktop\ComboFix.exe
[2012/04/07 22:15:50 | 001,456,920 | ---- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Random McGill Guy\Desktop\free.exe
[2012/04/26 00:26:53 | 008,252,840 | ---- | M] (SurfRight B.V.) -- C:\Users\Random McGill Guy\Desktop\HitmanPro36_x64.exe
[2012/04/26 22:57:02 | 000,302,592 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\i8oi3ijv.exe
[2012/04/27 12:01:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/27 10:08:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/05 10:02:42 | 000,032,618 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/03/28 22:00:46 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/03/28 22:00:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/03/24 21:47:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/03/24 21:47:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/03/28 22:00:46 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/03/24 21:48:41 | 000,000,402 | -HS- | M] () -- C:\Users\Random McGill Guy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/17 03:02:05 | 000,015,973 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe4.log
[2012/04/12 16:09:22 | 000,000,168 | ---- | M] () -- C:\ProgramData\GeorgeYohngVST.ini
[2011/11/19 04:02:31 | 000,001,866 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/12/21 04:59:58 | 000,000,090 | ---- | M] () -- C:\ProgramData\PS.log
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/12/21 04:47:18 | 000,000,020 | ---- | M] ()(C:\Windows\e?Q) -- C:\Windows\ðõQ
[2010/12/21 04:47:17 | 000,000,020 | ---- | C] ()(C:\Windows\e?Q) -- C:\Windows\ðõQ

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
< End of report >
 
Extras.txt

OTL Extras logfile created on: 27/04/2012 12:02:27 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Random McGill Guy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 41.14% Memory free
7.35 Gb Paging File | 4.60 Gb Available in Paging File | 62.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.09 Gb Total Space | 55.69 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
Drive G: | 122.21 Gb Total Space | 54.64 Gb Free Space | 44.71% Space Free | Partition Type: NTFS
Drive S: | 97.66 Gb Total Space | 29.12 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

Computer Name: RANDOMMCGILLGUY | User Name: Random McGill Guy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器
"C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA3DD80-3BDB-43AA-9C57-C3CF6B51BC22}" = rport=138 | protocol=17 | dir=out | app=system |
"{13738869-083A-4478-A27A-60B59FD35FA8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DE2FD3E-1D4D-4961-90CE-D7B1D8FB2958}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher |
"{241337A3-956E-4201-82F0-E3D5D2B07009}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{24CAF544-291D-41B5-A8F9-02C70633023C}" = lport=139 | protocol=6 | dir=in | app=system |
"{2F99B49B-1FA2-4F61-8F8F-A0850A515D28}" = lport=137 | protocol=17 | dir=in | app=system |
"{3009F9B7-2479-49E8-AC69-271367E58EB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{30239504-109D-4E58-9C5F-E4302F824223}" = rport=445 | protocol=6 | dir=out | app=system |
"{3571E915-23C2-4E45-B3F8-26F53BF3D935}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{3F54A764-FC6B-4506-B209-C0E8EA9701E7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F54AC19-E326-4927-B327-132FED9336D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46D00F47-1571-4FFA-9C51-A9C00DDAAD6B}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{4965201A-6068-4A7B-83F6-79A0853B3AE3}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{4EA5BD93-67AF-4781-8669-76F2117DCD04}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F82C3C7-B89D-43E2-9D9E-C7946F8B9348}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D05369F-A0A4-40D5-89FF-1DEC2AD9B66D}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EDA869A-8880-44F7-9BE4-4ECCAFCD3ADD}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F0A6D28-0E04-460A-A3F2-05A0C6C0CE37}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{8DCC2045-1550-4ED9-99CE-5C069486F075}" = rport=137 | protocol=17 | dir=out | app=system |
"{8E3A29D7-9BBE-41F5-BD16-EEE78B1286E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{940AF888-7A62-4319-A339-6CB8CAD990DF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0512B7-C79F-4349-B688-D01DA86C5B03}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A7550BE3-146F-4EE5-991B-BDD324C90D85}" = lport=138 | protocol=17 | dir=in | app=system |
"{A839EE2C-89EB-48C6-8107-CF086D1CE171}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B531BE2B-0194-4315-AAD4-3DC4E41C287A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6C53DE1-1176-4E9A-BD70-440FE7EF55C2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{BED1BA78-9FED-40E9-8563-E5E712030C85}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher |
"{CC6FD594-6E18-4038-AD24-621BCD291D00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD6AF9A8-1ABC-4FA5-80BA-775A8DFE684A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4E04F78-CE78-4897-8855-448B77CF6739}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DE54605C-14D0-4CED-8B41-E624B4957C68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEDA3BE3-7BA0-4C83-908E-C433A6461352}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{DF4BBF27-8F88-450F-8899-E9F69B760512}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E1BA124D-F5C8-4488-9D8D-C0EDFE585014}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F2C37334-1488-4874-8851-669A72BCF7AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F322990B-BC39-49BB-B25E-94664D51014B}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{F33161F9-24B8-40A1-A994-40B39651BB4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6F0625F-E8BD-40BF-97DB-5DCA1F73FC24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA84EDBA-704A-4F2D-A280-06E0938B3FC2}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01864F61-C581-4A01-AA19-2B37EC276957}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{027DE11E-0CA5-4DCA-8E8A-FF700B6019E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{02E2A98F-2B0A-489D-B66A-5434626C8846}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{03C2CA78-50E0-4761-BA08-679507CB0728}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{040437A4-6517-4090-BAC6-0F922E23AA74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{04FDAC49-6103-4A2F-B838-FFC8B2272915}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05AA64A3-DE23-4074-AD10-7C3DB90D739F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05C20073-7716-4D5E-A71C-F0F88853C7B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{072A7522-8BD3-4C90-8E67-3435BD2803EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07979DC6-E5F5-49FC-88A3-8DC441EB5CB3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09EBCC3A-2C72-4D30-826C-3702B051E2C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A89F0BA-BDD4-4257-9CEB-E310A9E24492}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0BEE485B-EFA7-471C-95B3-FF732AD622C9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1068D988-FAE6-495C-A2D5-07DBA406E33B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{113A0D20-7A13-4DD8-809C-EA0E4765DE52}" = protocol=17 | dir=in | app=g:\league of legends\game\league of legends.exe |
