TechSpot

Scvhost.exe not being removed

By Hanson Duan
Jul 29, 2012
  1. As the title states, a trojan with scvhost.exe is not being removed.
    I'm not really sure what it is doing to my computer but I am still worried as I had some bad experiences with malware before.
    Posting the logs in a second, I'm still running the tools (tried MBAM a couple of times, wasn't removed after restart)
     
  2. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Hanson :: HANSON-PC [administrator]

    7/29/2012 9:53:31 PM
    mbam-log-2012-07-29 (22-04-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226792
    Time elapsed: 10 minute(s), 39 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 412 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

    (end)
     
  3. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-29 22:45:55
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 26547
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 7067
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.1.1
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpDomain home

    ---- EOF - GMER 1.0.15 ----
     
  4. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Hanson at 22:48:35 on 2012-07-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1271 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    C:\Users\Hanson\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Hanson\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Akamai NetSession Interface] "C:\Users\Hanson\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [PlayNC Launcher]
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [<NO NAME>]
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E6790BE9-F4E3-42AF-8B87-3333657C8737} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E6790BE9-F4E3-42AF-8B87-3333657C8737}\1585847563 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E6790BE9-F4E3-42AF-8B87-3333657C8737}\34343434C496E6B6 : DhcpNameServer = 68.87.71.226 68.87.73.242
    TCP: Interfaces\{E6790BE9-F4E3-42AF-8B87-3333657C8737}\452554E444E65647 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E6790BE9-F4E3-42AF-8B87-3333657C8737}\C48435 : DhcpNameServer = 10.80.6.25 10.80.6.3
    TCP: Interfaces\{FF26BD33-FCC4-450A-9A59-BE0D09DD8931} : DhcpNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [(Default)]
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\pin114hd.test\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Hanson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-4-15 89600]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-29 44808]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-24 250056]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408]
    S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-30 01:51:48 20480 ------w- C:\Windows\svchost.exe
    2012-07-29 21:38:30 -------- d-----w- C:\Riot Games
    2012-07-29 21:29:25 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-07-29 21:29:21 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-07-29 21:29:17 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-07-29 21:28:38 41224 ----a-w- C:\Windows\avastSS.scr
    2012-07-29 21:28:24 -------- d-----w- C:\ProgramData\AVAST Software
    2012-07-29 21:28:24 -------- d-----w- C:\Program Files\AVAST Software
    2012-07-29 21:17:17 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5EF8CA33-0EC5-4437-9786-05245F5DED9A}\mpengine.dll
    2012-07-26 03:16:01 -------- d-----w- C:\Users\Hanson\AppData\Local\Aeria Games
    2012-07-26 03:14:26 -------- d-----w- C:\ProgramData\Aeria Games
    2012-07-26 02:55:00 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-07-14 19:22:52 -------- d-----w- C:\Users\Hanson\AppData\Local\LogMeIn Hamachi
    2012-07-14 19:21:54 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-07-11 22:31:09 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-10 22:43:59 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-06 23:18:11 -------- d-----w- C:\Users\Hanson\AppData\Local\Turbine
    2012-07-06 23:17:54 -------- d-----w- C:\Users\Hanson\AppData\Local\ApplicationHistory
    2012-07-06 23:16:36 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    .
    ==================== Find3M ====================
    .
    2012-07-29 22:42:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-29 22:42:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2010-06-15 00:52:09 147235840 ----a-w- C:\Program Files (x86)\Dragonica_Setup1.1.32.exe.part
    .
    ============= FINISH: 22:49:53.92 ===============





