TechSpot

Need help on a Google redirect virus

By Rudy1
Apr 26, 2012
  1. Hi,

    I have gotten a google redirect virus a week ago and i ve been trying to fix it with no avail. Its affecting both my IE and Chrome, and I ve tried several wares to fix this,

    here are the logs, hopefully someone can lend a helping hand :)
    UPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/26/2012 at 04:56 PM

    Application Version : 5.0.1148

    Core Rules Database Version : 8519
    Trace Rules Database Version: 6331

    Scan type : Quick Scan
    Total Scan Time : 00:06:55

    Operating System Information
    Windows 7 Home Premium 64-bit (Build 6.01.7600)
    UAC Off - Administrator

    Memory items scanned : 632
    Memory threats detected : 0
    Registry items scanned : 55200
    Registry threats detected : 16
    File items scanned : 11280
    File threats detected : 43

    Trojan.Agent/Gen-Sino[TAO]
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}#AppID
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\InprocServer32
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\InprocServer32#ThreadingModel
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\ProgID
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\Programmable
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\TypeLib
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\VersionIndependentProgID
    (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}
    (x86) HKCR\CLSID\{01443AEC-0FD1-40fd-9C87-E93D1494C233}
    (x86) HKCR\XLF24.ThunderAtOnce.1
    (x86) HKCR\XLF24.ThunderAtOnce
    (x86) HKCR\TypeLib\{A3187009-B303-458C-9F01-0DAF932ECA17}
    C:\PROGRAM FILES (X86)\THUNDER\COMDLLS\TDMEDIADETECTOR5.9.26.1538.DLL
    (x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
    (x86) HKU\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
    (x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}

    Adware.Tracking Cookie
    C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Cookies\ZQJZO9I2.txt [ /atdmt.com ]
    C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Cookies\2R7HKQZF.txt [ /microsoftinternetexplorer.112.2o7.net ]
    C:\USERS\RANDOM MCGILL GUY\Cookies\ZQJZO9I2.txt [ Cookie:random mcgill guy@atdmt.com/ ]
    accounts.google.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    click.expandsearchanswers.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    wstat.wibiya.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bridge2.admarketplace.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .admarketplace.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.reservationcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bravenet.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nakedcomms.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nakedcomms.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nakedcomms.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.iad.liveperson.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kaspersky.122.2o7.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lstat.youku.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    a.visualrevenue.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s10.flagcounter.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    click.findsearchengineresults.com [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickbank.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickbank.net [ C:\USERS\RANDOM MCGILL GUY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
     
  2. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    ComboFix 12-04-26.01 - Random McGill Guy 26/04/2012 18:00:42.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.2415 [GMT -4:00]
    执行位置: c:\users\Random McGill Guy\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * 成功创造新还原点
    .
    Error: Cfiles.dat
    .
    ((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\eqvpbaa.tmp
    c:\programdata\szlfbaa.tmp
    c:\programdata\whnsbaa.tmp
    c:\programdata\xhnsbaa.tmp
    .
    .
    ((((((((((((((((((((((((( 2012-03-26 至 2012-04-26 的新的档案 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-26 22:10 . 2012-04-26 22:10--------d-----w-c:\users\Default\AppData\Local\temp
    2012-04-26 22:02 . 2012-04-26 22:0269000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\offreg.dll
    2012-04-26 21:43 . 2012-04-26 21:43--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-26 21:43 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\program files\SUPERAntiSpyware
    2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\programdata\SUPERAntiSpyware.com
    2012-04-26 06:20 . 2012-04-26 06:20--------d-----w-C:\TDSSKiller_Quarantine
    2012-04-26 06:05 . 2012-04-26 21:53--------d-----w-C:\MGtools
    2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\program files\HitmanPro
    2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\programdata\HitmanPro
    2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
    2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\programdata\Spybot - Search & Destroy
    2012-04-25 15:05 . 2012-04-25 23:42--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\vlc
    2012-04-24 23:19 . 2012-04-24 23:19--------d-----w-c:\users\Random McGill Guy\AppData\Local\WindowsApplication1
    2012-04-24 17:00 . 2012-04-13 08:468917360----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
    2012-04-22 01:44 . 2012-04-22 01:45--------d-----w-c:\programdata\Battle.net
    2012-04-20 15:07 . 2012-04-20 15:07--------d-----w-c:\programdata\IObit
    2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Malwarebytes
    2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\programdata\Malwarebytes
    2012-04-16 05:44 . 2012-04-16 05:44--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\IObit
    2012-04-16 05:44 . 2012-04-20 15:07--------d-----w-c:\program files (x86)\IObit
    2012-04-16 05:35 . 2011-04-05 21:3560504----a-w-c:\windows\system32\drivers\sbhips.sys
    2012-04-16 05:35 . 2011-04-05 21:3594296----a-w-c:\windows\system32\drivers\sbtis.sys
    2012-04-16 05:35 . 2011-04-05 21:35253528----a-w-c:\windows\system32\drivers\SbFw.sys
    2012-04-16 05:35 . 2011-02-08 13:1484568----a-w-c:\windows\system32\drivers\SbFwIm.sys
    2012-04-15 12:24 . 2012-04-15 12:24418464----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-14 00:00 . 2012-04-26 20:16--------d-----w-c:\program files (x86)\Ludashi
    2012-04-13 22:51 . 2012-04-13 22:51--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\360mobilemgr
    2012-04-13 22:43 . 2012-04-13 23:59--------d-----w-c:\programdata\360safe
    2012-04-13 22:40 . 2011-08-31 10:1819800----a-w-c:\windows\system32\drivers\efimon.sys
    2012-04-13 22:40 . 2012-04-13 22:40--------d-----w-c:\program files (x86)\360
    2012-04-13 22:39 . 2012-04-14 03:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\360inst
    2012-04-13 20:17 . 2012-04-15 12:240--sha-w-c:\windows\system32\dds_trash_log.cmd
    2012-04-13 17:45 . 2012-04-13 17:45--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Caiyun
    2012-04-13 17:44 . 2012-04-13 21:18--------d-----w-c:\program files (x86)\彩云游戏浏览器
    2012-04-12 20:13 . 2012-04-22 06:28--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\KuGou7
    2012-04-12 20:13 . 2012-04-12 20:13--------d-----w-c:\program files (x86)\KuGou2012
    2012-04-12 06:46 . 2012-04-13 17:45--------d-----w-C:\TGGAME
    2012-04-12 04:18 . 2012-04-12 04:18--------d-----w-c:\users\Random McGill Guy\AppData\Local\Mozilla
    2012-04-12 04:01 . 2012-02-28 06:422382848----a-w-c:\windows\system32\mshtml.tlb
    2012-04-12 04:01 . 2012-02-28 01:032382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-04-12 04:01 . 2012-02-28 01:58141112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
    2012-04-12 04:01 . 2012-02-28 07:37174392----a-w-c:\program files\Internet Explorer\sqmapi.dll
    2012-04-12 04:01 . 2012-02-28 06:47304640----a-w-c:\program files\Internet Explorer\IEShims.dll
    2012-04-12 04:01 . 2012-02-28 06:562311168----a-w-c:\windows\system32\jscript9.dll
    2012-04-12 04:01 . 2012-02-28 01:08194048----a-w-c:\program files (x86)\Internet Explorer\IEShims.dll
    2012-04-12 03:59 . 2012-03-06 06:435504880----a-w-c:\windows\system32\ntoskrnl.exe
    2012-04-12 03:59 . 2012-03-06 05:593958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-12 03:59 . 2012-03-06 05:593902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-04-12 03:55 . 2012-03-01 06:5422896----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 03:55 . 2012-03-01 06:4080896----a-w-c:\windows\system32\imagehlp.dll
    2012-04-12 03:55 . 2012-03-01 05:45158720----a-w-c:\windows\SysWow64\imagehlp.dll
    2012-04-12 03:55 . 2012-03-01 06:45220672----a-w-c:\windows\system32\wintrust.dll
    2012-04-12 03:55 . 2012-03-01 06:355120----a-w-c:\windows\system32\wmi.dll
    2012-04-12 03:55 . 2012-03-01 05:49172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-04-12 03:55 . 2012-03-01 05:405120----a-w-c:\windows\SysWow64\wmi.dll
    2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
    2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
    2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
    2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
    2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
    2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Common Files\Tencent
    2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Tencent
    2012-04-09 01:06 . 2012-04-09 01:07--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Tencent
    2012-04-09 01:06 . 2012-04-09 01:0618760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
    2012-04-08 00:21 . 2012-04-08 00:22--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\GRETECH
    2012-04-08 00:21 . 2012-04-08 00:27--------d-----w-c:\program files (x86)\GRETECH
    2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\Common Files\duowan
    2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\duowan
    2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\duowan
    2012-03-31 17:05 . 2012-03-31 17:05--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Unity
    2012-03-31 16:54 . 2012-03-31 16:54--------d-----w-c:\users\Random McGill Guy\AppData\Local\Unity
    2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\ATI
    2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Local\ATI
    2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\programdata\ATI
    2012-03-29 05:00 . 2012-03-29 05:000----a-w-c:\windows\ativpsrm.bin
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD AVT
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD APP
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files\Common Files\ATI Technologies
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\Common Files\ATI Technologies
    2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files (x86)\ATI Technologies
    2012-03-29 04:54 . 2012-03-29 04:58--------d-----w-c:\program files\ATI Technologies
    2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files\ATI
    2012-03-29 04:52 . 2012-02-15 08:13496128----a-w-c:\windows\system32\atieclxx.exe
    2012-03-29 03:06 . 2012-02-15 07:1658880----a-w-c:\windows\system32\coinst.dll
    2012-03-29 03:01 . 2012-03-29 03:01--------d-----w-c:\users\Random McGill Guy\AppData\Local\Leshcat & Co
    2012-03-29 01:26 . 2012-03-29 01:42--------d-----w-c:\program files (x86)\ImageJ
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-26 06:05 . 2012-04-26 06:0533660----a-w-C:\MGlogs.zip
    2012-04-15 12:24 . 2011-11-07 22:5570304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-29 01:30 . 2009-07-14 02:36152064----a-w-c:\windows\SysWow64\msclmd.dll
    2012-03-29 01:30 . 2009-07-14 02:36175104----a-w-c:\windows\system32\msclmd.dll
    2012-03-22 19:12 . 2012-03-22 19:124435968----a-w-c:\windows\SysWow64\GPhotos.scr
    2012-02-23 14:18 . 2010-12-21 09:07279656------w-c:\windows\system32\MpSigStub.exe
    2012-02-15 06:27 . 2012-03-14 08:441031680----a-w-c:\windows\system32\rdpcore.dll
    2012-02-15 05:44 . 2012-03-14 08:44826368----a-w-c:\windows\SysWow64\rdpcore.dll
    2012-02-15 04:47 . 2012-03-14 08:44204800----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-02-15 04:46 . 2012-03-14 08:4423552----a-w-c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 02:05 . 2012-02-15 02:0569632----a-w-c:\windows\system32\OpenVideo64.dll
    2012-02-15 02:05 . 2012-02-15 02:0559904----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-02-15 02:05 . 2012-02-15 02:0561952----a-w-c:\windows\system32\OVDecode64.dll
    2012-02-15 02:05 . 2012-02-15 02:0554784----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-02-15 02:05 . 2012-02-15 02:0516507904----a-w-c:\windows\system32\amdocl64.dll
    2012-02-15 02:04 . 2012-02-15 02:0413238272----a-w-c:\windows\SysWow64\amdocl.dll
    2012-02-15 02:03 . 2012-02-15 02:0354272----a-w-c:\windows\system32\OpenCL.dll
    2012-02-15 02:03 . 2012-02-15 02:0348128----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-02-10 10:08 . 2012-03-20 23:26279840----a-w-c:\windows\system32\ikutm.dll
    2012-02-10 06:24 . 2012-03-14 16:551544192----a-w-c:\windows\system32\DWrite.dll
    2012-02-10 06:23 . 2012-03-14 16:551837568----a-w-c:\windows\system32\d3d10warp.dll
    2012-02-10 06:23 . 2012-03-14 16:55902656----a-w-c:\windows\system32\d2d1.dll
    2012-02-10 06:23 . 2012-03-14 16:55320512----a-w-c:\windows\system32\d3d10_1core.dll
    2012-02-10 06:23 . 2012-03-14 16:55197120----a-w-c:\windows\system32\d3d10_1.dll
    2012-02-10 05:35 . 2012-03-14 16:551077248----a-w-c:\windows\SysWow64\DWrite.dll
    2012-02-10 05:35 . 2012-03-14 16:55218624----a-w-c:\windows\SysWow64\d3d10_1core.dll
    2012-02-10 05:35 . 2012-03-14 16:551170944----a-w-c:\windows\SysWow64\d3d10warp.dll
    2012-02-10 05:35 . 2012-03-14 16:55739840----a-w-c:\windows\SysWow64\d2d1.dll
    2012-02-10 05:35 . 2012-03-14 16:55161792----a-w-c:\windows\SysWow64\d3d10_1.dll
    2012-02-03 04:16 . 2012-03-14 16:553143168----a-w-c:\windows\system32\win32k.sys
    2012-01-31 10:02 . 2012-01-31 10:0221504----a-w-c:\windows\system32\kdbsdk64.dll
    2012-01-31 10:00 . 2012-01-31 10:0016896----a-w-c:\windows\SysWow64\kdbsdk32.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\user32.dll
    [-] 2009-07-14 . 738ABEE48BAF965B161A7A3E75EB444D . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白与合法缺省登录将不会被显示
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    quietHDD - Shortcut.lnk - c:\users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe [2010-12-24 61440]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime FileREG_SZ GOOGLEPINYIN2.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-26 325200]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-03 820768]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    AkamaiREG_MULTI_SZ Akamai
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_NotSynced]
    @="{87B33B34-0E92-4821-B787-9DF83BDC3BEA}"
    [HKEY_CLASSES_ROOT\CLSID\{87B33B34-0E92-4821-B787-9DF83BDC3BEA}]
    2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Synced]
    @="{78C3446F-4276-4AC1-B17F-F580836D7AD6}"
    [HKEY_CLASSES_ROOT\CLSID\{78C3446F-4276-4AC1-B17F-F580836D7AD6}]
    2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Syncing]
    @="{E427F712-D68E-4BE6-886F-B088037A87CB}"
    [HKEY_CLASSES_ROOT\CLSID\{E427F712-D68E-4BE6-886F-B088037A87CB}]
    2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-03 496160]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
    .
    ------- 而外的扫描 -------
    .
    uStart Page = hxxp://www.google.ca/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: 使用迅雷下载 - c:\program files (x86)\Thunder\Program\GetUrl.htm
    IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder\Program\GetAllUrl.htm
    LSP: c:\program files (x86)\YouKu\common\ikutm.dll
    TCP: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
    Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
    .
    .
    ------- 文件类型 -------
    .
    txtfile=c:\windows\notepad.exe %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
    c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
    04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
    "{01443AEC-0FD1-40FD-9C87-E93D1494C233}"=hex:51,66,7a,6c,4c,1d,38,12,82,39,57,
    05,e3,41,93,05,e3,91,aa,7d,11,ca,86,27
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
    5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:d1,52,53,04,f3,22,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.eml.14"
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf.14"
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "慤慴"=hex:47,b5,77,c6,35,85,e5,ba,81,8b,d8,e4,3c,48,33,d0,d8,1b,06,34,1b,dd,
    63,cc,0e,f7,95,84,82,51,4e,61,17,69,bc,94,67,8d,73,c9,51,0b,b0,5e,19,00,c2,\
    "歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a3,b1,07,fa,28,8f,9a,55,c6,6b,ce,3f,9b,9e,6a,c2,50,38,6c,28,92,
    b0,62,83,d3,9e,9a,8a,85,2d,9d,9e,80,3a,6e,29,15,93,3f,ed,ff,55,59,cb,fe,7d,\
    "rkeysecu"=hex:eb,3f,2e,50,0b,a5,eb,8b,44,7b,20,03,d6,14,a8,b6
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
    "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
    12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
    "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
    12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
    "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
    12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    完成时间: 2012-04-26 18:12:48
    ComboFix-quarantined-files.txt 2012-04-26 22:12
    ComboFix2.txt 2012-04-16 06:27
    .
    Pre-Run: 53,691,072,512 bytes free
    Post-Run: 53,618,073,600 bytes free
    .
    - - End Of File - - 864B4A4C1B86BA6708CC02F497959572
     
  3. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    [HJT log removed by Broni]
     