"{125034F7-8742-45FE-A653-231B0056B6D5}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{12539122-FB34-4779-8507-A7207836B0F5}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\game\league of legends.exe |
"{125D85CF-ED6E-4EE4-8D33-6412B04E4AF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12B87448-E866-48BF-9CB6-607F046910DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{133FC93A-1D57-4593-BEAA-FED1191179ED}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{135B0434-D13E-48D0-B4B1-52026E3DD0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14AF5EA8-043C-4BE1-AE35-E31B273EA324}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
"{1505DAF7-205F-4512-9223-6111285DF320}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15D3202C-6A27-4523-88A2-45B15E86CA88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16C8C296-FA9A-4DAF-A3D7-E0A661F550AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16D6F0F9-B438-4DA6-A845-F0E86075EB87}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{170A1976-8368-47AA-A957-E85DBC41DE9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17795B4E-04DC-4C51-81E1-B343C80C7289}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{194D7EA5-A1D0-42CD-8BDD-0CE6A220B01D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1AD6F315-9B20-491E-A922-A7A618993380}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1BA41296-3B1E-40E5-9618-C44C02D77907}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C4703ED-9466-4276-B6B0-B57817F701C3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1D53C7D7-F1DE-465C-A2E5-AEAC282DF026}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
"{1D615B4F-7D17-4F3E-A5A8-8C627E751546}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E41EBA3-A05C-4D19-B110-A12F58E1ED46}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1E952E1E-7A3B-4A9A-8697-D1C4470BC5B9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{1EB71BA1-18A3-4909-A5DA-710918A36B6B}" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
"{20F4C0E5-0D9C-457A-B50F-B16D7F660EC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21C6302A-AEF9-43D6-989B-DD4BBECA0B17}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{235B99DF-E833-4389-82C6-F275F1492B6D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{23CABCF7-19DC-49CA-91A7-E6C2DC1CD79C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25EAD7E0-D448-4DE5-92E6-33BF439BDB6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27006A3E-F16F-46BB-B1E8-22201CCBC975}" = protocol=6 | dir=in | app=g:\league of legends\air\lolclient.exe |
"{27368E72-0083-4F64-BC01-5C42F2987FF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2930196D-4380-48E4-8222-06366136693D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2AAE3D88-4A1F-40F3-8355-D970D3248288}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B240F8E-19EB-4E25-9E32-1821ED338256}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\xlbugreport.exe |
"{2BC5D1A6-F35C-40AA-AACF-E3080CFA32EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2BDC4839-8BDC-4C77-86BB-FDEF1E9F9166}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CE6E34E-C45C-409B-ABB5-EF71C1D1B63D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D9916F0-BDC0-4A1D-A532-FAF6628522A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E0777DF-B195-4577-A037-286BD4E54A8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.exe |
"{2E279C32-97D7-4643-86FE-1953F9E565E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E4F2826-FD8B-4223-BF7A-999DBE180FD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F54B356-C3BC-4B2D-A5F9-CD25CA89AD6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{309A10C5-97ED-496D-8973-2A3B5357695D}" = protocol=17 | dir=in | app=g:\edeneternal\edeneternal\_launcher.exe |
"{30B13C61-CAEA-4690-ABE0-974733C5DC10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3203B14A-9B0C-4E4C-8BAE-B96C9F406A63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{327F2461-EB41-40E9-BEDB-089813B62EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35B7097A-37F2-480B-A48C-1AD19D985691}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\xlbugreport.exe |
"{35C49ECC-9F1A-4E90-B46B-C4BFEAF0FBC6}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe |
"{37208E0A-7D5F-422B-A284-407282692D0E}" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
"{38EB5D2F-A0A3-48C2-9867-035BF03103F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A0F398E-E0E0-462C-90DD-132A1413D816}" = protocol=17 | dir=in | app=g:\league of legends\air\lolclient.exe |
"{3B77F55F-6D72-4013-886F-DCCF98C9E0D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D088476-8F18-4DB2-B891-9E47602A1F8F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3E868AD5-EFB0-4470-9C4F-0B4221628873}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3EDA9731-66E3-4B9B-92AC-82DB55046F33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{442C089F-392E-4A84-9A1E-73FAD277F636}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44EF07E4-76DB-4F45-A77C-A193C4995F1B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{45E25F2E-10A3-4E26-9DDB-433A22E71D10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{46A96694-7882-4CAE-9997-2AB613F73269}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{479BF5A1-3684-42FC-A615-D7F785A658CE}" = protocol=17 | dir=in | app=g:\dragon age\bin_ship\daorigins.exe |
"{47CFDFB0-9723-4AD0-B207-3D7AAA8770C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{48264513-7295-4A65-9A04-7A2D02BF17D8}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.105\statreport.exe |