    Attach





    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/11/2010 3:29:21 PM
    System Uptime: 7/29/2012 9:50:23 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 363F
    Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 86.246 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.341 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP378: 7/24/2012 11:31:55 AM - Windows Update
    RP379: 7/27/2012 11:34:31 AM - Windows Update
    RP381: 7/29/2012 12:36:40 PM - Windows Defender Checkpoint
    RP382: 7/29/2012 5:03:15 PM - Restore Operation
    RP383: 7/29/2012 5:16:32 PM - Windows Update
    RP384: 7/29/2012 5:16:45 PM - Installed League of Legends
    RP385: 7/29/2012 5:27:53 PM - avast! Free Antivirus Setup
    RP386: 7/29/2012 5:30:27 PM - Removed League of Legends
    RP387: 7/29/2012 5:37:50 PM - Installed League of Legends
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player
    Adobe Shockwave Player 11.6
    Aion
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Ask Toolbar Updater
    Atheros Driver Installation Program
    avast! Free Antivirus
    BIT.TRIP RUNNER (remove only)
    Bloodline Champions
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    D2SE V2.2.0
    Diablo II
    Diablo III
    Dota 2
    DragonNest
    Dungeon Defenders
    EasyBits GO
    erLT
    Google Chrome
    Google Update Helper
    Heroes of Newerth
    Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Smart Web Printing
    HP Support Assistant
    HP Update
    HP User Guides 0148
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    LabelPrint
    League of Legends
    LightScribe System Software
    Logitech Vid HD
    Logitech Webcam Software
    LogMeIn Hamachi
    LOLReplay
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.62.0.1300
    MapleStory
    MapleStoryTespia
    Mesquite
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    muvee Reveal
    NCsoft Launcher
    Nexon Game Manager
    Norton Online Backup
    OpenAL
    Pando Media Booster
    PAUPstar
    Pokemon World Online version 1.83
    PokerStars.net
    Power2Go
    PowerDirector
    Project D
    Project64 1.6
    QLBCASL
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    ShiftWindow 1.02
    Skype Click to Call
    Skype™ 5.8
    Slingbox - Watch Your TV Anywhere
    Spybot - Search & Destroy
    Steam
    swMSM
    System Requirements Lab CYRI
    Terraria
    The Binding of Isaac
    TI Connect 1.6
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    uTorrentBar Toolbar
    Ventrilo Client
    Warcraft III
    Warcraft III: All Products
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinSCP 4.3.6
    XSplit
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/29/2012 9:50:40 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    7/29/2012 2:17:08 AM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    7/29/2012 12:29:10 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    7/28/2012 11:39:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    7/25/2012 8:22:27 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
    7/25/2012 11:01:18 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
    7/25/2012 10:13:07 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
    7/22/2012 10:54:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    23:43:04.0203 5552 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    23:43:04.0981 5552 ============================================================
    23:43:04.0981 5552 Current date / time: 2012/07/29 23:43:04.0981
    23:43:04.0981 5552 SystemInfo:
    23:43:04.0981 5552
    23:43:04.0984 5552 OS Version: 6.1.7601 ServicePack: 1.0
    23:43:04.0984 5552 Product type: Workstation
    23:43:04.0984 5552 ComputerName: HANSON-PC
    23:43:04.0989 5552 UserName: Hanson
    23:43:04.0989 5552 Windows directory: C:\Windows
    23:43:04.0989 5552 System windows directory: C:\Windows
    23:43:04.0990 5552 Running under WOW64
    23:43:04.0990 5552 Processor architecture: Intel x64
    23:43:04.0990 5552 Number of processors: 2
    23:43:04.0990 5552 Page size: 0x1000
    23:43:04.0990 5552 Boot type: Normal boot
    23:43:04.0990 5552 ============================================================
    23:43:05.0737 5552 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:43:05.0825 5552 ============================================================
    23:43:05.0840 5552 \Device\Harddisk0\DR0:
    23:43:05.0871 5552 MBR partitions:
    23:43:05.0871 5552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    23:43:05.0871 5552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B4D8000
    23:43:05.0871 5552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B53C000, BlocksNum 0x1C55800
    23:43:05.0871 5552 ============================================================
    23:43:05.0955 5552 C: <-> \Device\Harddisk0\DR0\Partition1
    23:43:06.0005 5552 D: <-> \Device\Harddisk0\DR0\Partition2
    23:43:06.0005 5552 ============================================================
    23:43:06.0005 5552 Initialize success
    23:43:06.0005 5552 ============================================================
    23:43:07.0081 5572 ============================================================
    23:43:07.0082 5572 Scan started
    23:43:07.0082 5572 Mode: Manual;
    23:43:07.0082 5572 ============================================================
    23:43:08.0208 5572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    23:43:08.0214 5572 1394ohci - ok
    23:43:08.0284 5572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    23:43:08.0287 5572 ACPI - ok
    23:43:08.0337 5572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    23:43:08.0338 5572 AcpiPmi - ok
    23:43:08.0452 5572 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:43:08.0453 5572 AdobeARMservice - ok
    23:43:08.0689 5572 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    23:43:08.0691 5572 AdobeFlashPlayerUpdateSvc - ok
    23:43:08.0817 5572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    23:43:08.0824 5572 adp94xx - ok
    23:43:08.0928 5572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    23:43:08.0932 5572 adpahci - ok
    23:43:09.0173 5572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    23:43:09.0175 5572 adpu320 - ok
    23:43:09.0236 5572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    23:43:09.0238 5572 AeLookupSvc - ok
    23:43:09.0399 5572 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    23:43:09.0400 5572 AESTFilters - ok
    23:43:09.0535 5572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    23:43:09.0543 5572 AFD - ok
    23:43:09.0645 5572 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
    23:43:09.0645 5572 AgereModemAudio - ok
    23:43:09.0800 5572 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
    23:43:09.0824 5572 AgereSoftModem - ok