  4. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    18:35:15.0555 2484TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
    18:35:15.0867 2484============================================================
    18:35:15.0867 2484Current date / time: 2012/04/26 18:35:15.0867
    18:35:15.0867 2484SystemInfo:
    18:35:15.0867 2484
    18:35:15.0867 2484OS Version: 6.1.7600 ServicePack: 0.0
    18:35:15.0867 2484Product type: Workstation
    18:35:15.0867 2484ComputerName: RANDOMMCGILLGUY
    18:35:15.0867 2484UserName: Random McGill Guy
    18:35:15.0867 2484Windows directory: C:\Windows
    18:35:15.0867 2484System windows directory: C:\Windows
    18:35:15.0867 2484Running under WOW64
    18:35:15.0867 2484Processor architecture: Intel x64
    18:35:15.0867 2484Number of processors: 4
    18:35:15.0867 2484Page size: 0x1000
    18:35:15.0867 2484Boot type: Normal boot
    18:35:15.0867 2484============================================================
    18:35:16.0257 2484Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:35:16.0257 2484============================================================
    18:35:16.0257 2484\Device\Harddisk0\DR0:
    18:35:16.0257 2484MBR partitions:
    18:35:16.0257 2484\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
    18:35:16.0257 2484\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x1D230830
    18:35:16.0288 2484\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EBC8000, BlocksNum 0xC350000
    18:35:16.0303 2484\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AF18800, BlocksNum 0xF46D000
    18:35:16.0303 2484============================================================
    18:35:16.0350 2484C: <-> \Device\Harddisk0\DR0\Partition1
    18:35:16.0413 2484G: <-> \Device\Harddisk0\DR0\Partition3
    18:35:16.0444 2484S: <-> \Device\Harddisk0\DR0\Partition2
    18:35:16.0444 2484============================================================
    18:35:16.0444 2484Initialize success
    18:35:16.0444 2484============================================================
    18:35:17.0801 2348============================================================
    18:35:17.0801 2348Scan started
    18:35:17.0801 2348Mode: Manual;
    18:35:17.0801 2348============================================================
    18:35:18.0690 2348!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    18:35:18.0690 2348!SASCORE - ok
    18:35:18.0877 23481394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
    18:35:18.0877 23481394ohci - ok
    18:35:18.0955 2348ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
    18:35:18.0955 2348ACPI - ok
    18:35:19.0002 2348AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
    18:35:19.0002 2348AcpiPmi - ok
    18:35:19.0236 2348AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:35:19.0236 2348AdobeFlashPlayerUpdateSvc - ok
    18:35:19.0314 2348adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:35:19.0330 2348adp94xx - ok
    18:35:19.0392 2348adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:35:19.0392 2348adpahci - ok
    18:35:19.0439 2348adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:35:19.0439 2348adpu320 - ok
    18:35:19.0501 2348AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:35:19.0501 2348AeLookupSvc - ok
    18:35:19.0595 2348AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    18:35:19.0595 2348AFD - ok
    18:35:19.0673 2348agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:35:19.0673 2348agp440 - ok
    18:35:19.0969 2348Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
    18:35:19.0969 2348Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
    18:35:19.0969 2348Akamai ( HiddenFile.Multi.Generic ) - warning
    18:35:19.0969 2348Akamai - detected HiddenFile.Multi.Generic (1)
    18:35:20.0110 2348ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:35:20.0110 2348ALG - ok
    18:35:20.0203 2348aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:35:20.0203 2348aliide - ok
    18:35:20.0281 2348AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
    18:35:20.0281 2348AMD External Events Utility - ok
    18:35:20.0359 2348amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:35:20.0359 2348amdide - ok
    18:35:20.0406 2348AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:35:20.0406 2348AmdK8 - ok
    18:35:20.0983 2348amdkmdag (0d6feb25d280b428a9e4085b4abd9d58) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:35:21.0030 2348amdkmdag - ok
    18:35:21.0233 2348amdkmdap (337d7877710463c0f6f0cce3d560ffbf) C:\Windows\system32\DRIVERS\atikmpag.sys
    18:35:21.0233 2348amdkmdap - ok
    18:35:21.0280 2348AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:35:21.0280 2348AmdPPM - ok
    18:35:21.0327 2348amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    18:35:21.0327 2348amdsata - ok
    18:35:21.0389 2348amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:35:21.0389 2348amdsbs - ok
    18:35:21.0451 2348AmdTools64 (deda72a4ab5416ad0a09faecfa6056c2) C:\Windows\system32\DRIVERS\AmdTools64.sys
    18:35:21.0451 2348AmdTools64 - ok
    18:35:21.0467 2348amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    18:35:21.0467 2348amdxata - ok
    18:35:21.0529 2348AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
    18:35:21.0529 2348AmUStor - ok
    18:35:21.0592 2348androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
    18:35:21.0592 2348androidusb - ok
    18:35:21.0685 2348ApfiltrService (6f9ef180bb9cec92d3e8ec9163748de5) C:\Windows\system32\DRIVERS\Apfiltr.sys
    18:35:21.0685 2348ApfiltrService - ok
    18:35:21.0748 2348AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    18:35:21.0748 2348AppID - ok
    18:35:21.0779 2348AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:35:21.0779 2348AppIDSvc - ok
    18:35:21.0826 2348Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    18:35:21.0826 2348Appinfo - ok
    18:35:21.0951 2348Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:35:21.0951 2348Apple Mobile Device - ok
    18:35:22.0044 2348arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:35:22.0044 2348arc - ok
    18:35:22.0060 2348arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:35:22.0060 2348arcsas - ok
    18:35:22.0107 2348AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:35:22.0107 2348AsyncMac - ok
    18:35:22.0153 2348atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:35:22.0153 2348atapi - ok
    18:35:22.0434 2348athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
    18:35:22.0434 2348athr - ok
    18:35:22.0621 2348AtiHDAudioService - ok
    18:35:22.0637 2348AtiHdmiService - ok
    18:35:22.0731 2348atillk64 - ok
    18:35:22.0824 2348AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    18:35:22.0840 2348AudioEndpointBuilder - ok
    18:35:22.0840 2348AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    18:35:22.0840 2348AudioSrv - ok
    18:35:22.0887 2348AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    18:35:22.0887 2348AxInstSV - ok
    18:35:22.0980 2348b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:35:22.0980 2348b06bdrv - ok
    18:35:23.0058 2348b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:35:23.0074 2348b57nd60a - ok
    18:35:23.0214 2348BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    18:35:23.0230 2348BCM43XX - ok
    18:35:23.0355 2348BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:35:23.0355 2348BDESVC - ok
    18:35:23.0464 2348Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:35:23.0464 2348Beep - ok
    18:35:23.0589 2348BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    18:35:23.0589 2348BFE - ok
    18:35:23.0682 2348BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
    18:35:23.0698 2348BITS - ok
    18:35:23.0776 2348blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:35:23.0776 2348blbdrive - ok
    18:35:23.0901 2348Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    18:35:23.0901 2348Bonjour Service - ok
    18:35:23.0963 2348bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    18:35:23.0963 2348bowser - ok
    18:35:23.0994 2348BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:35:23.0994 2348BrFiltLo - ok
    18:35:24.0010 2348BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:35:24.0010 2348BrFiltUp - ok
    18:35:24.0057 2348BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    18:35:24.0057 2348BridgeMP - ok
    18:35:24.0135 2348Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    18:35:24.0135 2348Browser - ok
    18:35:24.0166 2348Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:35:24.0181 2348Brserid - ok
    18:35:24.0213 2348BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:35:24.0213 2348BrSerWdm - ok
    18:35:24.0228 2348BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:35:24.0228 2348BrUsbMdm - ok
    18:35:24.0228 2348BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:35:24.0228 2348BrUsbSer - ok
    18:35:24.0306 2348BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    18:35:24.0306 2348BthEnum - ok
    18:35:24.0337 2348BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:35:24.0337 2348BTHMODEM - ok
    18:35:24.0369 2348BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    18:35:24.0369 2348BthPan - ok
    18:35:24.0478 2348BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
    18:35:24.0478 2348BTHPORT - ok
    18:35:24.0525 2348bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:35:24.0525 2348bthserv - ok
    18:35:24.0571 2348BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
    18:35:24.0571 2348BTHUSB - ok
    18:35:24.0618 2348catchme - ok
    18:35:24.0681 2348cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:35:24.0681 2348cdfs - ok
    18:35:24.0743 2348cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
    18:35:24.0759 2348cdrom - ok
    18:35:24.0805 2348CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    18:35:24.0805 2348CertPropSvc - ok
    18:35:24.0852 2348circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:35:24.0852 2348circlass - ok
    18:35:24.0899 2348CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:35:24.0915 2348CLFS - ok
    18:35:25.0008 2348clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:35:25.0008 2348clr_optimization_v2.0.50727_32 - ok
    18:35:25.0071 2348clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:35:25.0071 2348clr_optimization_v2.0.50727_64 - ok
    18:35:25.0180 2348clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:35:25.0180 2348clr_optimization_v4.0.30319_32 - ok
    18:35:25.0227 2348clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:35:25.0227 2348clr_optimization_v4.0.30319_64 - ok
    18:35:25.0289 2348CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:35:25.0289 2348CmBatt - ok
    18:35:25.0320 2348cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:35:25.0320 2348cmdide - ok
    18:35:25.0383 2348CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    18:35:25.0383 2348CNG - ok
    18:35:25.0445 2348Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:35:25.0445 2348Compbatt - ok
    18:35:25.0507 2348CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
    18:35:25.0507 2348CompositeBus - ok
    18:35:25.0523 2348COMSysApp - ok
    18:35:25.0554 2348crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:35:25.0554 2348crcdisk - ok
    18:35:25.0601 2348CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    18:35:25.0601 2348CryptSvc - ok
    18:35:25.0679 2348dc3d (a5d3d53178394cc7a8a26bb532575b59) C:\Windows\system32\DRIVERS\dc3d.sys
    18:35:25.0679 2348dc3d - ok
    18:35:25.0757 2348DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    18:35:25.0757 2348DcomLaunch - ok
    18:35:25.0819 2348defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:35:25.0835 2348defragsvc - ok
    18:35:25.0897 2348DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    18:35:25.0897 2348DfsC - ok
    18:35:25.0991 2348Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    18:35:26.0007 2348Dhcp - ok
    18:35:26.0022 2348discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:35:26.0022 2348discache - ok
    18:35:26.0085 2348Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:35:26.0085 2348Disk - ok
    18:35:26.0147 2348Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    18:35:26.0147 2348Dnscache - ok
    18:35:26.0194 2348dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    18:35:26.0209 2348dot3svc - ok
    18:35:26.0287 2348Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    18:35:26.0287 2348Dot4 - ok
    18:35:26.0334 2348Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\drivers\Dot4Prt.sys
    18:35:26.0334 2348Dot4Print - ok
    18:35:26.0350 2348dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    18:35:26.0365 2348dot4usb - ok
    18:35:26.0397 2348DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    18:35:26.0397 2348DPS - ok
    18:35:26.0443 2348drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:35:26.0443 2348drmkaud - ok
    18:35:26.0553 2348DsiWMIService (2643274535fc1770daa9b73346a027b8) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    18:35:26.0553 2348DsiWMIService - ok
    18:35:26.0677 2348DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    18:35:26.0693 2348DXGKrnl - ok
    18:35:26.0755 2348EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:35:26.0755 2348EapHost - ok
    18:35:27.0021 2348ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:35:27.0036 2348ebdrv - ok
    18:35:27.0192 2348EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    18:35:27.0192 2348EFS - ok
    18:35:27.0301 2348ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    18:35:27.0301 2348ehRecvr - ok
    18:35:27.0364 2348ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:35:27.0364 2348ehSched - ok
    18:35:27.0504 2348elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:35:27.0520 2348elxstor - ok
    18:35:27.0660 2348ePowerSvc (da751bd36852bb7f4515dfc9ee213245) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    18:35:27.0660 2348ePowerSvc - ok
    18:35:27.0816 2348ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:35:27.0816 2348ErrDev - ok
    18:35:27.0910 2348EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:35:27.0910 2348EventSystem - ok
    18:35:27.0972 2348exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:35:27.0972 2348exfat - ok
    18:35:28.0035 2348fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:35:28.0035 2348fastfat - ok
    18:35:28.0113 2348Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    18:35:28.0128 2348Fax - ok
    18:35:28.0128 2348fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:35:28.0128 2348fdc - ok
    18:35:28.0175 2348fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:35:28.0175 2348fdPHost - ok
    18:35:28.0191 2348FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:35:28.0191 2348FDResPub - ok
    18:35:28.0222 2348FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:35:28.0222 2348FileInfo - ok
    18:35:28.0237 2348Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:35:28.0253 2348Filetrace - ok
    18:35:28.0269 2348flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:35:28.0269 2348flpydisk - ok
    18:35:28.0331 2348FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    18:35:28.0331 2348FltMgr - ok
    18:35:28.0487 2348FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
    18:35:28.0503 2348FontCache - ok
    18:35:28.0596 2348FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:35:28.0596 2348FontCache3.0.0.0 - ok
    18:35:28.0643 2348FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:35:28.0643 2348FsDepends - ok
    18:35:28.0705 2348fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    18:35:28.0705 2348fssfltr - ok
    18:35:28.0939 2348fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    18:35:28.0939 2348fsssvc - ok
    18:35:29.0064 2348Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    18:35:29.0064 2348Fs_Rec - ok
    18:35:29.0127 2348fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:35:29.0142 2348fvevol - ok
    18:35:29.0220 2348gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:35:29.0220 2348gagp30kx - ok
    18:35:29.0236 2348GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:35:29.0236 2348GEARAspiWDM - ok
    18:35:29.0345 2348gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    18:35:29.0345 2348gpsvc - ok
    18:35:29.0454 2348GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    18:35:29.0454 2348GREGService - ok
    18:35:29.0563 2348gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:35:29.0563 2348gupdate - ok
    18:35:29.0595 2348gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:35:29.0595 2348gupdatem - ok
    18:35:29.0657 2348gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:35:29.0657 2348gusvc - ok
    18:35:29.0673 2348hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:35:29.0673 2348hcw85cir - ok
    18:35:29.0735 2348HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    18:35:29.0735 2348HdAudAddService - ok
    18:35:29.0782 2348HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
    18:35:29.0782 2348HDAudBus - ok
    18:35:29.0829 2348HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    18:35:29.0829 2348HECIx64 - ok
    18:35:29.0844 2348HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:35:29.0844 2348HidBatt - ok
    18:35:29.0875 2348HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:35:29.0875 2348HidBth - ok
    18:35:29.0907 2348HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:35:29.0907 2348HidIr - ok
    18:35:29.0938 2348hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    18:35:29.0938 2348hidserv - ok
    18:35:30.0000 2348HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    18:35:30.0000 2348HidUsb - ok
    18:35:30.0063 2348hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    18:35:30.0063 2348hkmsvc - ok
    18:35:30.0078 2348HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    18:35:30.0078 2348HomeGroupListener - ok
    18:35:30.0125 2348HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    18:35:30.0125 2348HomeGroupProvider - ok
    18:35:30.0328 2348hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    18:35:30.0328 2348hpqcxs08 - ok
    18:35:30.0375 2348hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    18:35:30.0375 2348hpqddsvc - ok
    18:35:30.0437 2348HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
    18:35:30.0437 2348HpSAMD - ok
    18:35:30.0531 2348HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    18:35:30.0546 2348HTTP - ok
    18:35:30.0546 2348hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    18:35:30.0562 2348hwpolicy - ok
    18:35:30.0609 2348i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:35:30.0624 2348i8042prt - ok
    18:35:30.0702 2348iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    18:35:30.0702 2348iaStor - ok
    18:35:30.0780 2348iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    18:35:30.0780 2348iaStorV - ok
    18:35:30.0952 2348idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:35:30.0952 2348idsvc - ok
    18:35:31.0872 2348igfx (83d2f51e5ec1e45f38f38fa520986b43) C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:35:31.0935 2348igfx - ok
    18:35:32.0106 2348iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:35:32.0106 2348iirsp - ok
    18:35:32.0215 2348IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    18:35:32.0215 2348IKEEXT - ok
    18:35:32.0527 2348IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
    18:35:32.0543 2348IntcAzAudAddService - ok
    18:35:32.0683 2348intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:35:32.0683 2348intelide - ok
    18:35:33.0619 2348intelkmd (83d2f51e5ec1e45f38f38fa520986b43) C:\Windows\system32\DRIVERS\igdpmd64.sys
    18:35:33.0682 2348intelkmd - ok
    18:35:33.0853 2348intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:35:33.0853 2348intelppm - ok
    18:35:33.0916 2348IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:35:33.0916 2348IPBusEnum - ok
    18:35:33.0963 2348IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:35:33.0963 2348IpFilterDriver - ok
    18:35:34.0056 2348iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    18:35:34.0072 2348iphlpsvc - ok
    18:35:34.0103 2348IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
    18:35:34.0103 2348IPMIDRV - ok
    18:35:34.0134 2348IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:35:34.0134 2348IPNAT - ok
    18:35:34.0275 2348iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
    18:35:34.0275 2348iPod Service - ok
    18:35:34.0321 2348IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:35:34.0337 2348IRENUM - ok
    18:35:34.0368 2348isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:35:34.0368 2348isapnp - ok
    18:35:34.0399 2348iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
    18:35:34.0399 2348iScsiPrt - ok
    18:35:34.0446 2348kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:35:34.0446 2348kbdclass - ok
    18:35:34.0493 2348kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:35:34.0493 2348kbdhid - ok
    18:35:34.0524 2348KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:35:34.0524 2348KeyIso - ok
    18:35:34.0555 2348KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    18:35:34.0555 2348KSecDD - ok
    18:35:34.0571 2348KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    18:35:34.0571 2348KSecPkg - ok
    18:35:34.0602 2348ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:35:34.0602 2348ksthunk - ok
    18:35:34.0696 2348KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:35:34.0696 2348KtmRm - ok
    18:35:34.0743 2348L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
    18:35:34.0743 2348L1C - ok
    18:35:34.0821 2348L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
    18:35:34.0821 2348L1E - ok
    18:35:34.0867 2348LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    18:35:34.0867 2348LanmanServer - ok
    18:35:34.0899 2348LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    18:35:34.0899 2348LanmanWorkstation - ok
    18:35:34.0961 2348lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:35:34.0961 2348lltdio - ok
    18:35:35.0039 2348lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:35:35.0039 2348lltdsvc - ok
    18:35:35.0070 2348lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:35:35.0086 2348lmhosts - ok
    18:35:35.0226 2348LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    18:35:35.0226 2348LMS - ok
    18:35:35.0289 2348LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:35:35.0289 2348LSI_FC - ok
    18:35:35.0304 2348LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:35:35.0304 2348LSI_SAS - ok
    18:35:35.0320 2348LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:35:35.0320 2348LSI_SAS2 - ok
    18:35:35.0367 2348LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:35:35.0382 2348LSI_SCSI - ok
    18:35:35.0429 2348luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:35:35.0429 2348luafv - ok
    18:35:35.0507 2348MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    18:35:35.0507 2348MBAMProtector - ok
    18:35:35.0647 2348MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    18:35:35.0647 2348MBAMService - ok
    18:35:35.0710 2348Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    18:35:35.0710 2348Mcx2Svc - ok
    18:35:35.0741 2348megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:35:35.0741 2348megasas - ok
    18:35:35.0788 2348MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:35:35.0788 2348MegaSR - ok
    18:35:35.0897 2348Microsoft SharePoint Workspace Audit Service - ok
    18:35:35.0959 2348MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:35:35.0959 2348MMCSS - ok
    18:35:35.0975 2348Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:35:35.0975 2348Modem - ok
    18:35:36.0022 2348monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:35:36.0022 2348monitor - ok
    18:35:36.0069 2348mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:35:36.0069 2348mouclass - ok
    18:35:36.0100 2348mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:35:36.0100 2348mouhid - ok
    18:35:36.0131 2348mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    18:35:36.0131 2348mountmgr - ok
    18:35:36.0162 2348mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
    18:35:36.0162 2348mpio - ok
    18:35:36.0193 2348mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:35:36.0193 2348mpsdrv - ok
    18:35:36.0349 2348MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    18:35:36.0349 2348MpsSvc - ok
    18:35:36.0381 2348MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    18:35:36.0381 2348MRxDAV - ok
    18:35:36.0443 2348mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:35:36.0443 2348mrxsmb - ok
    18:35:36.0505 2348mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:35:36.0505 2348mrxsmb10 - ok
    18:35:36.0552 2348mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:35:36.0552 2348mrxsmb20 - ok
    18:35:36.0599 2348msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
    18:35:36.0599 2348msahci - ok
    18:35:36.0646 2348msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
    18:35:36.0646 2348msdsm - ok
    18:35:36.0677 2348MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:35:36.0677 2348MSDTC - ok
    18:35:36.0724 2348Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:35:36.0724 2348Msfs - ok
    18:35:36.0771 2348mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:35:36.0771 2348mshidkmdf - ok
    18:35:36.0802 2348msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:35:36.0802 2348msisadrv - ok
    18:35:36.0849 2348MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:35:36.0849 2348MSiSCSI - ok
    18:35:36.0849 2348msiserver - ok
    18:35:36.0895 2348MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:35:36.0895 2348MSKSSRV - ok
    18:35:36.0942 2348MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:35:36.0942 2348MSPCLOCK - ok
    18:35:36.0942 2348MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:35:36.0942 2348MSPQM - ok
    18:35:37.0005 2348MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    18:35:37.0005 2348MsRPC - ok
    18:35:37.0051 2348mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:35:37.0051 2348mssmbios - ok
    18:35:37.0083 2348MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:35:37.0083 2348MSTEE - ok
    18:35:37.0083 2348MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:35:37.0083 2348MTConfig - ok
    18:35:37.0129 2348Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:35:37.0129 2348Mup - ok
    18:35:37.0192 2348napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    18:35:37.0192 2348napagent - ok
    18:35:37.0270 2348NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:35:37.0270 2348NativeWifiP - ok
    18:35:37.0395 2348NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    18:35:37.0395 2348NDIS - ok
    18:35:37.0441 2348NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:35:37.0441 2348NdisCap - ok
    18:35:37.0488 2348NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:35:37.0488 2348NdisTapi - ok
    18:35:37.0519 2348Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:35:37.0519 2348Ndisuio - ok
    18:35:37.0566 2348NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:35:37.0566 2348NdisWan - ok
    18:35:37.0597 2348NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    18:35:37.0597 2348NDProxy - ok
    18:35:37.0675 2348Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
    18:35:37.0675 2348Net Driver HPZ12 - ok
    18:35:37.0722 2348Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
    18:35:37.0722 2348Netaapl - ok
    18:35:37.0769 2348NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:35:37.0769 2348NetBIOS - ok
    18:35:37.0816 2348NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    18:35:37.0816 2348NetBT - ok
    18:35:37.0863 2348Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:35:37.0863 2348Netlogon - ok
    18:35:37.0925 2348Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:35:37.0925 2348Netman - ok
    18:35:37.0987 2348netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:35:38.0003 2348netprofm - ok
    18:35:38.0112 2348NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:35:38.0112 2348NetTcpPortSharing - ok
    18:35:38.0175 2348nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:35:38.0175 2348nfrd960 - ok
    18:35:38.0237 2348NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    18:35:38.0253 2348NlaSvc - ok
    18:35:38.0268 2348Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:35:38.0268 2348Npfs - ok
    18:35:38.0268 2348nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:35:38.0268 2348nsi - ok
    18:35:38.0299 2348nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:35:38.0299 2348nsiproxy - ok
    18:35:38.0455 2348Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    18:35:38.0471 2348Ntfs - ok
    18:35:38.0565 2348NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    18:35:38.0565 2348NTI IScheduleSvc - ok
    18:35:38.0705 2348NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    18:35:38.0705 2348NTIDrvr - ok
    18:35:38.0767 2348NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
    18:35:38.0767 2348NuidFltr - ok
    18:35:38.0783 2348Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:35:38.0783 2348Null - ok
    18:35:38.0861 2348nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    18:35:38.0861 2348nvraid - ok
     