"{4A3B08D5-5EEF-48A6-B372-7B3E4C80C7A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{4BBE4DD9-B172-4049-B80D-BCA02DE13ABC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4DC59591-43F7-42F0-8242-1FB51ABAF905}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DF0D7EC-F27A-49FD-9820-3C8512E3E1FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E5BF389-D6E5-4C28-AC97-AAFF299ED063}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{4F4BFB82-2464-4343-954C-B9AB2320A711}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4F809696-FF09-486A-BD9A-EFCEE51E8318}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{51111681-2C40-4D86-AF3F-AA3F096470E1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{52DD5A53-5E3F-40DD-AC55-34F61A4AAAF8}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe |
"{53F3ABB5-AEF6-4F6E-BCF8-4C1269C72AA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5435ED0C-5BD7-4E0B-8E9A-D1A4BFC80C62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{551A0B40-B829-4458-96BF-02671B195861}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{555A46BB-E3CF-4A2A-9F00-29E0D8A11CF8}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5595CD0A-2E2D-467F-980F-395988FC6D49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{56FEE372-7AC8-4958-8816-98E73FB718DB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{58C54DEF-61B4-4DE2-B9D1-5F70EC610F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5AE43AB1-46A3-47D4-A037-C9C7A50E0FB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B9F4D77-E2B0-4BB9-A4ED-11EBAF4A55AE}" = protocol=6 | dir=in | app=g:\league of legends\lol.launcher.exe |
"{5BDB0D3E-AC53-442E-9560-2E0A842C508F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5D69D67F-5002-47BA-A945-EA1C1E9367BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E1761C5-9644-4373-B948-51AE3FC9C385}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E3E9D31-997C-4647-A20A-D61C900EE4A6}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
"{5ED90563-529F-4399-9D73-735FFDD63FFC}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunderservice.exe |
"{5F123404-7E63-4212-BD56-9FA3CAA7783A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F3AB1AA-7125-4300-82DE-E44B5047865C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{5FAA65A3-373B-4674-A0D5-63B866DCB27C}" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
"{6130BB5A-0A9E-4C82-943C-273080990A48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{622E9F3F-89E4-4536-B923-ED56D7F82A0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{647251C1-1A5C-42E7-94D9-85681F7ADEB1}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.105\baiduplayer.exe |
"{655C958D-A37A-415D-A241-87689623B116}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{661D22DC-4FF2-4C99-ABB6-489EB867B7EC}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.105\baidup2pservice.exe |
"{66ABE1AB-2441-4718-AB4A-6B8499AB350A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{66F87820-98A7-4E2C-9EB9-F8295F11CE28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{684084A4-A8D7-482D-B817-7FC55DBA4545}" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
"{698C4B5F-C0DB-426C-8534-47DDD484B634}" = protocol=17 | dir=in | app=g:\prototype\prototypef.exe |
"{6A941D85-CDAD-4092-B88B-1A366F22D35F}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
"{6C42D92E-F444-4707-B89F-31B2C070199F}" = protocol=6 | dir=in | app=g:\prototype\prototypef.exe |
"{6DF403AD-FEFE-4E16-8A27-AEFA63EE3597}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{6DFA4B3C-C8DF-4795-B4E4-0FF83834F470}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6E2BA77F-2ABB-4CDC-8439-8273FB683675}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E82A1E9-40E7-427F-A89F-2EF4B807346D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6FAA6776-9396-452B-96DA-75AF92EFF6ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{707BCF10-3F31-4C4D-B18E-7B78A5360F40}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{70843D01-EA97-4887-84A6-0FBB6091C62C}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{73A0B0CF-B613-4AFF-AEAE-FDA1C41E15AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{76487F37-C5EA-4D37-9C5A-1A82C321026F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{768EA78A-31A6-43C9-B21A-EDA7BF56D969}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77ED8166-1C43-4A3E-87AF-DB74299D601D}" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
"{783A0CEF-0EFC-47E3-8470-277FB939F95D}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{79AAFD20-005D-41D4-8B62-61149257539B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A126844-1E73-47CD-9553-93B3247ECB1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A47807F-5EDB-4E42-A58A-0D689BB052FE}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\air\lolclient.exe |
"{7D4BFCD1-C169-4F62-87C8-0F553ED7C069}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7D7B1B8A-16A5-474D-A0DF-432BB6CCA962}" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
"{800D3C05-0076-42FC-BA1F-0A17930F12EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{80DE9B57-2829-4FD6-9A08-AF22934AC540}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{815D4E70-F5A8-43E9-9833-0F275BB88B66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{831F126E-2F7D-4185-A907-48EEA04F8EC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83520AF9-4600-4F39-A0FD-19351632E9C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{874BB165-1D2F-4406-9C10-1EA2FE2AF95A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87E15F7A-635B-4182-8FB5-004237363148}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{891500FC-B6B8-4BFF-A85F-03C6AFD70C97}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{8A721119-DB2E-4733-A17D-AA6F8FB89E72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C7DA87C-B304-4F1D-ACD1-57AA24D29363}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{8C9BC86B-BF77-40F5-8983-49CAA97AF2D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CAD0061-857C-4D9F-8A95-BCDC3FCCAF62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{903F639D-54C1-4197-ABA9-E3C34F108D49}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\game\league of legends.exe |
"{90E11320-F005-4A9B-8D89-785EF67FB2A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91A6B6E2-7E7F-4047-8E99-4F7332D13F97}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderservice.exe |
"{939D5230-B95D-4D39-937E-E3A145DD867B}" = protocol=6 | dir=in | app=g:\dragon age\bin_ship\daupdatersvc.service.exe |
"{9475EB59-39E0-48B4-92BF-5C8A43563DB8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95CF32D1-4EC0-4C34-B130-49DCFD19E201}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\air\lolclient.exe |
"{96061DAC-5E65-445F-AF5A-3710DCAFCDCD}" = protocol=6 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
"{970EF5BD-664E-4ABF-B0F3-A56A0950274B}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
"{97136127-41A5-4A09-A7BE-43A3DE9B8F37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9730C763-DEC5-44EC-9DC9-27DB6CFB54F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97B76278-FE71-4BCF-8BC9-89D09C0194C6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{99239D54-B108-4C8C-B6A0-8FF8EC2E8407}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9924CFF9-665A-4965-B71D-2C3B7087C01E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{99620F3C-E44B-4D28-A237-3FA32895B937}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{997E6A16-B104-478E-A8D4-AFFADA03C0BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9ADBB576-23BE-4835-BF81-CE490067E218}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FB81340-8B96-470E-A2D5-3E37066CBFE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0B940AE-4764-451C-9173-C499CA1C6D83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0CC0EB9-5E22-40B6-A1DF-1BC7D2C79CF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2A4AD9B-B349-4A66-BB4A-D4E976D5F0CD}" = protocol=17 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
"{A644A0B0-908B-48EF-994E-C31DCAEB1661}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A749FB88-8FE0-487C-A070-E78381F4B9A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A8B2AF3B-A327-42F9-91E7-24F299DA7E56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{A96D99E3-ECE9-40C6-B62C-87CA9D6C7212}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB40C43A-EF21-4B2B-971E-A3AC43D27A6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACE91938-2698-487C-A85C-4730B98F43D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE1AFF66-5CE0-4221-9371-34927FF3F22E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF1BA912-E61D-44DC-BEAA-94330FCC6379}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
"{AF663784-C3B2-4FEC-A79D-F4FD5DCA5E31}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.exe |
"{AFFE639B-BC1F-4DA7-8B3A-1CA9E30E30AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B12C038C-BEF2-404E-883A-D56CC45E571D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1A23E95-8794-4C38-99A5-FC64CB4743B8}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunderliveud.exe |
"{B24D0870-A929-459B-9363-34A1A751A068}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B28654A5-B0C5-4F84-BB8F-DD25451171DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B33806CA-8093-4432-95DF-72FECB20722C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B47BD741-CF03-45E2-969A-F2489D9E2DE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B503524A-E4E8-4C10-9B50-DDDAA34DBAA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B53D9F51-C942-41C7-A8A7-F245B62542F6}" = protocol=17 | dir=in | app=g:\league of legends\lol.launcher.exe |
"{B60B471D-5125-42B6-989E-4B459FE73648}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{B648DF27-A6AC-4D4F-9BD9-EEE78AC86A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
"{B72C20D7-D847-4BC8-B2A1-311F326D7D0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B745EE01-FE16-45CD-9BFF-105F94694C18}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{B751041A-E4D5-481D-A326-E129E27065D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B78EBFAB-A86A-4292-B377-DC753F617524}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7C31374-E3C7-4989-98E3-1AAB3A84309B}" = protocol=17 | dir=in | app=g:\dragon age\bin_ship\daupdatersvc.service.exe |
"{B81BC4C7-3242-4C89-8C0C-0A0E44B2BB51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8F1C8DC-F293-46BF-8C83-39E26ECD5DF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9E35F32-1CA8-48A3-89D1-6215420D3652}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BABDE41F-B08B-4579-9521-3654963AB9E8}" = protocol=6 | dir=in | app=g:\edeneternal\edeneternal\_launcher.exe |
"{BD1C9B45-3815-4AC5-AA5F-A9D48BF1EDD6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BD53E203-A66B-4AA2-A4D3-5D2C0BB5DBD1}" = protocol=6 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
"{BE4FF886-9A91-42C9-9BBF-3DB8D55D5A7E}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
"{BFD3FDB1-BF64-47B8-AA03-869CBBDCCEE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{C0505F09-922C-4B16-B7AE-A7BABE39034A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderliveud.exe |
"{C09CE9E5-2387-4F3E-918C-8A96489AC28D}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{C1C8DF05-7FF9-45DD-81B4-154B4E754CAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2C45B4A-F7BA-4374-A609-54644946BFFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C397F8F6-9B15-49B8-AF2B-4ECEF05CDF8F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{C55AC7F7-46F6-4426-8622-7E53DEF8ADDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6263AF7-923E-4CAB-A627-276EBF7AFE8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6E03618-3F8C-488F-A2B9-4AAC69B49612}" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
"{C836D8F2-83BD-44F7-8DFE-399C78230420}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C84636FC-92FD-4075-89DB-4BF5CE6C0378}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplite\pplite.exe |
"{C865D47B-225C-4BED-8E74-68A1503E2841}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C907C829-9CF8-49AF-83FB-8E1D6EA0CFDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{CC0ECB96-9695-4CA5-AFF4-437C69F9520F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CC224A7E-C086-4A1A-8C10-B75A3AA82FEC}" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
"{CC2D1826-6673-4241-BA6A-D49D4126D1B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CCCD9838-F15B-4E35-8599-6EED1043DC0A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CD8A429F-BD29-4E78-A2F5-E2A453467543}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CD8CCA31-F6C7-4D89-BB5A-9A1E6F7FA554}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CEAF641E-DB52-43EA-B0A2-63538CAA3585}" = protocol=6 | dir=in | app=g:\league of legends\game\league of legends.exe |
"{CF2894A4-CCB8-4A06-8A93-2790E921B3F2}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