  5. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    18:35:38.0923 2348nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    18:35:38.0923 2348nvstor - ok
    18:35:38.0986 2348nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:35:38.0986 2348nv_agp - ok
    18:35:39.0017 2348ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:35:39.0017 2348ohci1394 - ok
    18:35:39.0111 2348ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:35:39.0111 2348ose64 - ok
    18:35:39.0501 2348osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:35:39.0532 2348osppsvc - ok
    18:35:39.0688 2348p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:35:39.0688 2348p2pimsvc - ok
    18:35:39.0735 2348p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:35:39.0735 2348p2psvc - ok
    18:35:39.0781 2348Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:35:39.0781 2348Parport - ok
    18:35:39.0797 2348partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    18:35:39.0797 2348partmgr - ok
    18:35:39.0844 2348PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:35:39.0844 2348PcaSvc - ok
    18:35:39.0891 2348pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
    18:35:39.0891 2348pci - ok
    18:35:39.0906 2348pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:35:39.0906 2348pciide - ok
    18:35:39.0953 2348pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:35:39.0953 2348pcmcia - ok
    18:35:39.0969 2348pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:35:39.0969 2348pcw - ok
    18:35:40.0047 2348PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:35:40.0047 2348PEAUTH - ok
    18:35:40.0171 2348PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:35:40.0171 2348PerfHost - ok
    18:35:40.0390 2348pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    18:35:40.0405 2348pla - ok
    18:35:40.0468 2348PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    18:35:40.0468 2348PlugPlay - ok
    18:35:40.0530 2348Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
    18:35:40.0530 2348Pml Driver HPZ12 - ok
    18:35:40.0546 2348PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:35:40.0546 2348PNRPAutoReg - ok
    18:35:40.0593 2348PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:35:40.0593 2348PNRPsvc - ok
    18:35:40.0671 2348Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
    18:35:40.0686 2348Point64 - ok
    18:35:40.0733 2348PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    18:35:40.0749 2348PolicyAgent - ok
    18:35:40.0795 2348Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:35:40.0811 2348Power - ok
    18:35:40.0858 2348PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    18:35:40.0858 2348PptpMiniport - ok
    18:35:40.0889 2348Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:35:40.0889 2348Processor - ok
    18:35:40.0967 2348ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    18:35:40.0967 2348ProfSvc - ok
    18:35:40.0998 2348ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:35:40.0998 2348ProtectedStorage - ok
    18:35:41.0045 2348Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    18:35:41.0045 2348Psched - ok
    18:35:41.0217 2348ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:35:41.0217 2348ql2300 - ok
    18:35:41.0373 2348ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:35:41.0373 2348ql40xx - ok
    18:35:41.0419 2348QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:35:41.0419 2348QWAVE - ok
    18:35:41.0435 2348QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:35:41.0435 2348QWAVEdrv - ok
    18:35:41.0451 2348RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:35:41.0451 2348RasAcd - ok
    18:35:41.0497 2348RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:35:41.0497 2348RasAgileVpn - ok
    18:35:41.0544 2348RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:35:41.0544 2348RasAuto - ok
    18:35:41.0575 2348Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:35:41.0575 2348Rasl2tp - ok
    18:35:41.0638 2348RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    18:35:41.0638 2348RasMan - ok
    18:35:41.0653 2348RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:35:41.0669 2348RasPppoe - ok
    18:35:41.0716 2348RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:35:41.0716 2348RasSstp - ok
    18:35:41.0747 2348rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    18:35:41.0747 2348rdbss - ok
    18:35:41.0763 2348rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:35:41.0763 2348rdpbus - ok
    18:35:41.0809 2348RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:35:41.0809 2348RDPCDD - ok
    18:35:41.0841 2348RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:35:41.0841 2348RDPENCDD - ok
    18:35:41.0872 2348RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:35:41.0887 2348RDPREFMP - ok
    18:35:41.0934 2348RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
    18:35:41.0934 2348RDPWD - ok
    18:35:41.0981 2348rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    18:35:41.0981 2348rdyboost - ok
    18:35:42.0059 2348RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:35:42.0059 2348RemoteAccess - ok
    18:35:42.0090 2348RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:35:42.0090 2348RemoteRegistry - ok
    18:35:42.0153 2348RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    18:35:42.0153 2348RFCOMM - ok
    18:35:42.0168 2348RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:35:42.0168 2348RpcEptMapper - ok
    18:35:42.0199 2348RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:35:42.0199 2348RpcLocator - ok
    18:35:42.0262 2348RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    18:35:42.0262 2348RpcSs - ok
    18:35:42.0309 2348rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:35:42.0309 2348rspndr - ok
    18:35:42.0402 2348RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    18:35:42.0418 2348RS_Service - ok
    18:35:42.0449 2348SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:35:42.0449 2348SamSs - ok
    18:35:42.0558 2348SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    18:35:42.0558 2348SASDIFSV - ok
    18:35:42.0605 2348SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    18:35:42.0605 2348SASKUTIL - ok
    18:35:42.0714 2348SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
    18:35:42.0714 2348SbFw - ok
    18:35:42.0777 2348SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
    18:35:42.0777 2348SBFWIMCL - ok
    18:35:42.0792 2348SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
    18:35:42.0792 2348SBFWIMCLMP - ok
    18:35:42.0823 2348sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
    18:35:42.0823 2348sbhips - ok
    18:35:42.0855 2348sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
    18:35:42.0855 2348sbp2port - ok
    18:35:42.0870 2348SBRE - ok
    18:35:42.0917 2348SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
    18:35:42.0917 2348SbTis - ok
    18:35:42.0979 2348SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:35:42.0979 2348SCardSvr - ok
    18:35:42.0995 2348scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    18:35:43.0011 2348scfilter - ok
    18:35:43.0104 2348Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    18:35:43.0120 2348Schedule - ok
    18:35:43.0151 2348SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    18:35:43.0151 2348SCPolicySvc - ok
    18:35:43.0198 2348SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    18:35:43.0198 2348SDRSVC - ok
    18:35:43.0276 2348secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:35:43.0276 2348secdrv - ok
    18:35:43.0276 2348seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    18:35:43.0276 2348seclogon - ok
    18:35:43.0323 2348SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    18:35:43.0323 2348SENS - ok
    18:35:43.0369 2348SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:35:43.0369 2348SensrSvc - ok
    18:35:43.0369 2348Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:35:43.0369 2348Serenum - ok
    18:35:43.0447 2348Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:35:43.0447 2348Serial - ok
    18:35:43.0510 2348sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:35:43.0510 2348sermouse - ok
    18:35:43.0541 2348SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    18:35:43.0557 2348SessionEnv - ok
    18:35:43.0588 2348sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:35:43.0588 2348sffdisk - ok
    18:35:43.0603 2348sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:35:43.0603 2348sffp_mmc - ok
    18:35:43.0619 2348sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
    18:35:43.0619 2348sffp_sd - ok
    18:35:43.0635 2348sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:35:43.0635 2348sfloppy - ok
    18:35:43.0713 2348SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    18:35:43.0713 2348SharedAccess - ok
    18:35:43.0775 2348ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    18:35:43.0775 2348ShellHWDetection - ok
    18:35:43.0806 2348SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:35:43.0806 2348SiSRaid2 - ok
    18:35:43.0837 2348SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:35:43.0837 2348SiSRaid4 - ok
    18:35:43.0869 2348Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:35:43.0869 2348Smb - ok
    18:35:43.0947 2348SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:35:43.0947 2348SNMPTRAP - ok
    18:35:43.0962 2348spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:35:43.0962 2348spldr - ok
    18:35:44.0025 2348Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    18:35:44.0040 2348Spooler - ok
    18:35:44.0305 2348sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    18:35:44.0321 2348sppsvc - ok
    18:35:44.0430 2348sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:35:44.0446 2348sppuinotify - ok
    18:35:44.0586 2348sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
    18:35:44.0602 2348sptd - ok
    18:35:44.0680 2348srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    18:35:44.0680 2348srv - ok
    18:35:44.0727 2348srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    18:35:44.0727 2348srv2 - ok
    18:35:44.0773 2348srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    18:35:44.0773 2348srvnet - ok
    18:35:44.0820 2348ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
    18:35:44.0820 2348ssadbus - ok
    18:35:44.0883 2348ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
    18:35:44.0883 2348ssadmdfl - ok
    18:35:44.0929 2348ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
    18:35:44.0929 2348ssadmdm - ok
    18:35:44.0992 2348sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
    18:35:44.0992 2348sscdbus - ok
    18:35:45.0039 2348sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    18:35:45.0039 2348sscdmdfl - ok
    18:35:45.0085 2348sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
    18:35:45.0085 2348sscdmdm - ok
    18:35:45.0163 2348SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:35:45.0163 2348SSDPSRV - ok
    18:35:45.0195 2348SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:35:45.0195 2348SstpSvc - ok
    18:35:45.0288 2348Steam Client Service - ok
    18:35:45.0304 2348stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:35:45.0304 2348stexstor - ok
    18:35:45.0397 2348stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    18:35:45.0413 2348stisvc - ok
    18:35:45.0429 2348swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:35:45.0429 2348swenum - ok
    18:35:45.0585 2348SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    18:35:45.0600 2348SwitchBoard - ok
    18:35:45.0647 2348swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:35:45.0663 2348swprv - ok
    18:35:45.0819 2348SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    18:35:45.0819 2348SysMain - ok
    18:35:45.0943 2348TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    18:35:45.0943 2348TabletInputService - ok
    18:35:46.0006 2348TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    18:35:46.0006 2348TapiSrv - ok
    18:35:46.0021 2348TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:35:46.0021 2348TBS - ok
    18:35:46.0240 2348Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    18:35:46.0255 2348Tcpip - ok
    18:35:46.0536 2348TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    18:35:46.0536 2348TCPIP6 - ok
    18:35:46.0645 2348tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    18:35:46.0645 2348tcpipreg - ok
    18:35:46.0661 2348TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:35:46.0661 2348TDPIPE - ok
    18:35:46.0708 2348TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    18:35:46.0708 2348TDTCP - ok
    18:35:46.0755 2348tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    18:35:46.0755 2348tdx - ok
    18:35:46.0801 2348TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
    18:35:46.0801 2348TermDD - ok
    18:35:46.0895 2348TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    18:35:46.0895 2348TermService - ok
    18:35:46.0926 2348Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:35:46.0926 2348Themes - ok
    18:35:46.0942 2348THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:35:46.0942 2348THREADORDER - ok
    18:35:46.0973 2348TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:35:46.0973 2348TrkWks - ok
    18:35:47.0035 2348TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    18:35:47.0035 2348TrustedInstaller - ok
    18:35:47.0082 2348tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:35:47.0082 2348tssecsrv - ok
    18:35:47.0129 2348tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    18:35:47.0129 2348tunnel - ok
    18:35:47.0176 2348TVICHW32 (1a006963644c7fde5be60036f3a43e68) C:\Windows\system32\DRIVERS\TVICHW32.SYS
    18:35:47.0176 2348TVICHW32 - ok
    18:35:47.0191 2348uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:35:47.0191 2348uagp35 - ok
    18:35:47.0223 2348UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    18:35:47.0223 2348UBHelper - ok
    18:35:47.0269 2348udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    18:35:47.0269 2348udfs - ok
    18:35:47.0301 2348UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:35:47.0301 2348UI0Detect - ok
    18:35:47.0347 2348uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:35:47.0347 2348uliagpkx - ok
    18:35:47.0410 2348umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
    18:35:47.0410 2348umbus - ok
    18:35:47.0441 2348UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:35:47.0441 2348UmPass - ok
    18:35:47.0722 2348UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    18:35:47.0737 2348UNS - ok
    18:35:47.0831 2348Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    18:35:47.0831 2348Updater Service - ok
    18:35:48.0003 2348upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:35:48.0003 2348upnphost - ok
    18:35:48.0065 2348USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    18:35:48.0065 2348USBAAPL64 - ok
    18:35:48.0112 2348usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:35:48.0112 2348usbccgp - ok
    18:35:48.0143 2348usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:35:48.0143 2348usbcir - ok
    18:35:48.0174 2348usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    18:35:48.0174 2348usbehci - ok
    18:35:48.0237 2348usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    18:35:48.0237 2348usbhub - ok
    18:35:48.0268 2348usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    18:35:48.0268 2348usbohci - ok
    18:35:48.0299 2348usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:35:48.0299 2348usbprint - ok
    18:35:48.0346 2348usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    18:35:48.0346 2348usbscan - ok
    18:35:48.0377 2348USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:35:48.0377 2348USBSTOR - ok
    18:35:48.0393 2348usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    18:35:48.0393 2348usbuhci - ok
    18:35:48.0471 2348usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    18:35:48.0471 2348usbvideo - ok
    18:35:48.0486 2348UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:35:48.0502 2348UxSms - ok
    18:35:48.0549 2348VaneFltr (81a9f455bf2c9180348949f7c8d93e66) C:\Windows\system32\drivers\Lachesis.sys
    18:35:48.0549 2348VaneFltr - ok
    18:35:48.0595 2348VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    18:35:48.0595 2348VaultSvc - ok
    18:35:48.0673 2348vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:35:48.0673 2348vdrvroot - ok
    18:35:48.0751 2348vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    18:35:48.0751 2348vds - ok
    18:35:48.0798 2348vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:35:48.0798 2348vga - ok
    18:35:48.0829 2348VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:35:48.0829 2348VgaSave - ok
    18:35:48.0876 2348vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
    18:35:48.0876 2348vhdmp - ok
    18:35:48.0907 2348viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:35:48.0907 2348viaide - ok
    18:35:48.0939 2348volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
    18:35:48.0939 2348volmgr - ok
    18:35:48.0985 2348volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    18:35:49.0001 2348volmgrx - ok
    18:35:49.0032 2348volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
    18:35:49.0032 2348volsnap - ok
    18:35:49.0079 2348vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:35:49.0079 2348vsmraid - ok
    18:35:49.0235 2348VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    18:35:49.0235 2348VSS - ok
    18:35:49.0375 2348vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    18:35:49.0375 2348vwifibus - ok
    18:35:49.0391 2348vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    18:35:49.0391 2348vwififlt - ok
    18:35:49.0422 2348vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    18:35:49.0422 2348vwifimp - ok
    18:35:49.0485 2348W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:35:49.0485 2348W32Time - ok
    18:35:49.0500 2348WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:35:49.0500 2348WacomPen - ok
    18:35:49.0547 2348WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    18:35:49.0547 2348WANARP - ok
    18:35:49.0578 2348Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    18:35:49.0578 2348Wanarpv6 - ok
    18:35:49.0734 2348WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:35:49.0734 2348WatAdminSvc - ok
    18:35:49.0890 2348wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    18:35:49.0906 2348wbengine - ok
    18:35:50.0031 2348WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:35:50.0031 2348WbioSrvc - ok
    18:35:50.0093 2348wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    18:35:50.0093 2348wcncsvc - ok
    18:35:50.0109 2348WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:35:50.0109 2348WcsPlugInService - ok
    18:35:50.0155 2348Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:35:50.0155 2348Wd - ok
    18:35:50.0218 2348WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    18:35:50.0218 2348WDC_SAM - ok
    18:35:50.0280 2348Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:35:50.0280 2348Wdf01000 - ok
    18:35:50.0327 2348WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:35:50.0327 2348WdiServiceHost - ok
    18:35:50.0327 2348WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:35:50.0327 2348WdiSystemHost - ok
    18:35:50.0389 2348WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    18:35:50.0389 2348WebClient - ok
    18:35:50.0421 2348Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:35:50.0421 2348Wecsvc - ok
    18:35:50.0452 2348wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:35:50.0467 2348wercplsupport - ok
    18:35:50.0499 2348WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:35:50.0514 2348WerSvc - ok
    18:35:50.0577 2348WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:35:50.0592 2348WfpLwf - ok
    18:35:50.0592 2348WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:35:50.0592 2348WIMMount - ok
    18:35:50.0670 2348WinDefend - ok
    18:35:50.0670 2348WinHttpAutoProxySvc - ok
    18:35:50.0748 2348Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:35:50.0748 2348Winmgmt - ok
    18:35:50.0951 2348WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    18:35:50.0951 2348WinRM - ok
    18:35:51.0154 2348WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:35:51.0154 2348WinUsb - ok
    18:35:51.0247 2348Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:35:51.0263 2348Wlansvc - ok
    18:35:51.0325 2348wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    18:35:51.0325 2348wlcrasvc - ok
    18:35:51.0606 2348wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:35:51.0622 2348wlidsvc - ok
    18:35:51.0778 2348WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:35:51.0778 2348WmiAcpi - ok
    18:35:51.0856 2348wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:35:51.0856 2348wmiApSrv - ok
    18:35:51.0918 2348WMPNetworkSvc - ok
    18:35:51.0949 2348WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:35:51.0949 2348WPCSvc - ok
    18:35:51.0981 2348WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    18:35:51.0981 2348WPDBusEnum - ok
    18:35:52.0012 2348ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:35:52.0012 2348ws2ifsl - ok
    18:35:52.0074 2348wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
    18:35:52.0074 2348wscsvc - ok
    18:35:52.0074 2348WSearch - ok
    18:35:52.0277 2348wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    18:35:52.0293 2348wuauserv - ok
    18:35:52.0449 2348WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    18:35:52.0449 2348WudfPf - ok
    18:35:52.0511 2348WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:35:52.0511 2348WUDFRd - ok
    18:35:52.0558 2348wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    18:35:52.0558 2348wudfsvc - ok
    18:35:52.0589 2348WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:35:52.0589 2348WwanSvc - ok
    18:35:52.0651 2348MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    18:35:52.0714 2348\Device\Harddisk0\DR0 - ok
    18:35:52.0714 2348Boot (0x1200) (449b5532bc69073a98b1ee9609605bc1) \Device\Harddisk0\DR0\Partition0
    18:35:52.0714 2348\Device\Harddisk0\DR0\Partition0 - ok
    18:35:52.0729 2348Boot (0x1200) (0618f564671d2c05bbab03172f52fcc2) \Device\Harddisk0\DR0\Partition1
    18:35:52.0745 2348\Device\Harddisk0\DR0\Partition1 - ok
    18:35:52.0761 2348Boot (0x1200) (73507fa2dc37d5b08c4692b7fc0e708a) \Device\Harddisk0\DR0\Partition2
    18:35:52.0761 2348\Device\Harddisk0\DR0\Partition2 - ok
    18:35:52.0792 2348Boot (0x1200) (eb3eea752150b0ec38592bdbf226bd5b) \Device\Harddisk0\DR0\Partition3
    18:35:52.0792 2348\Device\Harddisk0\DR0\Partition3 - ok
    18:35:52.0792 2348============================================================
    18:35:52.0792 2348Scan finished
    18:35:52.0792 2348============================================================
    18:35:52.0807 4924Detected object count: 1
    18:35:52.0807 4924Actual detected object count: 1
    18:35:57.0347 4924Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    18:35:57.0347 4924Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Never run Combofix on your own.
     