"{CF546F82-45EB-4669-A1DF-BC2F00537BEA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D5AA8CD0-0207-4C0B-8D4E-065A6C50D237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D67A9A5E-9C28-4EF7-B7B9-147B3E3A99AB}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D6A6C5FB-9A81-4E27-87A9-F1EDA30683E6}" = protocol=6 | dir=in | app=g:\dragon age\bin_ship\daorigins.exe |
"{D7F01D08-2D31-45BC-A8B6-75FFDBE4EFD0}" = protocol=17 | dir=in | app=g:\dragon age\daoriginslauncher.exe |
"{D99331BC-A393-4F1D-A7E4-95CE21ACB288}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderliveud.exe |
"{DA3CCD40-5CEF-491A-A867-7690A2565B76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB10E114-2F21-4122-A825-FBCA08C42448}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF420268-81CD-4313-AE26-332CE4799CBB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DFF26402-74C7-40FC-BA92-2685C90B1F6B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{E01A98F8-557A-4087-9807-4D6FF27A0AB8}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
"{E1DBEDC4-C0B0-460E-B228-A70F0051EB32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4173D05-BF90-457B-8F6D-4414EEB55A19}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{E4DB3B15-52D7-4613-88BB-C84FC0EA1C61}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E4DCFDD6-61CE-464B-B87A-5609838D0BAE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E578B2B4-7201-4BC0-B1F5-2753108C8B51}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E59C72DA-ABD9-4456-B20B-22ECD3557730}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{E68B0E35-24BB-4EB7-BFDA-3064D2A1E174}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{E7C7B0C2-926D-435C-9B9D-106C7C995449}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7E49B7C-F4C4-46D7-A0D2-D4EE6D065C12}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E89D638F-087E-4866-89FA-8EE2AA3805BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 
"{EBB2130D-BD00-453E-9460-39F2E75A63C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECD7306B-382F-4F58-8DF0-8ECF6AADB4CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{ECE97503-5A09-4A0F-94C9-909AE654518C}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplite\pplite.exe |
"{EDF52A1A-DA9A-418B-8288-E28788AFCC48}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunderservice.exe |
"{EE34061F-F6C5-4AD3-8FBF-4408C9678EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{F08DE488-4BA5-4C77-B69C-F5E81DF01CAE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0941D05-5315-4DE2-AB6C-4CD23A6E46F3}" = protocol=6 | dir=in | app=g:\dragon age\daoriginslauncher.exe |
"{F29CBD8D-683D-4750-8BFB-E4273BCF8931}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2E126FC-5D82-4677-88F3-EEEED3A2A619}" = protocol=6 | dir=out | app=system |
"{F3CF8EAA-AA35-4E40-B012-372941FD2109}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F689466B-5DA7-4E1D-960C-1508508165B1}" = dir=in | app=c:\users\random mcgill guy\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F81F6738-B17C-4A22-9C1D-A72D8F281A9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F848C4DF-C151-451B-BE58-27B9EFC8B092}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunderliveud.exe |
"{F9EE4931-F289-4B34-83C7-D06A94B67748}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FAB4E6E8-21FA-4D4B-AA19-DE7797F81DD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{FB0924DE-1DA8-4C7F-A434-3211B47E8830}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FBBB9F8A-A2E6-488F-B180-4F1D1D2020CB}" = protocol=17 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
"{FC026FBE-AB2D-41C0-9C34-A2C49E1FA9DA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderservice.exe |
"{FC49C173-97AB-4A13-9296-5D307FFFFB11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FCC188A2-91C9-4E3E-9D69-0DD0C47633D9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FCFC1F1E-F167-4798-B903-29D0C5D8D4EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF590D76-E9EE-462A-B4C8-ADED8A867039}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{FFD5366E-B817-4826-8845-85EF2C8F8BF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0137D7AB-A36B-4FAC-8B4A-FA54F00A9A7D}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
"TCP Query User{048497E7-3FDD-49C6-8F6F-659FECB75365}C:\users\random mcgill guy\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\warcraft iii\war3.exe |
"TCP Query User{063ACE0F-D279-4A0B-9E92-162A1000C3B0}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{13AAE7E9-E864-4388-9179-8F74596A7D64}G:\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=g:\heroes of newerth\hon.exe |
"TCP Query User{15BDA631-028B-488B-B08B-F1B3E3ADCDF8}E:\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=e:\dragon age\bin_ship\daorigins.exe |
"TCP Query User{17FF642C-E17F-4FF6-BD86-29F218E6BE14}C:\program files (x86)\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imagej\jre\bin\javaw.exe |
"TCP Query User{1E8D100D-E428-4D02-A9FD-DCC27835C1C9}G:\pps.tv\ppstream\ppsap.exe" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
"TCP Query User{20ACBAB0-6728-4732-8DC2-8E9C5356E2D6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{20BFECD0-5CCA-4B74-9305-83E1B29AFD19}G:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=g:\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{285FBF07-4C31-405B-8552-46F4CB6FCFD6}C:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe |
"TCP Query User{2AB6F0FA-86AD-40FD-B948-F3F0746E90A1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{3FDBBD6E-A446-4BCD-BB66-9CCDC5FCE1CF}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{41D0C914-0782-4103-8046-A9938B9CADC2}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat |
"TCP Query User{444DA8E3-48CC-48B2-8946-ACE802475426}G:\dcoo cs1.6\cstrike.exe" = protocol=6 | dir=in | app=g:\dcoo cs1.6\cstrike.exe |
"TCP Query User{4BA4D6EC-8355-4F03-8B7A-9C49D0C8C407}C:\program files (x86)\funshion online\funshion\funshionservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
"TCP Query User{4BC035DE-72F4-47A3-BBDF-AE33BA9F7207}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{4CF80D15-A4D9-4C1E-A616-EF933CCDC2DB}G:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=g:\call of duty- modern warfare 3\iw5mp_server.exe |
"TCP Query User{519196CF-A40C-44DA-94C8-F5E81312BF01}C:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe |
"TCP Query User{56C551C9-2A0F-4F78-963E-32FA36436C76}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"TCP Query User{6965A731-D634-456E-9C5A-F5587061DA73}C:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe |
"TCP Query User{72107354-C2A4-465E-9A7A-9167FE1002A0}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{7CAAD3B4-CBE9-4213-9E91-2540814881FA}G:\valve\hl.exe" = protocol=6 | dir=in | app=g:\valve\hl.exe |
"TCP Query User{92410066-60AB-4255-9AAA-F964CD532D6D}C:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe |
"TCP Query User{93DEF92D-BFBF-4C41-8D6A-A40965F33C98}C:\program files (x86)\tudou\itudou\itudou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tudou\itudou\itudou.exe |
"TCP Query User{9B3A619D-4B9B-4F58-8552-206C0D4B7D9B}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{9F30F4B2-A2CD-4330-93F3-F7EF629568BB}G:\pps.tv\ppstream\ppstream.exe" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
"TCP Query User{A1B67CA8-A24E-4B4F-80EF-6917FE902481}G:\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=g:\heroes of newerth\hon.exe |
"TCP Query User{A4048B87-0A8A-4A87-9655-786689C5CD1E}C:\program files (x86)\kugou\kugou2011\kugoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kugou2011\kugoo.exe |
"TCP Query User{A4C5897D-8943-4251-8100-6196B28B2B49}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"TCP Query User{AADF4770-984F-4B8E-A679-2D2408A0B42A}C:\users\random mcgill guy\downloads\mw2mp\iw4m.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4m.exe |
"TCP Query User{AB606670-207F-4A58-91E6-23B01996BD9B}G:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=g:\global agenda\games\global agenda live\binaries\globalagenda.exe |
"TCP Query User{B194F867-9EB4-4A02-8439-41AC6F8EC2F3}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
"TCP Query User{B1B1DE33-006D-4160-A01D-A423167D0E92}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{BEB4F448-01C8-48FA-AA73-50493E026F3A}C:\program files (x86)\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"TCP Query User{C4DE71BD-D866-4471-AAD4-61049457B387}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe |
"TCP Query User{C60D7D12-B4E1-46D5-A135-4375502C54AC}C:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe |
"TCP Query User{CC1A89B9-E7E3-4289-8A04-E275ECACBF1C}C:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe |
"TCP Query User{CC1AF9C2-A05D-45A0-92C3-B321ADA4A97E}C:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe |
"TCP Query User{CE6D128D-7E86-4BFC-9CE0-7EB28B3DC23E}C:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe |
"TCP Query User{DC13A1CA-A566-458B-905A-7E067D79F32B}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{DC50FCB5-DCC6-4680-9E4E-21232A2CC0C9}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe |
"TCP Query User{DCBAE43F-BCB0-4BE2-B5A9-D6BBE24B5F7E}C:\program files (x86)\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
"TCP Query User{E0F86E5B-B609-4C4B-9573-BE9A73887A63}C:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe |
"TCP Query User{E3C8C304-8ACC-4EED-A4E6-08DA75BD8D0C}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{E545EF41-2466-4FD6-BBA0-A66E043F3D35}G:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe" = protocol=6 | dir=in | app=g:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe |
"TCP Query User{EF1F2774-C6CC-455C-9BE1-E0F84FAF021C}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"TCP Query User{F3DCDDE3-CF7D-4D76-889D-57DF7E47D57B}C:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F42AC6B0-349F-4BC7-A517-77E29E897F3B}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{FCB183A6-88BA-48DD-AABC-148B03B0C14D}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"UDP Query User{04FC0F9E-9D05-4938-B44F-F295FDEB9072}G:\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=g:\heroes of newerth\hon.exe |
"UDP Query User{0B5331A5-B596-4ECD-83E0-EDD48F70B4DD}C:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe |
"UDP Query User{0D73471D-AFEE-4B57-B750-6EE9C2A537A3}G:\pps.tv\ppstream\ppsap.exe" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
"UDP Query User{17A1A362-2A46-47EB-816F-FA5624C290D4}G:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe" = protocol=17 | dir=in | app=g:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe |
"UDP Query User{28CE71EB-592F-4BF1-BEFD-B1ED6C768977}C:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe |
"UDP Query User{2C9C5F54-A6FA-4B44-A725-D8A63977AC2A}G:\pps.tv\ppstream\ppstream.exe" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
"UDP Query User{348F67AF-EFE0-4D92-8E34-B55F5048B2A7}G:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=g:\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{3A7CF989-B816-47A1-8693-CFAA4652B9C0}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{40D08830-F17D-4919-9233-5D8CF1706177}G:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=g:\call of duty- modern warfare 3\iw5mp_server.exe |
"UDP Query User{52D15960-9A17-405B-B17C-E256402E85C9}C:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe |
"UDP Query User{5907614D-1902-4FF6-BAA8-C2A21A5D024A}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{5972B453-14E3-4E91-BF34-D4CADD2C5B01}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{5BAB316B-DADE-46F1-B7D2-B07026898959}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"UDP Query User{5CD06A35-DA37-4808-94C1-E34A98EF55D2}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{5F88D8F1-D5FE-4561-8E2A-DFDD3C2EA271}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{63445FAD-5B36-4157-9F1C-7627BCCDF884}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{65B01A3B-93A7-4763-AD11-B789E97A7F3F}G:\dcoo cs1.6\cstrike.exe" = protocol=17 | dir=in | app=g:\dcoo cs1.6\cstrike.exe |
"UDP Query User{65E31884-59C0-4E7A-9C1A-3DEFE6A34C6F}C:\program files (x86)\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imagej\jre\bin\javaw.exe |
"UDP Query User{666E8D0F-1D47-42D8-89FF-2B5586B0FA7B}C:\program files (x86)\kugou\kugou2011\kugoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kugou2011\kugoo.exe |
"UDP Query User{66971F03-EF8D-4D87-A1C5-94C3334A714E}C:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe |
"UDP Query User{6DB1E10C-28EC-4B5A-9FAB-DD3D87ECB6C4}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat |
"UDP Query User{7995ED1F-C0B6-4712-A894-1CE37C21BA8F}G:\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=g:\heroes of newerth\hon.exe |
"UDP Query User{7B4817A3-7F62-45BE-96CB-BA36EE860217}C:\users\random mcgill guy\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\warcraft iii\war3.exe |
"UDP Query User{7E9BDB45-B685-4BF9-9C83-97BC17475E0B}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
"UDP Query User{81215801-905F-42ED-A919-A0CD56F49525}C:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe |
"UDP Query User{8E9563EB-19C0-4709-AF1C-E8320E6950A3}C:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{97C8A210-7A79-4E37-B348-4D509F6F6E8E}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{9D70F229-641A-4BEB-AAB1-D04C910D2EB8}C:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe |
"UDP Query User{A163BE19-AE71-481A-85F4-4A8DCBE2A827}C:\users\random mcgill guy\downloads\mw2mp\iw4m.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4m.exe |
"UDP Query User{A636B141-AC08-49E1-B7C2-DD718A34D7B8}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"UDP Query User{B094AD32-B3C4-4017-8155-E4B25C4D4DCB}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe |
"UDP Query User{B571EFDA-B85C-41F2-8861-6543409116EE}C:\program files (x86)\funshion online\funshion\funshionservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
"UDP Query User{B9F576B8-7F8F-4608-968D-4CAB0077DB83}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
"UDP Query User{BE2FC89A-26E2-4206-920B-2F1AE037BE39}E:\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=e:\dragon age\bin_ship\daorigins.exe |
"UDP Query User{BEFEC920-BE15-4C28-A334-77C1312C744E}C:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe |
"UDP Query User{C1CF1C8D-F414-4B9E-9266-12E0BF889668}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"UDP Query User{CE2B7FD3-6E24-4F10-A303-CE4382633EE6}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"UDP Query User{D171F238-5B0B-459C-9155-928A7E07C864}C:\program files (x86)\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"UDP Query User{D7A73698-BCDB-46B6-AF27-52CC789F0E8C}G:\valve\hl.exe" = protocol=17 | dir=in | app=g:\valve\hl.exe |
"UDP Query User{DB21782A-A798-4580-BD9C-2DB485B173AB}C:\program files (x86)\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
"UDP Query User{E067ED7A-501E-427F-AA0C-3709310A43A6}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{E10522C1-5413-48BB-9347-6650AD04B834}C:\program files (x86)\tudou\itudou\itudou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tudou\itudou\itudou.exe |
"UDP Query User{E50B8D76-3B3F-4078-A914-7D42BB37A3BC}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe |
"UDP Query User{E6839D4C-163C-4C0E-9CC6-8BCEDB25F342}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{ED90C2F8-E6DC-4622-8B91-CB35116EA582}G:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=g:\global agenda\games\global agenda live\binaries\globalagenda.exe |
"UDP Query User{F3D6A7B5-D869-4CDC-BCF9-47C07045BF54}C:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe |
"UDP Query User{F58BB703-3E0E-4231-9CE2-32D84542293A}C:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe |
"UDP Query User{F7EC97F6-F358-4A8D-AA3F-231D9A87E3A3}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe |
"UDP Query User{F91FF43A-68A6-4076-B88F-57E2BC14B72A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57019733-78E6-43DE-8E6D-55349F0FDE6F}" = inSSIDer 2.0
"{5F352F3C-160B-713A-A031-18293EC4CA5A}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{78E9970B-4395-61A6-B912-1CC406174773}" = AMD Catalyst Install Manager
"{7A80B61A-72A1-7800-C4B0-855F056243DA}" = ccc-utility64
"{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F12D74-C53F-6276-73CB-851E73482270}" = AMD Drag and Drop Transcoding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C4171DD9-EED6-2613-312A-FC8E168E7C3B}" = AMD Accelerated Video Transcoding
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"GooglePinyin2" = 谷歌拼音输入法 2.3
"HitmanPro36" = HitmanPro 3.6
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer)
"WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03C8F224-5374-423D-BA14-270610258E83}_is1" = 搜狐影音2.5.0.3
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard
"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish
"{0DF82C0A-38A7-4213-B3D7-9E7179F80065}" = calibre
"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FBCF6E4-1F1A-4729-940F-A354CC84A770}" = Mobile Mouse Server
"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13AD1AFE-F06F-1C29-2D32-B4F60EBFC000}" = HydraVision
"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2221720D-8004-CAEE-2520-D880E7601366}" = Catalyst Control Center Profiles Mobile
"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish
"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean
"{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French
"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5402C39-C1C1-48F6-99C2-36C7937EE7EB}" = CambridgeSoft ChemOffice Ultra 2010
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"AMD GPU Clock Tool" = AMD GPU Clock Tool
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"BaiduPlayer" = 百度影音1.0.23.105
"DcOo CS1.6_is1" = DcOo CS1.6
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.1.7
"Foxit Reader_is1" = Foxit Reader 5.0
"Game Booster_is1" = Game Booster 3
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guild Wars" = Guild Wars
"hon" = Heroes of Newerth
"Identity Card" = Identity Card
"iku2.1" = iKu 2
"ImageJ_is1" = ImageJ 1.45s
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Monkey's Audio_is1" = Monkey's Audio
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"PPLite" = PPLite 1.0.0.0090
"PPStream" = PPS影音 V2.7.0.1345 正式版
"pywin32-py2.5" = Python 2.5 pywin32-210
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"StarCraft II" = StarCraft II
"Steam App 24980" = Mass Effect 2
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"Trojan Remover_is1" = Trojan Remover 6.8.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"彩云游戏浏览器" = 彩云游戏浏览器 3.80
"数据银行Beta" = 数据银行
"迅雷" = 迅雷
"酷狗音乐2012_is1" = 酷狗音乐2012 版本 7.1.60.15288

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"YY4" = YY4

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Uninstall Trojan Remover, rather shady application.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O18 - Protocol\Handler\ms-help - No CLSID value found
    [2012/04/15 08:24:39 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [2012/04/07 09:32:43 | 000,000,256 | ---- | M] () -- C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
=======================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
C:\Windows\SysNative\dds_trash_log.cmd moved successfully.