  7. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.26.04
    Windows 7 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Random McGill Guy :: RANDOMMCGILLGUY [administrator]
    Protection: Disabled
    26/04/2012 11:03:15 PM
    mbam-log-2012-04-26 (23-03-15).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205602
    Time elapsed: 3 minute(s), 26 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  8. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-26 23:30:52
    Windows 6.1.7600
    Running: i8oi3ijv.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f3d79
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f3d79@7cc537d29fda 0xCF 0x9D 0xEF 0xEB ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0x1D 0xAE 0x0D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x3E 0xDD 0x71 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x9B 0x65 0x25 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f3d79 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f3d79@7cc537d29fda 0xCF 0x9D 0xEF 0xEB ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0x1D 0xAE 0x0D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7B 0x3E 0xDD 0x71 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x9B 0x65 0x25 ...
    ---- EOF - GMER 1.0.15 ----
     
  9. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421
    Run by Random McGill Guy at 23:31:58 on 2012-04-26
    Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.2705 [GMT -4:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
    StartupFolder: C:\Users\RANDOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\RANDOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\QUIETH~1.LNK - C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: 使用迅雷下载 - C:\Program Files (x86)\Thunder\Program\GetUrl.htm
    IE: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder\Program\GetAllUrl.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_05\bin\npjpi150_05.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Program Files (x86)\YouKu\common\ikutm.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
    TCP: DhcpNameServer = 132.206.85.18 132.206.85.19 132.206.85.36 132.206.44.21 132.206.25.21
    TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E} : DhcpNameServer = 132.206.85.18 132.206.85.19 132.206.85.36 132.206.44.21 132.206.25.21
    TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\34963736F63393832323 : DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\34F6E636F62746961675962756C656373794E666F6 : DhcpNameServer = 132.205.7.81 132.205.122.20
    TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\3557E6378696E65684F6573756 : DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\B4169716370275962756C6563737F5441364739383 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}\E696576616D696C697 : DhcpNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX
    Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO-X64: btorbit.com - No File
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
    R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-17 325200]
    S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-9-17 820768]
    S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-26 654408]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
    S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-9-17 260640]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-17 2320920]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
    S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-5-13 243232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    txtfile=C:\Windows\notepad.exe %1
    VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-04-27 02:54:45 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-04-27 02:27:41 -------- d-----w- C:\ComboFix
    2012-04-27 01:01:17 -------- d-----w- C:\Program Files (x86)\ESET
    2012-04-27 00:32:35 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
    2012-04-27 00:32:35 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
    2012-04-27 00:32:34 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Simply Super Software
    2012-04-27 00:32:34 -------- d-----w- C:\ProgramData\Simply Super Software
    2012-04-27 00:32:34 -------- d-----w- C:\Program Files (x86)\Trojan Remover
    2012-04-26 21:43:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-26 21:43:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-26 20:49:26 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-26 20:49:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-04-26 20:49:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-04-26 06:20:17 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-26 06:05:38 -------- d-----w- C:\MGtools
    2012-04-26 04:27:13 -------- d-----w- C:\Program Files\HitmanPro
    2012-04-26 04:27:07 -------- d-----w- C:\ProgramData\HitmanPro
    2012-04-25 18:32:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-04-25 18:32:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-04-24 23:19:52 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\WindowsApplication1
    2012-04-24 17:00:24 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
    2012-04-22 01:44:56 -------- d-----w- C:\ProgramData\Battle.net
    2012-04-20 15:07:36 -------- d-----w- C:\ProgramData\IObit
    2012-04-16 06:33:43 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Malwarebytes
    2012-04-16 06:33:34 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-16 06:02:51 98816 ----a-w- C:\Windows\sed.exe
    2012-04-16 06:02:51 518144 ----a-w- C:\Windows\SWREG.exe
    2012-04-16 06:02:51 256000 ----a-w- C:\Windows\PEV.exe
    2012-04-16 06:02:51 208896 ----a-w- C:\Windows\MBR.exe
    2012-04-16 05:44:35 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\IObit
    2012-04-16 05:44:28 -------- d-----w- C:\Program Files (x86)\IObit
    2012-04-16 05:35:44 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
    2012-04-16 05:35:41 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
    2012-04-16 05:35:20 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
    2012-04-16 05:35:20 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
    2012-04-15 12:24:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-14 00:00:18 -------- d-----w- C:\Program Files (x86)\Ludashi
    2012-04-13 22:51:52 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\360mobilemgr
    2012-04-13 22:43:48 -------- d-----w- C:\ProgramData\360safe
    2012-04-13 22:40:42 19800 ----a-w- C:\Windows\System32\drivers\efimon.sys
    2012-04-13 22:40:05 -------- d-----w- C:\Program Files (x86)\360
    2012-04-13 22:39:34 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\360inst
    2012-04-13 20:17:46 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
    2012-04-13 17:45:23 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Caiyun
    2012-04-13 17:44:51 -------- d-----w- C:\Program Files (x86)\彩云游戏浏览器
    2012-04-12 20:13:21 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\KuGou7
    2012-04-12 20:13:16 -------- d-----w- C:\Program Files (x86)\KuGou2012
    2012-04-12 06:46:02 -------- d-----w- C:\TGGAME
    2012-04-12 04:18:02 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\Mozilla
    2012-04-12 04:01:05 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-12 04:01:05 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-12 04:01:02 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2012-04-12 04:01:01 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2012-04-12 04:01:01 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2012-04-12 04:01:00 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-04-12 04:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2012-04-12 03:59:48 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-12 03:59:47 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-12 03:59:46 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-12 03:55:42 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-12 03:55:42 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-12 03:55:42 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-12 03:55:41 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-12 03:55:41 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-12 03:55:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-12 03:55:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-09 01:06:21 61440 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
    2012-04-09 01:06:21 61440 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
    2012-04-09 01:06:21 106496 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
    2012-04-09 01:06:21 106496 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
    2012-04-09 01:06:21 106496 ----a-r- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
    2012-04-09 01:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
    2012-04-09 01:06:14 -------- d-----w- C:\Program Files (x86)\Tencent
    2012-04-09 01:06:05 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll
    2012-04-09 01:06:05 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Tencent
    2012-04-08 00:21:41 -------- d-----w- C:\Program Files (x86)\GRETECH
    2012-04-07 13:32:42 -------- d-----w- C:\Program Files (x86)\Common Files\duowan
    2012-04-07 13:32:12 -------- d-----w- C:\Program Files (x86)\duowan
    2012-04-07 13:32:09 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\duowan
    2012-04-04 05:54:08 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-03-31 17:05:31 -------- d-----w- C:\Users\Random McGill Guy\AppData\Roaming\Unity
    2012-03-31 16:54:30 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\Unity
    2012-03-29 05:04:05 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\ATI
    2012-03-29 05:00:35 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-03-29 04:58:41 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2012-03-29 04:58:38 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-03-29 04:58:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2012-03-29 04:58:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2012-03-29 04:54:29 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2012-03-29 04:54:17 -------- d-----w- C:\Program Files\ATI Technologies
    2012-03-29 04:54:15 -------- d-----w- C:\Program Files\ATI
    2012-03-29 04:52:39 496128 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-03-29 03:06:01 58880 ----a-w- C:\Windows\System32\coinst.dll
    2012-03-29 03:01:35 -------- d-----w- C:\Users\Random McGill Guy\AppData\Local\Leshcat & Co
    2012-03-29 01:26:24 -------- d-----w- C:\Program Files (x86)\ImageJ
    .
    ==================== Find3M ====================
    .
    2012-04-15 12:24:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-29 01:30:43 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-03-29 01:30:41 175104 ----a-w- C:\Windows\System32\msclmd.dll
    2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2012-03-21 22:07:02 12311168 ----a-w- C:\Windows\System32\drivers\igdpmd64.sys
    2012-03-21 22:07:02 12311168 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
    2012-03-08 19:07:16 328736 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-03-08 19:07:10 10858016 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-15 08:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-02-15 08:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-02-15 08:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-02-15 08:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-02-15 08:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-02-15 08:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-02-15 08:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-02-15 08:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-02-15 08:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-02-15 08:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-02-15 08:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-02-15 07:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-02-15 07:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-02-15 07:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-02-15 07:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-02-15 07:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-02-15 07:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-02-15 07:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-02-15 07:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-02-15 07:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-02-15 07:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-02-15 07:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-02-15 07:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-02-15 07:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-02-15 07:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-02-15 07:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-02-15 07:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-02-15 07:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-02-15 07:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-02-15 07:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-02-15 07:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-02-15 07:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-02-15 07:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-02-15 07:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-02-15 07:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-02-15 07:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-02-15 07:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-02-15 07:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-02-15 07:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-02-15 07:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-02-10 10:08:02 279840 ----a-w- C:\Windows\System32\ikutm.dll
    2012-02-10 06:24:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 06:23:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-02-10 06:23:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-10 06:23:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-02-10 06:23:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-02-10 05:35:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-10 05:35:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-10 05:35:25 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-02-10 05:35:25 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-10 05:35:25 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-31 10:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2012-01-31 10:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    .
    ============= FINISH: 23:32:46.24 ===============
     
  10. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/12/2010 3:13:29 AM
    System Uptime: 26/04/2012 10:57:59 PM (1 hours ago)
    .
    Motherboard: Acer | | JM31_CP
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 2394/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 53.896 GiB free.
    G: is FIXED (NTFS) - 122 GiB total, 54.637 GiB free.
    S: is FIXED (NTFS) - 98 GiB total, 29.12 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acer Backup Manager
    Acer Crystal Eye webcam
    Acer eRecovery Management
    Acer PowerSmart Manager
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Photoshop CS5
    AIDA64 Extreme Edition v1.85
    Akamai NetSession Interface
    Alcor Micro USB Card Reader
    AMD GPU Clock Tool
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Audacity 1.3.13 (Unicode)
    Auslogics Disk Defrag
    Avidemux 2.5
    Backup Manager Basic
    BufferChm
    C4400
    calibre
    CambridgeSoft Activation Client
    CambridgeSoft ChemOffice Ultra 2010
    CambridgeSoft ChemScript 12.0
    Canon Easy-PhotoPrint EX
    Canon MP Navigator EX 1.0
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Copy
    D3DX10
    DcOo CS1.6
    Destinations
    DeviceDiscovery
    DivX Setup
    DocProc
    Dropbox
    EndNote X5
    ESET Online Scanner v3
    Facebook Video Calling 1.2.0.159
    Feedback Tool
    foobar2000 v1.1.7
    Foxit Reader 5.0
    Game Booster 3
    GOM Player
    GOMTV Streamer
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    GPBaseService2
    Guild Wars
    Heroes of Newerth
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HydraVision
    Identity Card
    iKu 2
    ImageJ 1.45s
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    iPhoneBrowser
    J2SE Runtime Environment 5.0 Update 5
    Junk Mail filter update
    Launch Manager
    League of Legends
    Mafia II
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Mass Effect 2
    Medieval CUE Splitter
    Mesh Runtime
    Messenger Companion
    MestReNova LITE 5.2.5-5780
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Minitab 15 English
    Mobile Mouse Server
    Monkey's Audio
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nexon Game Manager
    NVIDIA PhysX
    OpenAL
    Orbit Downloader
    Pando Media Booster
    PDF Settings CS5
    Picasa 3
    PPLite 1.0.0.0090
    PPS影音 V2.7.0.1345 正式版
    PS_AIO_03_C4400_Software_Min
    PX Profile Update
    Python 2.5
    Python 2.5 pywin32-210
    QuickTime
    Realtek High Definition Audio Driver
    ResearchSoft Direct Export Helper
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
    Skype? 4.1
    SmartWebPrinting
    SolutionCenter
    Star Wars: The Old Republic
    StarCraft II
    STATISTICA 8.0.725.0 CS
    STATISTICA CambridgeSoft Integration
    Status
    Steam
    System Requirements Lab CYRI
    Tencent QQ
    TI-83 Plus Flash Debugger
    Toolbox
    TrayApp
    Trojan Remover 6.8.3
    Ubisoft Game Launcher
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 2.0.1
    WebReg
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Yahoo! Detect
    YY4
    μTorrent
    彩云游戏浏览器 3.80
    搜狐影音2.5.0.3
    数据银行
    百度影音1.0.23.105
    迅雷
    酷狗音乐2012 版本 7.1.60.15288
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/04/2012 8:38:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SBRE
    26/04/2012 8:37:59 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
    26/04/2012 8:31:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    26/04/2012 5:57:47 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    26/04/2012 5:57:46 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
    26/04/2012 4:18:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    26/04/2012 2:50:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    26/04/2012 2:49:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache SBRE spldr sptd Wanarpv6
    26/04/2012 2:48:56 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    26/04/2012 11:49:15 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    26/04/2012 11:31:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    26/04/2012 10:58:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    26/04/2012 10:58:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    26/04/2012 10:58:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    26/04/2012 10:58:48 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 21
    26/04/2012 10:58:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    26/04/2012 10:58:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache SASDIFSV SASKUTIL SBRE spldr Wanarpv6
    26/04/2012 10:58:31 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    26/04/2012 10:44:28 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    26/04/2012 10:38:35 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    26/04/2012 10:27:21 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    26/04/2012 10:27:21 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    25/04/2012 11:53:28 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    22/04/2012 7:09:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004f26060, 0xfffff80000b9c518, 0xfffffa80047e1500). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042212-31090-01.
    22/04/2012 11:50:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    22/04/2012 11:50:03 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    22/04/2012 11:48:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004f3a060, 0xfffff80000b9c518, 0xfffffa8009c5c760). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042212-33540-01.
    21/04/2012 5:02:24 PM, Error: Microsoft Antimalware [3002] -
    21/04/2012 1:27:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8004f3b060, 0xfffff80000b9c518, 0xfffffa8004a29590). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042112-30997-01.
    19/04/2012 7:22:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================
     
  11. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    also ran an eset online scan which turned negative
     
  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please observe rules I posted:
    ===================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  13. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-26 23:43:12
    -----------------------------
    23:43:12.747 OS Version: Windows x64 6.1.7600
    23:43:12.747 Number of processors: 4 586 0x2505
    23:43:12.747 ComputerName: RANDOMMCGILLGUY UserName:
    23:43:13.605 Initialize success
    23:43:40.554 AVAST engine defs: 12042601
    23:43:53.814 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    23:43:53.814 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    23:43:53.829 Disk 0 MBR read successfully
    23:43:53.829 Disk 0 MBR scan
    23:43:53.829 Disk 0 Windows VISTA default MBR code
    23:43:53.845 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
    23:43:53.860 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
    23:43:53.876 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238689 MB offset 26830848
    23:43:53.876 Disk 0 Partition - 00 0F Extended LBA 225148 MB offset 515667968
    23:43:53.907 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 100000 MB offset 515670016
    23:43:53.907 Disk 0 Partition - 00 05 Extended 125147 MB offset 720470016
    23:43:53.938 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 125146 MB offset 720472064
    23:43:53.970 Disk 0 scanning C:\Windows\system32\drivers
    23:44:05.685 Service scanning
    23:44:42.657 Modules scanning
    23:44:42.657 Disk 0 trace - called modules:
    23:44:42.673 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    23:44:42.673 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005249060]
    23:44:42.688 3 CLASSPNP.SYS[fffff88001a8f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004fb0050]
    23:44:43.702 AVAST engine scan C:\Windows
    23:44:49.225 AVAST engine scan C:\Windows\system32
    23:48:44.280 AVAST engine scan C:\Windows\system32\drivers
    23:49:23.542 AVAST engine scan C:\Users\Random McGill Guy
    23:58:38.403 Disk 0 MBR has been saved successfully to "C:\Users\Random McGill Guy\Desktop\MBR.dat"
    23:58:38.419 The log file has been saved successfully to "C:\Users\Random McGill Guy\Desktop\aswMBR.txt"

    i dunno if aswbr has run successfully it seem be to stuck at a folder in appdata/roaming
     
  14. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`32d00000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    Done;
    Press any key to quit...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    ComboFix 12-04-26.01 - Random McGill Guy 27/04/2012 0:21.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.2542 [GMT -4:00]
    执行位置: c:\users\Random McGill Guy\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * 成功创造新还原点
    .
    Error: Cfiles.dat
    .
    ((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\kjxibaa.tmp
    c:\programdata\ljxibaa.tmp
    .
    ---- 早前运行的结果 -------
    .
    c:\programdata\wxzqbaa.tmp
    c:\programdata\xxzqbaa.tmp
    .
    .
    ((((((((((((((((((((((((( 2012-03-27 至 2012-04-27 的新的档案 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-27 04:32 . 2012-04-27 04:32--------d-----w-c:\users\Default\AppData\Local\temp
    2012-04-27 01:01 . 2012-04-27 01:01--------d-----w-c:\program files (x86)\ESET
    2012-04-27 00:32 . 2003-02-03 00:06153088----a-w-c:\windows\SysWow64\UNRAR3.dll
    2012-04-27 00:32 . 2002-03-06 05:0075264----a-w-c:\windows\SysWow64\unacev2.dll
    2012-04-27 00:32 . 2012-04-27 00:32--------d-----w-c:\program files (x86)\Trojan Remover
    2012-04-27 00:32 . 2012-04-27 00:32--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Simply Super Software
    2012-04-27 00:32 . 2012-04-27 00:32--------d-----w-c:\programdata\Simply Super Software
    2012-04-26 21:43 . 2012-04-26 21:43--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-26 21:43 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\program files\SUPERAntiSpyware
    2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\programdata\SUPERAntiSpyware.com
    2012-04-26 06:20 . 2012-04-26 06:20--------d-----w-C:\TDSSKiller_Quarantine
    2012-04-26 06:05 . 2012-04-26 21:53--------d-----w-C:\MGtools
    2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\program files\HitmanPro
    2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\programdata\HitmanPro
    2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
    2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\programdata\Spybot - Search & Destroy
    2012-04-25 15:05 . 2012-04-26 23:40--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\vlc
    2012-04-24 23:19 . 2012-04-24 23:19--------d-----w-c:\users\Random McGill Guy\AppData\Local\WindowsApplication1
    2012-04-24 17:00 . 2012-04-13 08:468917360----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
    2012-04-22 01:44 . 2012-04-22 01:45--------d-----w-c:\programdata\Battle.net
    2012-04-20 15:07 . 2012-04-20 15:07--------d-----w-c:\programdata\IObit
    2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Malwarebytes
    2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\programdata\Malwarebytes
    2012-04-16 05:44 . 2012-04-16 05:44--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\IObit
    2012-04-16 05:44 . 2012-04-20 15:07--------d-----w-c:\program files (x86)\IObit
    2012-04-16 05:35 . 2011-04-05 21:3560504----a-w-c:\windows\system32\drivers\sbhips.sys
    2012-04-16 05:35 . 2011-04-05 21:3594296----a-w-c:\windows\system32\drivers\sbtis.sys
    2012-04-16 05:35 . 2011-04-05 21:35253528----a-w-c:\windows\system32\drivers\SbFw.sys
    2012-04-16 05:35 . 2011-02-08 13:1484568----a-w-c:\windows\system32\drivers\SbFwIm.sys
    2012-04-15 12:24 . 2012-04-15 12:24418464----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-14 00:00 . 2012-04-26 20:16--------d-----w-c:\program files (x86)\Ludashi
    2012-04-13 22:43 . 2012-04-13 23:59--------d-----w-c:\programdata\360safe
    2012-04-13 22:40 . 2011-08-31 10:1819800----a-w-c:\windows\system32\drivers\efimon.sys
    2012-04-13 22:40 . 2012-04-13 22:40--------d-----w-c:\program files (x86)\360
    2012-04-13 20:17 . 2012-04-15 12:240--sha-w-c:\windows\system32\dds_trash_log.cmd
    2012-04-13 17:45 . 2012-04-13 17:45--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Caiyun
    2012-04-13 17:44 . 2012-04-13 21:18--------d-----w-c:\program files (x86)\彩云游戏浏览器
    2012-04-12 20:13 . 2012-04-22 06:28--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\KuGou7
    2012-04-12 20:13 . 2012-04-12 20:13--------d-----w-c:\program files (x86)\KuGou2012
    2012-04-12 06:46 . 2012-04-13 17:45--------d-----w-C:\TGGAME
    2012-04-12 04:18 . 2012-04-12 04:18--------d-----w-c:\users\Random McGill Guy\AppData\Local\Mozilla
    2012-04-12 04:01 . 2012-02-28 06:422382848----a-w-c:\windows\system32\mshtml.tlb
    2012-04-12 04:01 . 2012-02-28 01:032382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-04-12 04:01 . 2012-02-28 01:58141112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
    2012-04-12 04:01 . 2012-02-28 07:37174392----a-w-c:\program files\Internet Explorer\sqmapi.dll
    2012-04-12 04:01 . 2012-02-28 06:47304640----a-w-c:\program files\Internet Explorer\IEShims.dll
    2012-04-12 04:01 . 2012-02-28 06:562311168----a-w-c:\windows\system32\jscript9.dll
    2012-04-12 04:01 . 2012-02-28 01:08194048----a-w-c:\program files (x86)\Internet Explorer\IEShims.dll
    2012-04-12 03:59 . 2012-03-06 06:435504880----a-w-c:\windows\system32\ntoskrnl.exe
    2012-04-12 03:59 . 2012-03-06 05:593958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-12 03:59 . 2012-03-06 05:593902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-04-12 03:55 . 2012-03-01 06:5422896----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 03:55 . 2012-03-01 06:4080896----a-w-c:\windows\system32\imagehlp.dll
    2012-04-12 03:55 . 2012-03-01 05:45158720----a-w-c:\windows\SysWow64\imagehlp.dll
    2012-04-12 03:55 . 2012-03-01 06:45220672----a-w-c:\windows\system32\wintrust.dll
    2012-04-12 03:55 . 2012-03-01 06:355120----a-w-c:\windows\system32\wmi.dll
    2012-04-12 03:55 . 2012-03-01 05:49172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-04-12 03:55 . 2012-03-01 05:405120----a-w-c:\windows\SysWow64\wmi.dll
    2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
    2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
    2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
    2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
    2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
    2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Common Files\Tencent
    2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Tencent
    2012-04-09 01:06 . 2012-04-09 01:07--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Tencent
    2012-04-09 01:06 . 2012-04-09 01:0618760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
    2012-04-08 00:21 . 2012-04-08 00:22--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\GRETECH
    2012-04-08 00:21 . 2012-04-08 00:27--------d-----w-c:\program files (x86)\GRETECH
    2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\Common Files\duowan
    2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\duowan
    2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\duowan
    2012-03-31 16:54 . 2012-03-31 16:54--------d-----w-c:\users\Random McGill Guy\AppData\Local\Unity
    2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\ATI
    2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Local\ATI
    2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\programdata\ATI
    2012-03-29 05:00 . 2012-03-29 05:000----a-w-c:\windows\ativpsrm.bin
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD AVT
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD APP
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files\Common Files\ATI Technologies
    2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\Common Files\ATI Technologies
    2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files (x86)\ATI Technologies
    2012-03-29 04:54 . 2012-03-29 04:58--------d-----w-c:\program files\ATI Technologies
    2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files\ATI
    2012-03-29 04:52 . 2012-02-15 08:13496128----a-w-c:\windows\system32\atieclxx.exe
    2012-03-29 03:06 . 2012-02-15 07:1658880----a-w-c:\windows\system32\coinst.dll
    2012-03-29 03:01 . 2012-03-29 03:01--------d-----w-c:\users\Random McGill Guy\AppData\Local\Leshcat & Co
    2012-03-29 01:26 . 2012-03-29 01:42--------d-----w-c:\program files (x86)\ImageJ
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-26 06:05 . 2012-04-26 06:0533660----a-w-C:\MGlogs.zip
    2012-04-15 12:24 . 2011-11-07 22:5570304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-29 01:30 . 2009-07-14 02:36152064----a-w-c:\windows\SysWow64\msclmd.dll
    2012-03-29 01:30 . 2009-07-14 02:36175104----a-w-c:\windows\system32\msclmd.dll
    2012-03-22 19:12 . 2012-03-22 19:124435968----a-w-c:\windows\SysWow64\GPhotos.scr
    2012-02-23 14:18 . 2010-12-21 09:07279656------w-c:\windows\system32\MpSigStub.exe
    2012-02-15 06:27 . 2012-03-14 08:441031680----a-w-c:\windows\system32\rdpcore.dll
    2012-02-15 05:44 . 2012-03-14 08:44826368----a-w-c:\windows\SysWow64\rdpcore.dll
    2012-02-15 04:47 . 2012-03-14 08:44204800----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-02-15 04:46 . 2012-03-14 08:4423552----a-w-c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 02:05 . 2012-02-15 02:0569632----a-w-c:\windows\system32\OpenVideo64.dll
    2012-02-15 02:05 . 2012-02-15 02:0559904----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-02-15 02:05 . 2012-02-15 02:0561952----a-w-c:\windows\system32\OVDecode64.dll
    2012-02-15 02:05 . 2012-02-15 02:0554784----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-02-15 02:05 . 2012-02-15 02:0516507904----a-w-c:\windows\system32\amdocl64.dll
    2012-02-15 02:04 . 2012-02-15 02:0413238272----a-w-c:\windows\SysWow64\amdocl.dll
    2012-02-15 02:03 . 2012-02-15 02:0354272----a-w-c:\windows\system32\OpenCL.dll
    2012-02-15 02:03 . 2012-02-15 02:0348128----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-02-10 10:08 . 2012-03-20 23:26279840----a-w-c:\windows\system32\ikutm.dll
    2012-02-10 06:24 . 2012-03-14 16:551544192----a-w-c:\windows\system32\DWrite.dll
    2012-02-10 06:23 . 2012-03-14 16:551837568----a-w-c:\windows\system32\d3d10warp.dll
    2012-02-10 06:23 . 2012-03-14 16:55902656----a-w-c:\windows\system32\d2d1.dll
    2012-02-10 06:23 . 2012-03-14 16:55320512----a-w-c:\windows\system32\d3d10_1core.dll
    2012-02-10 06:23 . 2012-03-14 16:55197120----a-w-c:\windows\system32\d3d10_1.dll
    2012-02-10 05:35 . 2012-03-14 16:551077248----a-w-c:\windows\SysWow64\DWrite.dll
    2012-02-10 05:35 . 2012-03-14 16:55218624----a-w-c:\windows\SysWow64\d3d10_1core.dll
    2012-02-10 05:35 . 2012-03-14 16:551170944----a-w-c:\windows\SysWow64\d3d10warp.dll
    2012-02-10 05:35 . 2012-03-14 16:55739840----a-w-c:\windows\SysWow64\d2d1.dll
    2012-02-10 05:35 . 2012-03-14 16:55161792----a-w-c:\windows\SysWow64\d3d10_1.dll
    2012-02-03 04:16 . 2012-03-14 16:553143168----a-w-c:\windows\system32\win32k.sys
    2012-01-31 10:02 . 2012-01-31 10:0221504----a-w-c:\windows\system32\kdbsdk64.dll
    2012-01-31 10:00 . 2012-01-31 10:0016896----a-w-c:\windows\SysWow64\kdbsdk32.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\user32.dll
    [-] 2009-07-14 . 738ABEE48BAF965B161A7A3E75EB444D . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-26_22.10.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-25 14:53 . 2012-04-27 04:1916384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    - 2012-04-25 14:53 . 2012-04-26 21:4216384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-04-27 04:00 . 2012-04-27 04:2032768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042720120428\index.dat
    + 2012-04-27 01:07 . 2012-04-27 01:0717920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E3A39D1-9005-11E1-91C6-206A8A1429CE}.dat
    - 2012-04-25 14:52 . 2012-04-25 14:5232768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
    + 2012-04-25 14:52 . 2012-04-27 00:4432768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
    + 2010-05-14 03:49 . 2012-04-27 00:3965928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-27 04:1841502 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-12-21 08:15 . 2012-04-27 04:1822562 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-209557282-4168680159-3086812486-1000_UserData.bin
    - 2010-12-21 11:08 . 2012-04-26 20:2816384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-21 11:08 . 2012-04-27 01:0116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-21 11:08 . 2012-04-26 20:2832768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-12-21 11:08 . 2012-04-27 01:0132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-27 01:0132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-26 20:2832768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:46 . 2012-04-26 03:5384368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:46 . 2012-04-27 00:5284368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-04-27 02:23 . 2012-04-27 02:235632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FFCAB5CC-900F-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:50 . 2012-04-27 00:504608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC253177-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:43 . 2012-04-27 00:435120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA98662F-9001-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:43 . 2012-04-27 00:434608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F779B583-9001-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:17 . 2012-04-27 01:235632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D14D4201-9006-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:25 . 2012-04-27 01:254608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D02DA4B9-9007-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:15 . 2012-04-27 02:205632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CF1BC4BB-900E-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:32 . 2012-04-27 01:324608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CDF1AFF1-9008-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:02 . 2012-04-27 01:075120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B04D66B5-9004-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:07 . 2012-04-27 02:074608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACE3A619-900D-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:07 . 2012-04-27 02:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ABEA7561-900D-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:23 . 2012-04-27 01:234608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A356C3FE-9007-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:52 . 2012-04-27 01:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E8CFF89-900B-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:08 . 2012-04-27 01:084608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C7FB93F-9005-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:51 . 2012-04-27 01:514608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86A682BA-900B-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:13 . 2012-04-27 02:134608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85E5D75A-900E-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:01 . 2012-04-27 01:085632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8581D528-9004-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:20 . 2012-04-27 02:204608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83769247-900F-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:08 . 2012-04-27 01:125632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82DF3AA1-9005-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:15 . 2012-04-27 01:154608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82572867-9006-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:27 . 2012-04-27 02:274608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82498199-9010-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 04:00 . 2012-04-27 04:015120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8058D754-901D-11E1-8C39-206A8A1429CE}.dat
    + 2012-04-27 01:58 . 2012-04-27 01:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8003F049-900C-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:58 . 2012-04-27 01:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D390DEA-900C-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 04:00 . 2012-04-27 04:004608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D0EA90E-901D-11E1-8C39-206A8A1429CE}.dat
    + 2012-04-27 01:36 . 2012-04-27 01:364608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78B9C20E-9009-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:44 . 2012-04-27 01:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78259635-900A-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:57 . 2012-04-27 01:574608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5EF7354B-900C-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 04:20 . 2012-04-27 04:204608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{47F614EC-9020-11E1-B0FE-206A8A1429CE}.dat
    + 2012-04-27 04:20 . 2012-04-27 04:204608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{44F46266-9020-11E1-B0FE-206A8A1429CE}.dat
    + 2012-04-27 00:52 . 2012-04-27 00:524608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{40C11065-9003-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:45 . 2012-04-27 00:454608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3FEED311-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:41 . 2012-04-27 01:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2159534E-900A-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:44 . 2012-04-27 00:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1FBF9614-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:44 . 2012-04-27 00:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B2ABA87-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:23 . 2012-04-27 02:276144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFCAB5CE-900F-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:50 . 2012-04-27 00:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC253178-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:43 . 2012-04-27 00:434608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA986630-9001-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:43 . 2012-04-27 00:434608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F779B584-9001-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:25 . 2012-04-27 01:295120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D02DA4BA-9007-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:32 . 2012-04-27 01:395120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CDF1AFF2-9008-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:07 . 2012-04-27 02:145120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACE3A61A-900D-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:23 . 2012-04-27 01:234096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A356C3FF-9007-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:52 . 2012-04-27 01:575632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E8CFF8A-900B-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:20 . 2012-04-27 02:216144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{992E18C2-900F-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:23 . 2012-04-27 01:246144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94F73572-9007-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:08 . 2012-04-27 01:085120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C7FB940-9005-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 04:00 . 2012-04-27 04:004096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{89F6608B-901D-11E1-8C39-206A8A1429CE}.dat
    + 2012-04-27 01:51 . 2012-04-27 01:575120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86A682BB-900B-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:13 . 2012-04-27 02:205120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85E5D75B-900E-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:20 . 2012-04-27 02:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83769248-900F-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:15 . 2012-04-27 01:154096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82572868-9006-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:27 . 2012-04-27 02:275120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8249819A-9010-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 04:00 . 2012-04-27 04:014608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8058D755-901D-11E1-8C39-206A8A1429CE}.dat
    + 2012-04-27 01:58 . 2012-04-27 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8003F04A-900C-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:58 . 2012-04-27 02:055120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D390DEB-900C-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 04:00 . 2012-04-27 04:005632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D0EA90F-901D-11E1-8C39-206A8A1429CE}.dat
    + 2012-04-27 01:36 . 2012-04-27 01:415120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78B9C20F-9009-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:44 . 2012-04-27 01:515632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78259636-900A-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:08 . 2012-04-27 01:086144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7110D631-9005-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 02:12 . 2012-04-27 02:136656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F978744-900E-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:57 . 2012-04-27 01:573584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5EF7354C-900C-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 04:20 . 2012-04-27 04:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47F614ED-9020-11E1-B0FE-206A8A1429CE}.dat
    + 2012-04-27 04:20 . 2012-04-27 04:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{44F46267-9020-11E1-B0FE-206A8A1429CE}.dat
    + 2012-04-27 00:52 . 2012-04-27 00:595120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40C11066-9003-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:45 . 2012-04-27 00:505120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3FEED312-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:44 . 2012-04-27 00:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{28052B62-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:41 . 2012-04-27 01:414096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2159534F-900A-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:44 . 2012-04-27 00:515120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1FBF9615-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 00:44 . 2012-04-27 00:446144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B2ABA88-9002-11E1-91C6-206A8A1429CE}.dat
    + 2012-04-27 01:12 . 2012-04-27 01:123584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0DF6EE45-9006-11E1-91C6-206A8A1429CE}.dat
    - 2012-04-26 21:50 . 2012-04-26 21:502048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-27 02:54 . 2012-04-27 04:142048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-26 21:50 . 2012-04-26 21:502048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-27 02:54 . 2012-04-27 04:142048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-25 14:52 . 2012-04-27 04:20425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
    - 2012-04-13 20:43 . 2012-04-26 21:47262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-04-13 20:43 . 2012-04-27 04:20262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-04-27 04:20196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-04-26 06:21 . 2012-04-27 02:27229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042620120427\index.dat
    + 2012-04-27 01:07 . 2012-04-27 01:07133632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E3A39CF-9005-11E1-91C6-206A8A1429CE}.dat
    + 2010-12-23 19:35 . 2012-04-27 00:28736358 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2012-04-27 02:52470276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:54 . 2012-04-26 21:471785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-27 04:201785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-26 21:479650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-27 04:209650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:45 . 2012-04-27 02:544967904 c:\windows\system32\FNTCACHE.DAT
    + 2009-07-14 04:45 . 2012-04-27 00:407162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-04-13 23:577162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2010-12-21 10:35 . 2012-04-26 21:492044920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-12-21 10:35 . 2012-04-27 02:532044920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-14 02:34 . 2012-04-27 04:2510797056 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2012-04-26 22:0310797056 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2010-12-21 20:37 . 2012-04-27 02:5253283684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-209557282-4168680159-3086812486-1000-12288.dat
    + 2012-04-13 23:03 . 2012-04-27 02:5210698444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
    -- 快照技术重新设置 --
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白与合法缺省登录将不会被显示
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-04-13 1239312]
    .
    c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    quietHDD - Shortcut.lnk - c:\users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe [2010-12-24 61440]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime FileREG_SZ GOOGLEPINYIN2.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-26 325200]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-03 820768]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
    .
    .
     
  17. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_NotSynced]
    @="{87B33B34-0E92-4821-B787-9DF83BDC3BEA}"
    [HKEY_CLASSES_ROOT\CLSID\{87B33B34-0E92-4821-B787-9DF83BDC3BEA}]
    2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Synced]
    @="{78C3446F-4276-4AC1-B17F-F580836D7AD6}"
    [HKEY_CLASSES_ROOT\CLSID\{78C3446F-4276-4AC1-B17F-F580836D7AD6}]
    2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Syncing]
    @="{E427F712-D68E-4BE6-886F-B088037A87CB}"
    [HKEY_CLASSES_ROOT\CLSID\{E427F712-D68E-4BE6-886F-B088037A87CB}]
    2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-03 496160]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
    .
    ------- 而外的扫描 -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: 使用迅雷下载 - c:\program files (x86)\Thunder\Program\GetUrl.htm
    IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder\Program\GetAllUrl.htm
    LSP: c:\program files (x86)\YouKu\common\ikutm.dll
    TCP: DhcpNameServer = 132.206.85.18 132.206.85.19 132.206.85.36 132.206.44.21 132.206.25.21
    Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
    Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
    .
    .
    ------- 文件类型 -------
    .
    txtfile=c:\windows\notepad.exe %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
    c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
    "{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
    04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
    "{01443AEC-0FD1-40FD-9C87-E93D1494C233}"=hex:51,66,7a,6c,4c,1d,38,12,82,39,57,
    05,e3,41,93,05,e3,91,aa,7d,11,ca,86,27
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
    5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:9b,ad,37,9f,0e,24,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.eml.14"
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf.14"
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "慤慴"=hex:47,b5,77,c6,35,85,e5,ba,81,8b,d8,e4,3c,48,33,d0,d8,1b,06,34,1b,dd,
    63,cc,0e,f7,95,84,82,51,4e,61,17,69,bc,94,67,8d,73,c9,51,0b,b0,5e,19,00,c2,\
    "歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a3,b1,07,fa,28,8f,9a,55,c6,6b,ce,3f,9b,9e,6a,c2,50,38,6c,28,92,
    b0,62,83,d3,9e,9a,8a,85,2d,9d,9e,80,3a,6e,29,15,93,3f,ed,ff,55,59,cb,fe,7d,\
    "rkeysecu"=hex:eb,3f,2e,50,0b,a5,eb,8b,44,7b,20,03,d6,14,a8,b6
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
    "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
    12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
    "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
    12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
    "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
    12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    完成时间: 2012-04-27 00:34:25
    ComboFix-quarantined-files.txt 2012-04-27 04:34
    ComboFix2.txt 2012-04-26 22:12
    ComboFix3.txt 2012-04-16 06:27
    .
    Pre-Run: 57,848,197,120 bytes free
    Post-Run: 57,910,321,152 bytes free
    .
    - - End Of File - - FA33153C5B01097426B255CAF486ED22
     
  18. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    hi, i just tried to use internet this morning and the redirect is happenning to both IE and chrome still, also, chrome seems to use a lot of cpu (up to 50%) even when only 1 tab is open :(
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Combofix log looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    user32.dll
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    otl.txt

    OTL logfile created on: 27/04/2012 12:02:27 PM - Run 1
    OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Random McGill Guy\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.68 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 41.14% Memory free
    7.35 Gb Paging File | 4.60 Gb Available in Paging File | 62.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 233.09 Gb Total Space | 55.69 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
    Drive G: | 122.21 Gb Total Space | 54.64 Gb Free Space | 44.71% Space Free | Partition Type: NTFS
    Drive S: | 97.66 Gb Total Space | 29.12 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