C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048 moved successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Random McGill Guy
->Temp folder emptied: 22350448 bytes
->Temporary Internet Files folder emptied: 145270508 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 20911568 bytes
->Flash cache emptied: 59824 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42097815 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 7144398835 bytes

Total Files Cleaned = 7,034.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Random McGill Guy
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Random McGill Guy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.42.1 log created on 04272012_124729
Files\Folders moved on Reboot...
C:\Users\Random McGill Guy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\msdtadmin\_FE07642D-8F2A-42E3-83BD-A0852339D162_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_F85BAC97-EB3D-4FA5-BA7D-77DEB4702621_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_F7B3F1EE-A189-4BC7-8339-3B65A1E07E11_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_F09569E4-A36F-41F2-9306-74C98A250602_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_E6DFF15A-6BCC-4BFC-873E-D2F15BFF58B0_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_E64D89A2-8BAF-456E-82BA-DB97482BD8B2_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_DE5E003A-875C-485F-B954-A51644772645_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_DD9765F0-CA36-41B9-A341-E56FC6B6B7A7_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_D1FEDE29-6ED0-4FFF-94DF-D37A31F64088_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_CE7A95A9-45EE-4CE1-AB6E-D49B6255334C_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_C42686F8-649C-4BCC-978F-6BA8EBA54384_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_BB55C4E2-E11C-4141-86AC-0CDEE78B4D22_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_AE8086BE-706C-4864-8638-7876E1EDAEB2_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_A9995D07-3E14-4D1C-BF00-8BC9DE535C7E_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_A334FD8B-DFF9-4E0A-B522-2352FFD418A6_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_9A38DECF-7422-4A8B-B276-BB8F16313AB8_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_99BE5205-07BD-4B34-A248-FEF32D9D84CF_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_9613ECC7-B06F-4056-BC06-814C88E5B50F_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_94A31B26-62EA-4CAB-A71B-80EEA24882C2_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_93211D64-AB0C-4534-85C5-F9912E7E372E_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_8F39508B-7C2B-4DC6-8FF8-22B4D0950DA2_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_8BD32CD8-4163-41B7-ACFD-47E3D5AC1EE6_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_895C600E-9782-4F64-B955-7FA9DE915F2F_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_89160E6A-1D29-4E35-BA02-44E9321C0941_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_7F70A2C2-86E0-4DAC-A0E8-1A633D612819_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_7AF7340D-311C-41DE-AD9A-232CFC3A8BA1_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_7951D23F-76C0-4531-8AE3-3C06EF8DE9B6_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_78F45E47-344A-4000-ACD6-2A5490DAA920_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_76F030ED-2ACD-4D9C-97F0-127E5DDE057E_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_76925993-09F4-48AE-A1C3-14ED9F024129_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_72662A5F-6E55-4749-8EB9-3AE9AA00D64D_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_6919B919-91E5-43B3-8D69-299F1A879DB6_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_682F3754-F8A4-4108-A474-717335958ABB_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_5C94BC19-F85D-4782-97B9-530B0950B07E_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_5A79A674-45B2-45DB-A7AF-DF02483431F6_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_595476D9-84D2-48CB-B823-4F42E62B5B66_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_48C15A06-FAFE-4D28-83FB-D583BCD21DCE_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_461BF0AE-9220-4A86-A44D-9E7E8ABF9EF9_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_43EF46F8-376F-4C07-800A-F4BE04B8BACA_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_3E1D4EF5-8E82-4D55-ACB4-9831A604CD73_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_3D04FFEA-ADF1-4E02-BF69-5B50F3067FA4_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_376112DB-8A12-46E7-AE6F-786FD53B6891_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_2476C29E-437D-4A7F-A240-A5F537389FBA_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_1CF98980-D914-4523-A026-4E252F63B527_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_1BCCF5C4-BBE0-4D6C-929F-47C623BDA7B4_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_146ECFFB-5406-4C01-97ED-1536E6A94DB5_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_1184B168-C53A-499F-85A7-776D970699A3_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_10A1DD0C-A024-4951-AA95-BE1031460F45_\inuse moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back