    Computer Name: RANDOMMCGILLGUY | User Name: Random McGill Guy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/27 12:01:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe
    PRC - [2012/04/12 20:12:00 | 001,239,312 | ---- | M] (Simply Super Software) -- C:\Program Files (x86)\Trojan Remover\Trjscan.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/02/21 14:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
    PRC - [2012/02/14 22:49:08 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2010/05/25 22:31:20 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/05/25 22:31:20 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2010/05/25 22:31:18 | 000,960,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2010/03/08 19:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    PRC - [2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2009/07/13 21:14:35 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sdiagnhost.exe
    PRC - [2009/07/13 21:14:25 | 000,983,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdt.exe
    PRC - [2009/01/12 21:01:44 | 000,061,440 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/15 15:16:32 | 000,516,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster 3\sqlite3.dll
    MOD - [2010/03/08 20:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
    MOD - [2009/01/12 21:01:44 | 000,061,440 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/02/15 04:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/02/02 20:19:32 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/04/15 08:24:43 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/12/22 15:27:04 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/05/25 22:31:20 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/27 10:06:59 | 000,027,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/21 18:07:02 | 012,311,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2012/03/21 18:07:02 | 012,311,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/03/08 15:07:16 | 000,328,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/08 15:07:10 | 010,858,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/26 21:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2011/10/26 21:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV:64bit: - [2011/10/26 21:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2011/10/26 21:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/10/26 21:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/10/26 21:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011/10/26 21:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2011/08/02 21:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/08/02 21:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
    DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2010/12/24 12:45:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/12/21 06:08:45 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32)
    DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/04/07 14:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/27 01:21:26 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/12/22 13:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/12/01 22:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/04/28 13:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
    DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
    DRV - [2010/12/21 06:08:45 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.105\npxbdyy.dll ()
    FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Random McGill Guy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Random McGill Guy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Random McGill Guy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Random McGill Guy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/03 18:59:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/03 18:59:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/04 23:20:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/04 23:20:43 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Random McGill Guy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = C:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.105\npxbdyy.dll
    CHR - plugin: Bio3D (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
    CHR - plugin: ChemDraw (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Facebook Video Calling Plugin (Disabled) = C:\Users\Random McGill Guy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - Extension: YouTube = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Random McGill Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/04/27 00:32:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
    O4 - Startup: C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD - Shortcut.lnk = C:\Users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8:64bit: - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder\Program\geturl.htm ()
    O8:64bit: - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder\Program\getAllurl.htm ()
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder\Program\geturl.htm ()
    O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder\Program\getAllurl.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\YouKu\common\ikutm.dll (youku.com)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
    O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.pplive.com/config/pplite/pluginsetup.cab (PPLive Lite Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDD8299D-C2D4-49DC-BB4A-C8A71DE1820E}: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
    O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
    O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/02/08 00:56:05 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  21. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/27 12:01:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe
    [2012/04/27 10:06:58 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2012/04/27 00:48:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/27 00:00:31 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Random McGill Guy\Desktop\boot_cleaner.exe
    [2012/04/26 23:43:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Random McGill Guy\Desktop\aswMBR.exe
    [2012/04/26 23:03:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Random McGill Guy\Desktop\dds.scr
    [2012/04/26 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/04/26 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Documents\Simply Super Software
    [2012/04/26 20:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
    [2012/04/26 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
    [2012/04/26 20:32:34 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Simply Super Software
    [2012/04/26 20:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
    [2012/04/26 20:30:53 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
    [2012/04/26 20:02:38 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/04/26 17:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/26 17:43:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/04/26 17:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/26 17:04:06 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Desktop\AntiSpyware
    [2012/04/26 16:49:26 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
    [2012/04/26 16:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/04/26 16:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/04/26 16:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/04/26 16:38:27 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\Random McGill Guy\Desktop\ComboFix.exe
    [2012/04/26 02:20:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/26 02:05:38 | 000,000,000 | ---D | C] -- C:\MGtools
    [2012/04/26 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/04/26 00:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/04/26 00:26:19 | 008,252,840 | ---- | C] (SurfRight B.V.) -- C:\Users\Random McGill Guy\Desktop\HitmanPro36_x64.exe
    [2012/04/25 14:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/04/25 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/04/25 11:05:48 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\vlc
    [2012/04/24 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\WindowsApplication1
    [2012/04/21 21:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012/04/20 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Desktop\MLG Music
    [2012/04/20 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
    [2012/04/20 11:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/04/16 02:33:43 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Malwarebytes
    [2012/04/16 02:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/16 02:02:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/16 02:02:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/16 02:02:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/16 02:02:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/16 02:02:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/16 01:44:35 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\IObit
    [2012/04/16 01:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2012/04/16 01:35:44 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
    [2012/04/16 01:35:41 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
    [2012/04/16 01:35:20 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
    [2012/04/16 01:35:20 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
    [2012/04/13 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\鲁大师
    [2012/04/13 20:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ludashi
    [2012/04/13 18:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\360safe
    [2012/04/13 18:40:42 | 000,019,800 | ---- | C] (360安全中心) -- C:\Windows\SysNative\drivers\efimon.sys
    [2012/04/13 18:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\360
    [2012/04/13 13:45:23 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Caiyun
    [2012/04/13 13:44:52 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\彩云游戏浏览器
    [2012/04/13 13:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\彩云游戏浏览器
    [2012/04/13 13:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\彩云游戏浏览器
    [2012/04/12 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\酷狗音乐2012
    [2012/04/12 16:13:21 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\KuGou7
    [2012/04/12 16:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KuGou2012
    [2012/04/12 02:46:02 | 000,000,000 | ---D | C] -- C:\TGGAME
    [2012/04/12 00:18:02 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\Mozilla
    [2012/04/12 00:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/04/08 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
    [2012/04/08 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Software
    [2012/04/08 21:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
    [2012/04/08 21:06:14 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Documents\Tencent Files
    [2012/04/08 21:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
    [2012/04/08 21:06:05 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Tencent
    [2012/04/07 22:15:20 | 001,456,920 | ---- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Random McGill Guy\Desktop\free.exe
    [2012/04/07 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\GRETECH
    [2012/04/07 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Documents\GomPlayer
    [2012/04/07 20:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
    [2012/04/07 16:41:01 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\Desktop\2012SVP Handbook
    [2012/04/07 09:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\duowan
    [2012/04/07 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\多玩
    [2012/04/07 09:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\duowan
    [2012/04/07 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\duowan
    [2012/04/03 16:26:23 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\Mozilla
    [2012/03/31 12:54:30 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\Unity
    [2012/03/29 01:04:05 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Roaming\ATI
    [2012/03/29 01:04:05 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\ATI
    [2012/03/29 01:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/03/29 00:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2012/03/29 00:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/03/29 00:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2012/03/29 00:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2012/03/29 00:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012/03/29 00:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2012/03/29 00:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2012/03/29 00:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012/03/29 00:52:39 | 000,496,128 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2012/03/29 00:52:39 | 000,235,520 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2012/03/29 00:52:36 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2012/03/29 00:52:33 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2012/03/28 23:06:01 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
    [2012/03/28 23:01:35 | 000,000,000 | ---D | C] -- C:\Users\Random McGill Guy\AppData\Local\Leshcat & Co
    [2012/03/28 21:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ
    [2012/03/28 21:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageJ
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/27 12:01:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe
    [2012/04/27 10:15:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/27 10:15:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/27 10:08:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/27 10:08:15 | 2960,461,824 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/27 10:06:59 | 000,027,936 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/04/27 10:06:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2012/04/27 09:21:43 | 000,001,105 | ---- | M] () -- C:\Users\Random McGill Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2012/04/27 00:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/27 00:19:47 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Random McGill Guy\Desktop\ComboFix.exe
    [2012/04/26 23:58:38 | 000,000,512 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\MBR.dat
    [2012/04/26 23:02:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Random McGill Guy\Desktop\dds.scr
    [2012/04/26 22:57:02 | 000,302,592 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\i8oi3ijv.exe
    [2012/04/26 22:54:25 | 004,967,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/04/26 22:22:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Random McGill Guy\Desktop\aswMBR.exe
    [2012/04/26 20:01:13 | 000,001,258 | ---- | M] () -- C:\Users\Random McGill Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/04/26 18:10:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.trb
    [2012/04/26 16:45:01 | 000,000,020 | ---- | M] () -- C:\Users\Random McGill Guy\defogger_reenable
    [2012/04/26 02:05:40 | 000,033,660 | ---- | M] () -- C:\MGlogs.zip
    [2012/04/26 00:26:53 | 008,252,840 | ---- | M] (SurfRight B.V.) -- C:\Users\Random McGill Guy\Desktop\HitmanPro36_x64.exe
    [2012/04/21 22:04:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/04/21 22:03:49 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/21 22:03:49 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/17 11:35:05 | 000,734,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/16 01:32:40 | 000,739,794 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/04/15 08:24:39 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [2012/04/12 16:09:22 | 000,000,168 | ---- | M] () -- C:\ProgramData\GeorgeYohngVST.ini
    [2012/04/10 01:56:21 | 000,000,120 | ---- | M] () -- C:\Users\Random McGill Guy\webct_upload_applet.properties
    [2012/04/08 21:06:05 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll
    [2012/04/07 22:15:50 | 001,456,920 | ---- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Random McGill Guy\Desktop\free.exe
    [2012/04/07 09:32:43 | 000,000,256 | ---- | M] () -- C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048
    [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/03/29 01:00:35 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/27 09:50:02 | 000,027,936 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
    [2012/04/26 23:58:38 | 000,000,512 | ---- | C] () -- C:\Users\Random McGill Guy\Desktop\MBR.dat
    [2012/04/26 23:00:10 | 000,302,592 | ---- | C] () -- C:\Users\Random McGill Guy\Desktop\i8oi3ijv.exe
    [2012/04/26 20:32:35 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
    [2012/04/26 20:32:35 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
    [2012/04/26 20:31:12 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/04/26 16:45:01 | 000,000,020 | ---- | C] () -- C:\Users\Random McGill Guy\defogger_reenable
    [2012/04/26 02:05:40 | 000,033,660 | ---- | C] () -- C:\MGlogs.zip
    [2012/04/16 02:02:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/16 02:02:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/16 02:02:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/16 02:02:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/16 02:02:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/16 01:33:32 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/04/13 16:17:46 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [2012/04/08 21:06:05 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
    [2012/04/07 09:32:43 | 000,000,256 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048
    [2012/03/29 01:00:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/03/29 00:53:35 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
    [2012/03/29 00:53:35 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012/03/29 00:53:35 | 000,867,020 | ---- | C] () -- C:\Windows\SysNative\igkrng575.bin
    [2012/03/29 00:53:35 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
    [2012/03/29 00:53:35 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
    [2012/03/29 00:53:35 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
    [2012/03/29 00:53:35 | 000,017,496 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
    [2012/03/29 00:53:35 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
    [2012/03/29 00:53:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
    [2012/03/29 00:53:32 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012/03/29 00:53:32 | 000,105,608 | ---- | C] () -- C:\Windows\SysNative\igfcg575m.bin
    [2012/03/29 00:53:28 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012/03/29 00:53:28 | 000,128,204 | ---- | C] () -- C:\Windows\SysNative\igcompkrng575.bin
    [2012/03/29 00:53:25 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/03/29 00:53:25 | 000,211,303 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
    [2012/03/29 00:53:25 | 000,182,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
    [2012/03/29 00:53:25 | 000,153,167 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
    [2012/03/29 00:53:25 | 000,138,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
    [2012/03/29 00:53:25 | 000,136,603 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
    [2012/03/29 00:53:25 | 000,135,370 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
    [2012/03/29 00:53:25 | 000,134,836 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
    [2012/03/29 00:53:25 | 000,134,412 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
    [2012/03/29 00:53:25 | 000,133,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
    [2012/03/29 00:53:25 | 000,133,709 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
    [2012/03/29 00:53:25 | 000,133,178 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
    [2012/03/29 00:53:25 | 000,132,788 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
    [2012/03/29 00:53:25 | 000,128,996 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
    [2012/03/29 00:53:25 | 000,128,831 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
    [2012/03/29 00:53:25 | 000,117,636 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
    [2012/03/29 00:53:25 | 000,116,348 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
    [2012/03/29 00:53:25 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
    [2012/03/29 00:53:25 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
    [2012/03/29 00:53:24 | 000,198,139 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
    [2012/03/29 00:53:24 | 000,156,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
    [2012/03/29 00:53:24 | 000,149,009 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
    [2012/03/29 00:53:24 | 000,140,216 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
    [2012/03/29 00:53:24 | 000,137,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
    [2012/03/29 00:53:24 | 000,137,668 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
    [2012/03/29 00:53:24 | 000,135,628 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
    [2012/03/29 00:53:24 | 000,134,384 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
    [2012/03/29 00:53:24 | 000,133,404 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
    [2012/03/29 00:53:24 | 000,132,889 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
    [2012/03/29 00:53:24 | 000,131,839 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
    [2012/03/29 00:53:24 | 000,128,535 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
    [2012/03/29 00:53:24 | 000,124,056 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
    [2012/03/29 00:53:19 | 000,037,305 | ---- | C] () -- C:\Windows\atiogl.xml
    [2012/03/29 00:52:29 | 002,427,392 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
    [2012/03/29 00:52:29 | 000,601,728 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
    [2012/03/29 00:52:29 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/03/29 00:52:29 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
    [2012/03/29 00:52:29 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/03/29 00:52:29 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
    [2012/03/29 00:52:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/03/29 00:52:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
    [2012/03/29 00:52:28 | 002,425,664 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
    [2012/03/29 00:52:28 | 000,235,072 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
    [2012/03/29 00:52:28 | 000,235,072 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
    [2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/01/26 18:04:43 | 000,000,064 | ---- | C] () -- C:\Windows\minitab.ini
    [2011/11/23 00:22:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\np_plugin.dll
    [2011/11/13 01:56:21 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\bdsecushr.dat
    [2011/11/13 01:54:59 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI
    [2011/11/05 05:14:00 | 000,000,911 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Roaming\coreavc.ini
    [2011/10/26 16:06:29 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
    [2011/10/23 13:00:22 | 000,188,764 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/10/04 23:16:22 | 000,174,869 | ---- | C] () -- C:\Windows\hpoins29.dat
    [2011/10/04 23:16:22 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
    [2011/09/17 21:48:00 | 000,000,168 | ---- | C] () -- C:\ProgramData\GeorgeYohngVST.ini
    [2011/08/22 23:01:21 | 000,003,584 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/15 16:21:46 | 000,000,600 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Roaming\winscp.rnd
    [2011/02/15 16:18:30 | 000,000,600 | ---- | C] () -- C:\Users\Random McGill Guy\AppData\Local\PUTTY.RND
    [2011/02/08 15:35:22 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2011/02/08 15:35:22 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
    [2011/01/04 12:03:40 | 000,739,794 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/09/17 03:32:42 | 000,001,275 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2010/05/14 00:28:17 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2010/05/14 00:28:17 | 000,000,169 | ---- | C] () -- C:\Windows\WisLangCode.ini
    [2010/05/14 00:28:17 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini

    ========== LOP Check ==========

    [2011/11/16 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Audacity
    [2011/09/05 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Auslogics
    [2011/11/02 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\avidemux
    [2010/12/24 05:31:54 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Bioshock
    [2012/04/13 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Caiyun
    [2011/06/22 02:25:08 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\calibre
    [2011/05/18 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Canon
    [2010/12/24 12:48:23 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\DAEMON Tools Lite
    [2012/04/27 12:00:03 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Dropbox
    [2012/04/07 09:32:12 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\duowan
    [2011/10/27 23:32:09 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\e-academy Inc
    [2011/10/27 23:41:15 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\EndNote
    [2012/04/12 16:09:22 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\foobar2000
    [2011/12/25 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Foxit Software
    [2011/10/24 20:55:01 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\GrabPro
    [2011/05/10 20:58:50 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Hi-Rez Studios
    [2012/04/16 01:44:35 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\IObit
    [2011/06/13 23:21:25 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\KuGou
    [2012/04/22 02:28:40 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\KuGou7
    [2010/12/21 07:28:45 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\LolClient
    [2012/04/25 10:22:47 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Orbit
    [2012/02/06 11:03:51 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\PPlive
    [2012/04/14 23:24:38 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\PPStream
    [2011/10/24 20:55:03 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\ProgSense
    [2011/12/28 06:27:25 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\redsn0w
    [2011/09/15 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\SharePod
    [2012/04/26 20:32:34 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Simply Super Software
    [2011/01/04 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\SoftGrid Client
    [2011/02/11 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\StatSoft
    [2011/12/24 01:53:22 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\SystemRequirementsLab
    [2012/04/08 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Tencent
    [2011/05/07 16:07:31 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\The Creative Assembly
    [2011/12/07 14:11:05 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Thinstall
    [2011/01/04 12:04:13 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\TP
    [2011/01/30 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Ubisoft
    [2012/04/26 17:28:08 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\uTorrent
    [2011/02/27 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\Windows Live Writer
    [2010/12/24 15:46:47 | 000,000,000 | ---D | M] -- C:\Users\Random McGill Guy\AppData\Roaming\XRay Engine
    [2012/03/05 10:02:42 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/02/08 00:56:05 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/07/27 16:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/04/27 00:34:26 | 000,057,142 | ---- | M] () -- C:\ComboFix.txt
    [2012/04/27 10:08:15 | 2960,461,824 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/26 02:05:40 | 000,033,660 | ---- | M] () -- C:\MGlogs.zip
    [2012/04/27 10:08:15 | 3947,286,528 | -HS- | M] () -- C:\pagefile.sys
    [2010/06/23 02:38:44 | 000,000,920 | RHS- | M] () -- C:\Patch.rev
    [2010/12/21 04:44:01 | 000,000,210 | RHS- | M] () -- C:\Preload.rev
    [2010/09/17 02:55:26 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
    [2012/04/26 22:26:47 | 000,000,522 | ---- | M] () -- C:\rkill.log
    [2012/01/25 14:20:16 | 001,291,311 | ---- | M] () -- C:\s23g.3
    [2012/01/25 14:20:16 | 000,698,147 | ---- | M] () -- C:\s23g.4
    [2012/01/25 14:43:33 | 001,290,676 | ---- | M] () -- C:\s23g.a
    [2012/01/25 14:43:33 | 000,697,899 | ---- | M] () -- C:\s23g.b
    [2012/01/25 14:51:13 | 001,290,054 | ---- | M] () -- C:\s23g.g
    [2012/01/25 14:51:13 | 000,697,839 | ---- | M] () -- C:\s23g.h
    [2012/01/25 15:03:46 | 001,289,707 | ---- | M] () -- C:\s2b8.4
    [2012/01/25 15:03:46 | 000,697,813 | ---- | M] () -- C:\s2b8.5
    [2011/05/01 19:43:00 | 000,213,158 | ---- | M] () -- C:\shared.log
    [2012/04/16 01:58:25 | 000,136,646 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_16.04.2012_01.56.46_log.txt
    [2012/04/26 02:11:23 | 000,004,432 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_02.11.18_log.txt
    [2012/04/26 02:20:24 | 000,137,524 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_02.17.18_log.txt
    [2012/04/26 18:36:11 | 000,137,602 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_26.04.2012_18.35.15_log.txt
    [2012/03/29 00:48:09 | 000,613,113 | ---- | M] () -- C:\YUC_uninstall_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/04/26 20:01:13 | 000,000,221 | -HS- | M] () -- C:\Users\Random McGill Guy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2002/06/30 12:30:36 | 000,024,576 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\AlwaysOnTopMaker.exe
    [2012/04/26 22:22:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Random McGill Guy\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Random McGill Guy\Desktop\boot_cleaner.exe
    [2012/04/27 00:19:47 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Random McGill Guy\Desktop\ComboFix.exe
    [2012/04/07 22:15:50 | 001,456,920 | ---- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Random McGill Guy\Desktop\free.exe
    [2012/04/26 00:26:53 | 008,252,840 | ---- | M] (SurfRight B.V.) -- C:\Users\Random McGill Guy\Desktop\HitmanPro36_x64.exe
    [2012/04/26 22:57:02 | 000,302,592 | ---- | M] () -- C:\Users\Random McGill Guy\Desktop\i8oi3ijv.exe
    [2012/04/27 12:01:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Random McGill Guy\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/27 10:08:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/05 10:02:42 | 000,032,618 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/03/28 22:00:46 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/03/28 22:00:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/03/24 21:47:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2012/03/24 21:47:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/03/28 22:00:46 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/03/24 21:48:41 | 000,000,402 | -HS- | M] () -- C:\Users\Random McGill Guy\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/17 03:02:05 | 000,015,973 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe4.log
    [2012/04/12 16:09:22 | 000,000,168 | ---- | M] () -- C:\ProgramData\GeorgeYohngVST.ini
    [2011/11/19 04:02:31 | 000,001,866 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/12/21 04:59:58 | 000,000,090 | ---- | M] () -- C:\ProgramData\PS.log
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2010/12/21 04:47:18 | 000,000,020 | ---- | M] ()(C:\Windows\e?Q) -- C:\Windows\ðõQ
    [2010/12/21 04:47:17 | 000,000,020 | ---- | C] ()(C:\Windows\e?Q) -- C:\Windows\ðõQ

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
    < End of report >
     
  22. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    Extras.txt

    OTL Extras logfile created on: 27/04/2012 12:02:27 PM - Run 1
    OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Random McGill Guy\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.68 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 41.14% Memory free
    7.35 Gb Paging File | 4.60 Gb Available in Paging File | 62.53% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 233.09 Gb Total Space | 55.69 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
    Drive G: | 122.21 Gb Total Space | 54.64 Gb Free Space | 44.71% Space Free | Partition Type: NTFS
    Drive S: | 97.66 Gb Total Space | 29.12 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

    Computer Name: RANDOMMCGILLGUY | User Name: Random McGill Guy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .txt [@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器
    "C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe" = C:\Users\Random McGill Guy\Desktop\SugarIE\tango3.exe:*:Enabled:糖果浏览器


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0EA3DD80-3BDB-43AA-9C57-C3CF6B51BC22}" = rport=138 | protocol=17 | dir=out | app=system |
    "{13738869-083A-4478-A27A-60B59FD35FA8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1DE2FD3E-1D4D-4961-90CE-D7B1D8FB2958}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher |
    "{241337A3-956E-4201-82F0-E3D5D2B07009}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{24CAF544-291D-41B5-A8F9-02C70633023C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2F99B49B-1FA2-4F61-8F8F-A0850A515D28}" = lport=137 | protocol=17 | dir=in | app=system |
    "{3009F9B7-2479-49E8-AC69-271367E58EB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{30239504-109D-4E58-9C5F-E4302F824223}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3571E915-23C2-4E45-B3F8-26F53BF3D935}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
    "{3F54A764-FC6B-4506-B209-C0E8EA9701E7}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{3F54AC19-E326-4927-B327-132FED9336D7}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{46D00F47-1571-4FFA-9C51-A9C00DDAAD6B}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
    "{4965201A-6068-4A7B-83F6-79A0853B3AE3}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
    "{4EA5BD93-67AF-4781-8669-76F2117DCD04}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5F82C3C7-B89D-43E2-9D9E-C7946F8B9348}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7D05369F-A0A4-40D5-89FF-1DEC2AD9B66D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7EDA869A-8880-44F7-9BE4-4ECCAFCD3ADD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7F0A6D28-0E04-460A-A3F2-05A0C6C0CE37}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
    "{8DCC2045-1550-4ED9-99CE-5C069486F075}" = rport=137 | protocol=17 | dir=out | app=system |
    "{8E3A29D7-9BBE-41F5-BD16-EEE78B1286E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{940AF888-7A62-4319-A339-6CB8CAD990DF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
    "{9E0512B7-C79F-4349-B688-D01DA86C5B03}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A7550BE3-146F-4EE5-991B-BDD324C90D85}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A839EE2C-89EB-48C6-8107-CF086D1CE171}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B531BE2B-0194-4315-AAD4-3DC4E41C287A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B6C53DE1-1176-4E9A-BD70-440FE7EF55C2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{BED1BA78-9FED-40E9-8563-E5E712030C85}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher |
    "{CC6FD594-6E18-4038-AD24-621BCD291D00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CD6AF9A8-1ABC-4FA5-80BA-775A8DFE684A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D4E04F78-CE78-4897-8855-448B77CF6739}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{DE54605C-14D0-4CED-8B41-E624B4957C68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DEDA3BE3-7BA0-4C83-908E-C433A6461352}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
    "{DF4BBF27-8F88-450F-8899-E9F69B760512}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{E1BA124D-F5C8-4488-9D8D-C0EDFE585014}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F2C37334-1488-4874-8851-669A72BCF7AB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F322990B-BC39-49BB-B25E-94664D51014B}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
    "{F33161F9-24B8-40A1-A994-40B39651BB4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F6F0625F-E8BD-40BF-97DB-5DCA1F73FC24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FA84EDBA-704A-4F2D-A280-06E0938B3FC2}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01864F61-C581-4A01-AA19-2B37EC276957}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{027DE11E-0CA5-4DCA-8E8A-FF700B6019E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{02E2A98F-2B0A-489D-B66A-5434626C8846}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{03C2CA78-50E0-4761-BA08-679507CB0728}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{040437A4-6517-4090-BAC6-0F922E23AA74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{04FDAC49-6103-4A2F-B838-FFC8B2272915}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{05AA64A3-DE23-4074-AD10-7C3DB90D739F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{05C20073-7716-4D5E-A71C-F0F88853C7B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{072A7522-8BD3-4C90-8E67-3435BD2803EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{07979DC6-E5F5-49FC-88A3-8DC441EB5CB3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{09EBCC3A-2C72-4D30-826C-3702B051E2C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0A89F0BA-BDD4-4257-9CEB-E310A9E24492}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0BEE485B-EFA7-471C-95B3-FF732AD622C9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{1068D988-FAE6-495C-A2D5-07DBA406E33B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{113A0D20-7A13-4DD8-809C-EA0E4765DE52}" = protocol=17 | dir=in | app=g:\league of legends\game\league of legends.exe |
    "{125034F7-8742-45FE-A653-231B0056B6D5}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{12539122-FB34-4779-8507-A7207836B0F5}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\game\league of legends.exe |
    "{125D85CF-ED6E-4EE4-8D33-6412B04E4AF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{12B87448-E866-48BF-9CB6-607F046910DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{133FC93A-1D57-4593-BEAA-FED1191179ED}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{135B0434-D13E-48D0-B4B1-52026E3DD0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{14AF5EA8-043C-4BE1-AE35-E31B273EA324}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
    "{1505DAF7-205F-4512-9223-6111285DF320}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{15D3202C-6A27-4523-88A2-45B15E86CA88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{16C8C296-FA9A-4DAF-A3D7-E0A661F550AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{16D6F0F9-B438-4DA6-A845-F0E86075EB87}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{170A1976-8368-47AA-A957-E85DBC41DE9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{17795B4E-04DC-4C51-81E1-B343C80C7289}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{194D7EA5-A1D0-42CD-8BDD-0CE6A220B01D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{1AD6F315-9B20-491E-A922-A7A618993380}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1BA41296-3B1E-40E5-9618-C44C02D77907}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1C4703ED-9466-4276-B6B0-B57817F701C3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{1D53C7D7-F1DE-465C-A2E5-AEAC282DF026}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
    "{1D615B4F-7D17-4F3E-A5A8-8C627E751546}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1E41EBA3-A05C-4D19-B110-A12F58E1ED46}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{1E952E1E-7A3B-4A9A-8697-D1C4470BC5B9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{1EB71BA1-18A3-4909-A5DA-710918A36B6B}" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
    "{20F4C0E5-0D9C-457A-B50F-B16D7F660EC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{21C6302A-AEF9-43D6-989B-DD4BBECA0B17}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{235B99DF-E833-4389-82C6-F275F1492B6D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "{23CABCF7-19DC-49CA-91A7-E6C2DC1CD79C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{25EAD7E0-D448-4DE5-92E6-33BF439BDB6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{27006A3E-F16F-46BB-B1E8-22201CCBC975}" = protocol=6 | dir=in | app=g:\league of legends\air\lolclient.exe |
    "{27368E72-0083-4F64-BC01-5C42F2987FF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2930196D-4380-48E4-8222-06366136693D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{2AAE3D88-4A1F-40F3-8355-D970D3248288}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2B240F8E-19EB-4E25-9E32-1821ED338256}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\xlbugreport.exe |
    "{2BC5D1A6-F35C-40AA-AACF-E3080CFA32EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{2BDC4839-8BDC-4C77-86BB-FDEF1E9F9166}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2CE6E34E-C45C-409B-ABB5-EF71C1D1B63D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2D9916F0-BDC0-4A1D-A532-FAF6628522A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2E0777DF-B195-4577-A037-286BD4E54A8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.exe |
    "{2E279C32-97D7-4643-86FE-1953F9E565E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2E4F2826-FD8B-4223-BF7A-999DBE180FD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2F54B356-C3BC-4B2D-A5F9-CD25CA89AD6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{309A10C5-97ED-496D-8973-2A3B5357695D}" = protocol=17 | dir=in | app=g:\edeneternal\edeneternal\_launcher.exe |
    "{30B13C61-CAEA-4690-ABE0-974733C5DC10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3203B14A-9B0C-4E4C-8BAE-B96C9F406A63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{327F2461-EB41-40E9-BEDB-089813B62EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{35B7097A-37F2-480B-A48C-1AD19D985691}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\xlbugreport.exe |
    "{35C49ECC-9F1A-4E90-B46B-C4BFEAF0FBC6}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe |
    "{37208E0A-7D5F-422B-A284-407282692D0E}" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
    "{38EB5D2F-A0A3-48C2-9867-035BF03103F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3A0F398E-E0E0-462C-90DD-132A1413D816}" = protocol=17 | dir=in | app=g:\league of legends\air\lolclient.exe |
    "{3B77F55F-6D72-4013-886F-DCCF98C9E0D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3D088476-8F18-4DB2-B891-9E47602A1F8F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3E868AD5-EFB0-4470-9C4F-0B4221628873}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3EDA9731-66E3-4B9B-92AC-82DB55046F33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{442C089F-392E-4A84-9A1E-73FAD277F636}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{44EF07E4-76DB-4F45-A77C-A193C4995F1B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "{45E25F2E-10A3-4E26-9DDB-433A22E71D10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{46A96694-7882-4CAE-9997-2AB613F73269}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{479BF5A1-3684-42FC-A615-D7F785A658CE}" = protocol=17 | dir=in | app=g:\dragon age\bin_ship\daorigins.exe |
    "{47CFDFB0-9723-4AD0-B207-3D7AAA8770C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{48264513-7295-4A65-9A04-7A2D02BF17D8}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.105\statreport.exe |
    "{4A3B08D5-5EEF-48A6-B372-7B3E4C80C7A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{4BBE4DD9-B172-4049-B80D-BCA02DE13ABC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4DC59591-43F7-42F0-8242-1FB51ABAF905}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4DF0D7EC-F27A-49FD-9820-3C8512E3E1FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4E5BF389-D6E5-4C28-AC97-AAFF299ED063}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "{4F4BFB82-2464-4343-954C-B9AB2320A711}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{4F809696-FF09-486A-BD9A-EFCEE51E8318}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{51111681-2C40-4D86-AF3F-AA3F096470E1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{52DD5A53-5E3F-40DD-AC55-34F61A4AAAF8}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe |
    "{53F3ABB5-AEF6-4F6E-BCF8-4C1269C72AA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5435ED0C-5BD7-4E0B-8E9A-D1A4BFC80C62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{551A0B40-B829-4458-96BF-02671B195861}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{555A46BB-E3CF-4A2A-9F00-29E0D8A11CF8}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{5595CD0A-2E2D-467F-980F-395988FC6D49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{56FEE372-7AC8-4958-8816-98E73FB718DB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{58C54DEF-61B4-4DE2-B9D1-5F70EC610F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5AE43AB1-46A3-47D4-A037-C9C7A50E0FB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5B9F4D77-E2B0-4BB9-A4ED-11EBAF4A55AE}" = protocol=6 | dir=in | app=g:\league of legends\lol.launcher.exe |
    "{5BDB0D3E-AC53-442E-9560-2E0A842C508F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{5D69D67F-5002-47BA-A945-EA1C1E9367BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5E1761C5-9644-4373-B948-51AE3FC9C385}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{5E3E9D31-997C-4647-A20A-D61C900EE4A6}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
    "{5ED90563-529F-4399-9D73-735FFDD63FFC}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunderservice.exe |
    "{5F123404-7E63-4212-BD56-9FA3CAA7783A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5F3AB1AA-7125-4300-82DE-E44B5047865C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{5FAA65A3-373B-4674-A0D5-63B866DCB27C}" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
    "{6130BB5A-0A9E-4C82-943C-273080990A48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{622E9F3F-89E4-4536-B923-ED56D7F82A0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{647251C1-1A5C-42E7-94D9-85681F7ADEB1}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.105\baiduplayer.exe |
    "{655C958D-A37A-415D-A241-87689623B116}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{661D22DC-4FF2-4C99-ABB6-489EB867B7EC}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.0.23.105\baidup2pservice.exe |
    "{66ABE1AB-2441-4718-AB4A-6B8499AB350A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{66F87820-98A7-4E2C-9EB9-F8295F11CE28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{684084A4-A8D7-482D-B817-7FC55DBA4545}" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base21029\sc2.exe |
    "{698C4B5F-C0DB-426C-8534-47DDD484B634}" = protocol=17 | dir=in | app=g:\prototype\prototypef.exe |
    "{6A941D85-CDAD-4092-B88B-1A366F22D35F}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "{6C42D92E-F444-4707-B89F-31B2C070199F}" = protocol=6 | dir=in | app=g:\prototype\prototypef.exe |
    "{6DF403AD-FEFE-4E16-8A27-AEFA63EE3597}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
    "{6DFA4B3C-C8DF-4795-B4E4-0FF83834F470}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{6E2BA77F-2ABB-4CDC-8439-8273FB683675}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6E82A1E9-40E7-427F-A89F-2EF4B807346D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6FAA6776-9396-452B-96DA-75AF92EFF6ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{707BCF10-3F31-4C4D-B18E-7B78A5360F40}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{70843D01-EA97-4887-84A6-0FBB6091C62C}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
    "{73A0B0CF-B613-4AFF-AEAE-FDA1C41E15AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{76487F37-C5EA-4D37-9C5A-1A82C321026F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{768EA78A-31A6-43C9-B21A-EDA7BF56D969}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{77ED8166-1C43-4A3E-87AF-DB74299D601D}" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
    "{783A0CEF-0EFC-47E3-8470-277FB939F95D}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
    "{79AAFD20-005D-41D4-8B62-61149257539B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7A126844-1E73-47CD-9553-93B3247ECB1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7A47807F-5EDB-4E42-A58A-0D689BB052FE}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\air\lolclient.exe |
    "{7D4BFCD1-C169-4F62-87C8-0F553ED7C069}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{7D7B1B8A-16A5-474D-A0DF-432BB6CCA962}" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
    "{800D3C05-0076-42FC-BA1F-0A17930F12EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{80DE9B57-2829-4FD6-9A08-AF22934AC540}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{815D4E70-F5A8-43E9-9833-0F275BB88B66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{831F126E-2F7D-4185-A907-48EEA04F8EC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{83520AF9-4600-4F39-A0FD-19351632E9C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{874BB165-1D2F-4406-9C10-1EA2FE2AF95A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{87E15F7A-635B-4182-8FB5-004237363148}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{891500FC-B6B8-4BFF-A85F-03C6AFD70C97}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "{8A721119-DB2E-4733-A17D-AA6F8FB89E72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8C7DA87C-B304-4F1D-ACD1-57AA24D29363}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{8C9BC86B-BF77-40F5-8983-49CAA97AF2D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8CAD0061-857C-4D9F-8A95-BCDC3FCCAF62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{903F639D-54C1-4197-ABA9-E3C34F108D49}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\game\league of legends.exe |
    "{90E11320-F005-4A9B-8D89-785EF67FB2A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{91A6B6E2-7E7F-4047-8E99-4F7332D13F97}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderservice.exe |
    "{939D5230-B95D-4D39-937E-E3A145DD867B}" = protocol=6 | dir=in | app=g:\dragon age\bin_ship\daupdatersvc.service.exe |
    "{9475EB59-39E0-48B4-92BF-5C8A43563DB8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{95CF32D1-4EC0-4C34-B130-49DCFD19E201}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\air\lolclient.exe |
    "{96061DAC-5E65-445F-AF5A-3710DCAFCDCD}" = protocol=6 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
    "{970EF5BD-664E-4ABF-B0F3-A56A0950274B}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
    "{97136127-41A5-4A09-A7BE-43A3DE9B8F37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9730C763-DEC5-44EC-9DC9-27DB6CFB54F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{97B76278-FE71-4BCF-8BC9-89D09C0194C6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{99239D54-B108-4C8C-B6A0-8FF8EC2E8407}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{9924CFF9-665A-4965-B71D-2C3B7087C01E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{99620F3C-E44B-4D28-A237-3FA32895B937}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{997E6A16-B104-478E-A8D4-AFFADA03C0BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9ADBB576-23BE-4835-BF81-CE490067E218}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9FB81340-8B96-470E-A2D5-3E37066CBFE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A0B940AE-4764-451C-9173-C499CA1C6D83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A0CC0EB9-5E22-40B6-A1DF-1BC7D2C79CF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A2A4AD9B-B349-4A66-BB4A-D4E976D5F0CD}" = protocol=17 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
    "{A644A0B0-908B-48EF-994E-C31DCAEB1661}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A749FB88-8FE0-487C-A070-E78381F4B9A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{A8B2AF3B-A327-42F9-91E7-24F299DA7E56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{A96D99E3-ECE9-40C6-B62C-87CA9D6C7212}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AB40C43A-EF21-4B2B-971E-A3AC43D27A6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{ACE91938-2698-487C-A85C-4730B98F43D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AE1AFF66-5CE0-4221-9371-34927FF3F22E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AF1BA912-E61D-44DC-BEAA-94330FCC6379}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
    "{AF663784-C3B2-4FEC-A79D-F4FD5DCA5E31}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.exe |
    "{AFFE639B-BC1F-4DA7-8B3A-1CA9E30E30AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B12C038C-BEF2-404E-883A-D56CC45E571D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B1A23E95-8794-4C38-99A5-FC64CB4743B8}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunderliveud.exe |
    "{B24D0870-A929-459B-9363-34A1A751A068}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B28654A5-B0C5-4F84-BB8F-DD25451171DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B33806CA-8093-4432-95DF-72FECB20722C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B47BD741-CF03-45E2-969A-F2489D9E2DE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B503524A-E4E8-4C10-9B50-DDDAA34DBAA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B53D9F51-C942-41C7-A8A7-F245B62542F6}" = protocol=17 | dir=in | app=g:\league of legends\lol.launcher.exe |
    "{B60B471D-5125-42B6-989E-4B459FE73648}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{B648DF27-A6AC-4D4F-9BD9-EEE78AC86A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
    "{B72C20D7-D847-4BC8-B2A1-311F326D7D0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B745EE01-FE16-45CD-9BFF-105F94694C18}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{B751041A-E4D5-481D-A326-E129E27065D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B78EBFAB-A86A-4292-B377-DC753F617524}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B7C31374-E3C7-4989-98E3-1AAB3A84309B}" = protocol=17 | dir=in | app=g:\dragon age\bin_ship\daupdatersvc.service.exe |
    "{B81BC4C7-3242-4C89-8C0C-0A0E44B2BB51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B8F1C8DC-F293-46BF-8C83-39E26ECD5DF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B9E35F32-1CA8-48A3-89D1-6215420D3652}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{BABDE41F-B08B-4579-9521-3654963AB9E8}" = protocol=6 | dir=in | app=g:\edeneternal\edeneternal\_launcher.exe |
    "{BD1C9B45-3815-4AC5-AA5F-A9D48BF1EDD6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{BD53E203-A66B-4AA2-A4D3-5D2C0BB5DBD1}" = protocol=6 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
    "{BE4FF886-9A91-42C9-9BBF-3DB8D55D5A7E}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
    "{BFD3FDB1-BF64-47B8-AA03-869CBBDCCEE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{C0505F09-922C-4B16-B7AE-A7BABE39034A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderliveud.exe |
    "{C09CE9E5-2387-4F3E-918C-8A96489AC28D}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
    "{C1C8DF05-7FF9-45DD-81B4-154B4E754CAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C2C45B4A-F7BA-4374-A609-54644946BFFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C397F8F6-9B15-49B8-AF2B-4ECEF05CDF8F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{C55AC7F7-46F6-4426-8622-7E53DEF8ADDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C6263AF7-923E-4CAB-A627-276EBF7AFE8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C6E03618-3F8C-488F-A2B9-4AAC69B49612}" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
    "{C836D8F2-83BD-44F7-8DFE-399C78230420}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C84636FC-92FD-4075-89DB-4BF5CE6C0378}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplite\pplite.exe |
    "{C865D47B-225C-4BED-8E74-68A1503E2841}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{C907C829-9CF8-49AF-83FB-8E1D6EA0CFDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{CC0ECB96-9695-4CA5-AFF4-437C69F9520F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{CC224A7E-C086-4A1A-8C10-B75A3AA82FEC}" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
    "{CC2D1826-6673-4241-BA6A-D49D4126D1B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CCCD9838-F15B-4E35-8599-6EED1043DC0A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CD8A429F-BD29-4E78-A2F5-E2A453467543}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CD8CCA31-F6C7-4D89-BB5A-9A1E6F7FA554}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{CEAF641E-DB52-43EA-B0A2-63538CAA3585}" = protocol=6 | dir=in | app=g:\league of legends\game\league of legends.exe |
    "{CF2894A4-CCB8-4A06-8A93-2790E921B3F2}" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\local\akamai\netsession_win.exe |
    "{CF546F82-45EB-4669-A1DF-BC2F00537BEA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{D5AA8CD0-0207-4C0B-8D4E-065A6C50D237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D67A9A5E-9C28-4EF7-B7B9-147B3E3A99AB}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{D6A6C5FB-9A81-4E27-87A9-F1EDA30683E6}" = protocol=6 | dir=in | app=g:\dragon age\bin_ship\daorigins.exe |
    "{D7F01D08-2D31-45BC-A8B6-75FFDBE4EFD0}" = protocol=17 | dir=in | app=g:\dragon age\daoriginslauncher.exe |
    "{D99331BC-A393-4F1D-A7E4-95CE21ACB288}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderliveud.exe |
    "{DA3CCD40-5CEF-491A-A867-7690A2565B76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DB10E114-2F21-4122-A825-FBCA08C42448}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DF420268-81CD-4313-AE26-332CE4799CBB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{DFF26402-74C7-40FC-BA92-2685C90B1F6B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{E01A98F8-557A-4087-9807-4D6FF27A0AB8}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "{E1DBEDC4-C0B0-460E-B228-A70F0051EB32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E4173D05-BF90-457B-8F6D-4414EEB55A19}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
    "{E4DB3B15-52D7-4613-88BB-C84FC0EA1C61}" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{E4DCFDD6-61CE-464B-B87A-5609838D0BAE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{E578B2B4-7201-4BC0-B1F5-2753108C8B51}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{E59C72DA-ABD9-4456-B20B-22ECD3557730}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{E68B0E35-24BB-4EB7-BFDA-3064D2A1E174}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{E7C7B0C2-926D-435C-9B9D-106C7C995449}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E7E49B7C-F4C4-46D7-A0D2-D4EE6D065C12}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{E89D638F-087E-4866-89FA-8EE2AA3805BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
     
  23. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    "{EBB2130D-BD00-453E-9460-39F2E75A63C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{ECD7306B-382F-4F58-8DF0-8ECF6AADB4CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{ECE97503-5A09-4A0F-94C9-909AE654518C}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplite\pplite.exe |
    "{EDF52A1A-DA9A-418B-8288-E28788AFCC48}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunderservice.exe |
    "{EE34061F-F6C5-4AD3-8FBF-4408C9678EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
    "{F08DE488-4BA5-4C77-B69C-F5E81DF01CAE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F0941D05-5315-4DE2-AB6C-4CD23A6E46F3}" = protocol=6 | dir=in | app=g:\dragon age\daoriginslauncher.exe |
    "{F29CBD8D-683D-4750-8BFB-E4273BCF8931}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F2E126FC-5D82-4677-88F3-EEEED3A2A619}" = protocol=6 | dir=out | app=system |
    "{F3CF8EAA-AA35-4E40-B012-372941FD2109}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F689466B-5DA7-4E1D-960C-1508508165B1}" = dir=in | app=c:\users\random mcgill guy\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{F81F6738-B17C-4A22-9C1D-A72D8F281A9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F848C4DF-C151-451B-BE58-27B9EFC8B092}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunderliveud.exe |
    "{F9EE4931-F289-4B34-83C7-D06A94B67748}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FAB4E6E8-21FA-4D4B-AA19-DE7797F81DD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{FB0924DE-1DA8-4C7F-A434-3211B47E8830}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{FBBB9F8A-A2E6-488F-B180-4F1D1D2020CB}" = protocol=17 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
    "{FC026FBE-AB2D-41C0-9C34-A2C49E1FA9DA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\ds\ver1\1.0.2.83\thunderservice.exe |
    "{FC49C173-97AB-4A13-9296-5D307FFFFB11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FCC188A2-91C9-4E3E-9D69-0DD0C47633D9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{FCFC1F1E-F167-4798-B903-29D0C5D8D4EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FF590D76-E9EE-462A-B4C8-ADED8A867039}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{FFD5366E-B817-4826-8845-85EF2C8F8BF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{0137D7AB-A36B-4FAC-8B4A-FA54F00A9A7D}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
    "TCP Query User{048497E7-3FDD-49C6-8F6F-659FECB75365}C:\users\random mcgill guy\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\warcraft iii\war3.exe |
    "TCP Query User{063ACE0F-D279-4A0B-9E92-162A1000C3B0}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe |
    "TCP Query User{13AAE7E9-E864-4388-9179-8F74596A7D64}G:\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=g:\heroes of newerth\hon.exe |
    "TCP Query User{15BDA631-028B-488B-B08B-F1B3E3ADCDF8}E:\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=e:\dragon age\bin_ship\daorigins.exe |
    "TCP Query User{17FF642C-E17F-4FF6-BD86-29F218E6BE14}C:\program files (x86)\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imagej\jre\bin\javaw.exe |
    "TCP Query User{1E8D100D-E428-4D02-A9FD-DCC27835C1C9}G:\pps.tv\ppstream\ppsap.exe" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
    "TCP Query User{20ACBAB0-6728-4732-8DC2-8E9C5356E2D6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
    "TCP Query User{20BFECD0-5CCA-4B74-9305-83E1B29AFD19}G:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=g:\mass effect 3\binaries\win32\masseffect3.exe |
    "TCP Query User{285FBF07-4C31-405B-8552-46F4CB6FCFD6}C:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe |
    "TCP Query User{2AB6F0FA-86AD-40FD-B948-F3F0746E90A1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "TCP Query User{3FDBBD6E-A446-4BCD-BB66-9CCDC5FCE1CF}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
    "TCP Query User{41D0C914-0782-4103-8046-A9938B9CADC2}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat |
    "TCP Query User{444DA8E3-48CC-48B2-8946-ACE802475426}G:\dcoo cs1.6\cstrike.exe" = protocol=6 | dir=in | app=g:\dcoo cs1.6\cstrike.exe |
    "TCP Query User{4BA4D6EC-8355-4F03-8B7A-9C49D0C8C407}C:\program files (x86)\funshion online\funshion\funshionservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "TCP Query User{4BC035DE-72F4-47A3-BBDF-AE33BA9F7207}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
    "TCP Query User{4CF80D15-A4D9-4C1E-A616-EF933CCDC2DB}G:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=g:\call of duty- modern warfare 3\iw5mp_server.exe |
    "TCP Query User{519196CF-A40C-44DA-94C8-F5E81312BF01}C:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe |
    "TCP Query User{56C551C9-2A0F-4F78-963E-32FA36436C76}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
    "TCP Query User{6965A731-D634-456E-9C5A-F5587061DA73}C:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe |
    "TCP Query User{72107354-C2A4-465E-9A7A-9167FE1002A0}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe |
    "TCP Query User{7CAAD3B4-CBE9-4213-9E91-2540814881FA}G:\valve\hl.exe" = protocol=6 | dir=in | app=g:\valve\hl.exe |
    "TCP Query User{92410066-60AB-4255-9AAA-F964CD532D6D}C:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe |
    "TCP Query User{93DEF92D-BFBF-4C41-8D6A-A40965F33C98}C:\program files (x86)\tudou\itudou\itudou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tudou\itudou\itudou.exe |
    "TCP Query User{9B3A619D-4B9B-4F58-8552-206C0D4B7D9B}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "TCP Query User{9F30F4B2-A2CD-4330-93F3-F7EF629568BB}G:\pps.tv\ppstream\ppstream.exe" = protocol=6 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
    "TCP Query User{A1B67CA8-A24E-4B4F-80EF-6917FE902481}G:\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=g:\heroes of newerth\hon.exe |
    "TCP Query User{A4048B87-0A8A-4A87-9655-786689C5CD1E}C:\program files (x86)\kugou\kugou2011\kugoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kugou2011\kugoo.exe |
    "TCP Query User{A4C5897D-8943-4251-8100-6196B28B2B49}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
    "TCP Query User{AADF4770-984F-4B8E-A679-2D2408A0B42A}C:\users\random mcgill guy\downloads\mw2mp\iw4m.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4m.exe |
    "TCP Query User{AB606670-207F-4A58-91E6-23B01996BD9B}G:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=g:\global agenda\games\global agenda live\binaries\globalagenda.exe |
    "TCP Query User{B194F867-9EB4-4A02-8439-41AC6F8EC2F3}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
    "TCP Query User{B1B1DE33-006D-4160-A01D-A423167D0E92}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
    "TCP Query User{BEB4F448-01C8-48FA-AA73-50493E026F3A}C:\program files (x86)\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
    "TCP Query User{C4DE71BD-D866-4471-AAD4-61049457B387}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe |
    "TCP Query User{C60D7D12-B4E1-46D5-A135-4375502C54AC}C:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe |
    "TCP Query User{CC1A89B9-E7E3-4289-8A04-E275ECACBF1C}C:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe |
    "TCP Query User{CC1AF9C2-A05D-45A0-92C3-B321ADA4A97E}C:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe |
    "TCP Query User{CE6D128D-7E86-4BFC-9CE0-7EB28B3DC23E}C:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe |
    "TCP Query User{DC13A1CA-A566-458B-905A-7E067D79F32B}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
    "TCP Query User{DC50FCB5-DCC6-4680-9E4E-21232A2CC0C9}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe |
    "TCP Query User{DCBAE43F-BCB0-4BE2-B5A9-D6BBE24B5F7E}C:\program files (x86)\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
    "TCP Query User{E0F86E5B-B609-4C4B-9573-BE9A73887A63}C:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe |
    "TCP Query User{E3C8C304-8ACC-4EED-A4E6-08DA75BD8D0C}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "TCP Query User{E545EF41-2466-4FD6-BBA0-A66E043F3D35}G:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe" = protocol=6 | dir=in | app=g:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe |
    "TCP Query User{EF1F2774-C6CC-455C-9BE1-E0F84FAF021C}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "TCP Query User{F3DCDDE3-CF7D-4D76-889D-57DF7E47D57B}C:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{F42AC6B0-349F-4BC7-A517-77E29E897F3B}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
    "TCP Query User{FCB183A6-88BA-48DD-AABC-148B03B0C14D}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "UDP Query User{04FC0F9E-9D05-4938-B44F-F295FDEB9072}G:\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=g:\heroes of newerth\hon.exe |
    "UDP Query User{0B5331A5-B596-4ECD-83E0-EDD48F70B4DD}C:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\dead.space.2.multi6\deadspace2.exe |
    "UDP Query User{0D73471D-AFEE-4B57-B750-6EE9C2A537A3}G:\pps.tv\ppstream\ppsap.exe" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppsap.exe |
    "UDP Query User{17A1A362-2A46-47EB-816F-FA5624C290D4}G:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe" = protocol=17 | dir=in | app=g:\borderlands(direct play with all 4 dlc's)\binaries\borderlands.exe |
    "UDP Query User{28CE71EB-592F-4BF1-BEFD-B1ED6C768977}C:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe |
    "UDP Query User{2C9C5F54-A6FA-4B44-A725-D8A63977AC2A}G:\pps.tv\ppstream\ppstream.exe" = protocol=17 | dir=in | app=g:\pps.tv\ppstream\ppstream.exe |
    "UDP Query User{348F67AF-EFE0-4D92-8E34-B55F5048B2A7}G:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=g:\mass effect 3\binaries\win32\masseffect3.exe |
    "UDP Query User{3A7CF989-B816-47A1-8693-CFAA4652B9C0}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "UDP Query User{40D08830-F17D-4919-9233-5D8CF1706177}G:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=g:\call of duty- modern warfare 3\iw5mp_server.exe |
    "UDP Query User{52D15960-9A17-405B-B17C-E256402E85C9}C:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\league of legends\lol.launcher.exe |
    "UDP Query User{5907614D-1902-4FF6-BAA8-C2A21A5D024A}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
    "UDP Query User{5972B453-14E3-4E91-BF34-D4CADD2C5B01}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
    "UDP Query User{5BAB316B-DADE-46F1-B7D2-B07026898959}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
    "UDP Query User{5CD06A35-DA37-4808-94C1-E34A98EF55D2}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
    "UDP Query User{5F88D8F1-D5FE-4561-8E2A-DFDD3C2EA271}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{63445FAD-5B36-4157-9F1C-7627BCCDF884}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "UDP Query User{65B01A3B-93A7-4763-AD11-B789E97A7F3F}G:\dcoo cs1.6\cstrike.exe" = protocol=17 | dir=in | app=g:\dcoo cs1.6\cstrike.exe |
    "UDP Query User{65E31884-59C0-4E7A-9C1A-3DEFE6A34C6F}C:\program files (x86)\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imagej\jre\bin\javaw.exe |
    "UDP Query User{666E8D0F-1D47-42D8-89FF-2B5586B0FA7B}C:\program files (x86)\kugou\kugou2011\kugoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kugou2011\kugoo.exe |
    "UDP Query User{66971F03-EF8D-4D87-A1C5-94C3334A714E}C:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\redsn0w_win_0.9.10b1\redsn0w.exe |
    "UDP Query User{6DB1E10C-28EC-4B5A-9FAB-DD3D87ECB6C4}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.dat |
    "UDP Query User{7995ED1F-C0B6-4712-A894-1CE37C21BA8F}G:\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=g:\heroes of newerth\hon.exe |
    "UDP Query User{7B4817A3-7F62-45BE-96CB-BA36EE860217}C:\users\random mcgill guy\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\desktop\warcraft iii\war3.exe |
    "UDP Query User{7E9BDB45-B685-4BF9-9C83-97BC17475E0B}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
    "UDP Query User{81215801-905F-42ED-A919-A0CD56F49525}C:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tojasonhong\team fortress 2\hl2.exe |
    "UDP Query User{8E9563EB-19C0-4709-AF1C-E8320E6950A3}C:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{97C8A210-7A79-4E37-B348-4D509F6F6E8E}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mp.exe |
    "UDP Query User{9D70F229-641A-4BEB-AAB1-D04C910D2EB8}C:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\彩云游戏浏览器\bin\squid\sbin\caiyun_cache.exe |
    "UDP Query User{A163BE19-AE71-481A-85F4-4A8DCBE2A827}C:\users\random mcgill guy\downloads\mw2mp\iw4m.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4m.exe |
    "UDP Query User{A636B141-AC08-49E1-B7C2-DD718A34D7B8}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
    "UDP Query User{B094AD32-B3C4-4017-8155-E4B25C4D4DCB}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4sp.exe |
    "UDP Query User{B571EFDA-B85C-41F2-8861-6543409116EE}C:\program files (x86)\funshion online\funshion\funshionservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "UDP Query User{B9F576B8-7F8F-4608-968D-4CAB0077DB83}C:\program files (x86)\youku\common\ikuacc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\common\ikuacc.exe |
    "UDP Query User{BE2FC89A-26E2-4206-920B-2F1AE037BE39}E:\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=e:\dragon age\bin_ship\daorigins.exe |
    "UDP Query User{BEFEC920-BE15-4C28-A334-77C1312C744E}C:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.00.09.exe |
    "UDP Query User{C1CF1C8D-F414-4B9E-9266-12E0BF889668}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "UDP Query User{CE2B7FD3-6E24-4F10-A303-CE4382633EE6}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
    "UDP Query User{D171F238-5B0B-459C-9155-928A7E07C864}C:\program files (x86)\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
    "UDP Query User{D7A73698-BCDB-46B6-AF27-52CC789F0E8C}G:\valve\hl.exe" = protocol=17 | dir=in | app=g:\valve\hl.exe |
    "UDP Query User{DB21782A-A798-4580-BD9C-2DB485B173AB}C:\program files (x86)\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder\program\thunder.exe |
    "UDP Query User{E067ED7A-501E-427F-AA0C-3709310A43A6}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
    "UDP Query User{E10522C1-5413-48BB-9347-6650AD04B834}C:\program files (x86)\tudou\itudou\itudou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tudou\itudou\itudou.exe |
    "UDP Query User{E50B8D76-3B3F-4078-A914-7D42BB37A3BC}C:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4mp.exe |
    "UDP Query User{E6839D4C-163C-4C0E-9CC6-8BCEDB25F342}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "UDP Query User{ED90C2F8-E6DC-4622-8B91-CB35116EA582}G:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=g:\global agenda\games\global agenda live\binaries\globalagenda.exe |
    "UDP Query User{F3D6A7B5-D869-4CDC-BCF9-47C07045BF54}C:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\tinyumbrella-5.10.03.exe |
    "UDP Query User{F58BB703-3E0E-4231-9CE2-32D84542293A}C:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\mw2mp\iw4sp.exe |
    "UDP Query User{F7EC97F6-F358-4A8D-AA3F-231D9A87E3A3}C:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe" = protocol=17 | dir=in | app=c:\users\random mcgill guy\downloads\codmw2\call of duty modern warfare 2\iw4mpcrk.exe |
    "UDP Query User{F91FF43A-68A6-4076-B88F-57E2BC14B72A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{57019733-78E6-43DE-8E6D-55349F0FDE6F}" = inSSIDer 2.0
    "{5F352F3C-160B-713A-A031-18293EC4CA5A}" = AMD Media Foundation Decoders
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{78E9970B-4395-61A6-B912-1CC406174773}" = AMD Catalyst Install Manager
    "{7A80B61A-72A1-7800-C4B0-855F056243DA}" = ccc-utility64
    "{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96F12D74-C53F-6276-73CB-851E73482270}" = AMD Drag and Drop Transcoding
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{C4171DD9-EED6-2613-312A-FC8E168E7C3B}" = AMD Accelerated Video Transcoding
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
    "CCleaner" = CCleaner
    "GooglePinyin2" = 谷歌拼音输入法 2.3
    "HitmanPro36" = HitmanPro 3.6
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer)
    "WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03C8F224-5374-423D-BA14-270610258E83}_is1" = 搜狐影音2.5.0.3
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard
    "{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish
    "{0DF82C0A-38A7-4213-B3D7-9E7179F80065}" = calibre
    "{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0FBCF6E4-1F1A-4729-940F-A354CC84A770}" = Mobile Mouse Server
    "{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{13AD1AFE-F06F-1C29-2D32-B4F60EBFC000}" = HydraVision
    "{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2221720D-8004-CAEE-2520-D880E7601366}" = Catalyst Control Center Profiles Mobile
    "{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish
    "{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
    "{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean
    "{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
    "{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
    "{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai
    "{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French
    "{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian
    "{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
    "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
    "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
    "{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
    "{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5402C39-C1C1-48F6-99C2-36C7937EE7EB}" = CambridgeSoft ChemOffice Ultra 2010
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0
    "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Adobe AIR" = Adobe AIR
    "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
    "AMD GPU Clock Tool" = AMD GPU Clock Tool
    "ASIO4ALL" = ASIO4ALL
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Avidemux 2.5 (64-bit)" = Avidemux 2.5
    "BaiduPlayer" = 百度影音1.0.23.105
    "DcOo CS1.6_is1" = DcOo CS1.6
    "DivX Setup.divx.com" = DivX Setup
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "ESET Online Scanner" = ESET Online Scanner v3
    "foobar2000" = foobar2000 v1.1.7
    "Foxit Reader_is1" = Foxit Reader 5.0
    "Game Booster_is1" = Game Booster 3
    "GOM Player" = GOM Player
    "GomTVStreamer" = GOMTV Streamer
    "Guild Wars" = Guild Wars
    "hon" = Heroes of Newerth
    "Identity Card" = Identity Card
    "iku2.1" = iKu 2
    "ImageJ_is1" = ImageJ 1.45s
    "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "LManager" = Launch Manager
    "Mafia II_is1" = Mafia II
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MestReNova LITE" = MestReNova LITE 5.2.5-5780
    "Monkey's Audio_is1" = Monkey's Audio
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "OpenAL" = OpenAL
    "Orbit_is1" = Orbit Downloader
    "Picasa 3" = Picasa 3
    "PPLite" = PPLite 1.0.0.0090
    "PPStream" = PPS影音 V2.7.0.1345 正式版
    "pywin32-py2.5" = Python 2.5 pywin32-210
    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
    "StarCraft II" = StarCraft II
    "Steam App 24980" = Mass Effect 2
    "TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
    "Trojan Remover_is1" = Trojan Remover 6.8.3
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "WinLiveSuite" = Windows Live Essentials
    "YTdetect" = Yahoo! Detect
    "彩云游戏浏览器" = 彩云游戏浏览器 3.80
    "数据银行Beta" = 数据银行
    "迅雷" = 迅雷
    "酷狗音乐2012_is1" = 酷狗音乐2012 版本 7.1.60.15288

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "YY4" = YY4

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Uninstall Trojan Remover, rather shady application.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O18 - Protocol\Handler\ms-help - No CLSID value found
      [2012/04/15 08:24:39 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
      [2012/04/07 09:32:43 | 000,000,256 | ---- | M] () -- C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:CB0AACC9
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    =======================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Rudy1

    Rudy1 TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    C:\Windows\SysNative\dds_trash_log.cmd moved successfully.
    C:\Users\Random McGill Guy\AppData\Roaming\04207C8F12E048 moved successfully.
    ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Random McGill Guy
    ->Temp folder emptied: 22350448 bytes
    ->Temporary Internet Files folder emptied: 145270508 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 20911568 bytes
    ->Flash cache emptied: 59824 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 42097815 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 7144398835 bytes

    Total Files Cleaned = 7,034.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Random McGill Guy
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Random McGill Guy
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.42.1 log created on 04272012_124729
    Files\Folders moved on Reboot...
    C:\Users\Random McGill Guy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\msdtadmin\_FE07642D-8F2A-42E3-83BD-A0852339D162_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_F85BAC97-EB3D-4FA5-BA7D-77DEB4702621_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_F7B3F1EE-A189-4BC7-8339-3B65A1E07E11_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_F09569E4-A36F-41F2-9306-74C98A250602_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_E6DFF15A-6BCC-4BFC-873E-D2F15BFF58B0_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_E64D89A2-8BAF-456E-82BA-DB97482BD8B2_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_DE5E003A-875C-485F-B954-A51644772645_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_DD9765F0-CA36-41B9-A341-E56FC6B6B7A7_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_D1FEDE29-6ED0-4FFF-94DF-D37A31F64088_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_CE7A95A9-45EE-4CE1-AB6E-D49B6255334C_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_C42686F8-649C-4BCC-978F-6BA8EBA54384_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_BB55C4E2-E11C-4141-86AC-0CDEE78B4D22_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_AE8086BE-706C-4864-8638-7876E1EDAEB2_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_A9995D07-3E14-4D1C-BF00-8BC9DE535C7E_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_A334FD8B-DFF9-4E0A-B522-2352FFD418A6_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_9A38DECF-7422-4A8B-B276-BB8F16313AB8_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_99BE5205-07BD-4B34-A248-FEF32D9D84CF_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_9613ECC7-B06F-4056-BC06-814C88E5B50F_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_94A31B26-62EA-4CAB-A71B-80EEA24882C2_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_93211D64-AB0C-4534-85C5-F9912E7E372E_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_8F39508B-7C2B-4DC6-8FF8-22B4D0950DA2_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_8BD32CD8-4163-41B7-ACFD-47E3D5AC1EE6_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_895C600E-9782-4F64-B955-7FA9DE915F2F_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_89160E6A-1D29-4E35-BA02-44E9321C0941_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_7F70A2C2-86E0-4DAC-A0E8-1A633D612819_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_7AF7340D-311C-41DE-AD9A-232CFC3A8BA1_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_7951D23F-76C0-4531-8AE3-3C06EF8DE9B6_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_78F45E47-344A-4000-ACD6-2A5490DAA920_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_76F030ED-2ACD-4D9C-97F0-127E5DDE057E_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_76925993-09F4-48AE-A1C3-14ED9F024129_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_72662A5F-6E55-4749-8EB9-3AE9AA00D64D_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_6919B919-91E5-43B3-8D69-299F1A879DB6_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_682F3754-F8A4-4108-A474-717335958ABB_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_5C94BC19-F85D-4782-97B9-530B0950B07E_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_5A79A674-45B2-45DB-A7AF-DF02483431F6_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_595476D9-84D2-48CB-B823-4F42E62B5B66_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_48C15A06-FAFE-4D28-83FB-D583BCD21DCE_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_461BF0AE-9220-4A86-A44D-9E7E8ABF9EF9_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_43EF46F8-376F-4C07-800A-F4BE04B8BACA_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_3E1D4EF5-8E82-4D55-ACB4-9831A604CD73_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_3D04FFEA-ADF1-4E02-BF69-5B50F3067FA4_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_376112DB-8A12-46E7-AE6F-786FD53B6891_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_2476C29E-437D-4A7F-A240-A5F537389FBA_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_1CF98980-D914-4523-A026-4E252F63B527_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_1BCCF5C4-BBE0-4D6C-929F-47C623BDA7B4_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_146ECFFB-5406-4C01-97ED-1536E6A94DB5_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_1184B168-C53A-499F-85A7-776D970699A3_\inuse moved successfully.
    C:\Windows\temp\msdtadmin\_10A1DD0C-A024-4951-AA95-BE1031460F45_\inuse moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    Registry entries deleted on Reboot...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...