    23:43:09.0904 5572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    23:43:09.0905 5572 agp440 - ok
    23:43:10.0520 5572 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
    23:43:10.0522 5572 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
    23:43:10.0542 5572 Akamai ( HiddenFile.Multi.Generic ) - warning
    23:43:10.0542 5572 Akamai - detected HiddenFile.Multi.Generic (1)
    23:43:11.0102 5572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    23:43:11.0105 5572 ALG - ok
    23:43:11.0224 5572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    23:43:11.0225 5572 aliide - ok
    23:43:11.0347 5572 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
    23:43:11.0349 5572 AMD External Events Utility - ok
    23:43:11.0388 5572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    23:43:11.0389 5572 amdide - ok
    23:43:11.0490 5572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    23:43:11.0495 5572 AmdK8 - ok
    23:43:11.0585 5572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    23:43:11.0586 5572 AmdPPM - ok
    23:43:11.0742 5572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    23:43:11.0745 5572 amdsata - ok
    23:43:11.0839 5572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    23:43:11.0842 5572 amdsbs - ok
    23:43:11.0897 5572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    23:43:11.0898 5572 amdxata - ok
    23:43:12.0046 5572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    23:43:12.0047 5572 AppID - ok
    23:43:12.0163 5572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    23:43:12.0164 5572 AppIDSvc - ok
    23:43:12.0296 5572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    23:43:12.0298 5572 Appinfo - ok
    23:43:12.0537 5572 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:43:12.0539 5572 Apple Mobile Device - ok
    23:43:12.0703 5572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    23:43:12.0712 5572 arc - ok
    23:43:12.0781 5572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    23:43:12.0782 5572 arcsas - ok
    23:43:12.0918 5572 aspnet_state - ok
    23:43:13.0012 5572 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
    23:43:13.0014 5572 aswFsBlk - ok
    23:43:14.0121 5572 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
    23:43:14.0121 5572 aswMonFlt - ok
    23:43:14.0175 5572 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
    23:43:14.0176 5572 aswRdr - ok
    23:43:14.0317 5572 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
    23:43:14.0341 5572 aswSnx - ok
    23:43:14.0409 5572 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
    23:43:14.0413 5572 aswSP - ok
    23:43:14.0478 5572 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
    23:43:14.0479 5572 aswTdi - ok
    23:43:14.0526 5572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    23:43:14.0528 5572 AsyncMac - ok
    23:43:14.0615 5572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    23:43:14.0616 5572 atapi - ok
    23:43:14.0925 5572 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
    23:43:14.0943 5572 athr - ok
    23:43:18.0782 5572 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
    23:43:18.0961 5572 atikmdag - ok
    23:43:19.0396 5572 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    23:43:19.0397 5572 AtiPcie - ok
    23:43:19.0515 5572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    23:43:19.0524 5572 AudioEndpointBuilder - ok
    23:43:19.0544 5572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    23:43:19.0552 5572 AudioSrv - ok
    23:43:19.0755 5572 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    23:43:19.0756 5572 avast! Antivirus - ok
    23:43:19.0862 5572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    23:43:19.0864 5572 AxInstSV - ok
    23:43:20.0258 5572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    23:43:20.0263 5572 b06bdrv - ok
    23:43:20.0451 5572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    23:43:20.0455 5572 b57nd60a - ok
    23:43:20.0539 5572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    23:43:20.0543 5572 BDESVC - ok
    23:43:20.0559 5572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    23:43:20.0561 5572 Beep - ok
    23:43:20.0703 5572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    23:43:20.0711 5572 BFE - ok
    23:43:20.0797 5572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    23:43:20.0813 5572 BITS - ok
    23:43:20.0932 5572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    23:43:20.0933 5572 blbdrive - ok
    23:43:21.0228 5572 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    23:43:21.0239 5572 Bonjour Service - ok
    23:43:21.0314 5572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    23:43:21.0319 5572 bowser - ok
    23:43:21.0363 5572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    23:43:21.0363 5572 BrFiltLo - ok
    23:43:21.0383 5572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    23:43:21.0384 5572 BrFiltUp - ok
    23:43:21.0437 5572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    23:43:21.0439 5572 Browser - ok
    23:43:21.0477 5572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    23:43:21.0481 5572 Brserid - ok
    23:43:21.0511 5572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    23:43:21.0513 5572 BrSerWdm - ok
    23:43:21.0539 5572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:43:21.0540 5572 BrUsbMdm - ok
    23:43:21.0589 5572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    23:43:21.0590 5572 BrUsbSer - ok
    23:43:21.0651 5572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    23:43:21.0652 5572 BTHMODEM - ok
    23:43:21.0727 5572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    23:43:21.0728 5572 bthserv - ok
    23:43:21.0773 5572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    23:43:21.0776 5572 cdfs - ok
    23:43:21.0860 5572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    23:43:21.0864 5572 cdrom - ok
    23:43:21.0949 5572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    23:43:21.0954 5572 CertPropSvc - ok
    23:43:22.0042 5572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    23:43:22.0045 5572 circlass - ok
    23:43:22.0154 5572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    23:43:22.0159 5572 CLFS - ok
    23:43:22.0244 5572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:43:22.0247 5572 clr_optimization_v2.0.50727_32 - ok
    23:43:22.0314 5572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:43:22.0318 5572 clr_optimization_v2.0.50727_64 - ok
    23:43:22.0471 5572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:43:22.0472 5572 clr_optimization_v4.0.30319_32 - ok
    23:43:22.0553 5572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:43:22.0554 5572 clr_optimization_v4.0.30319_64 - ok
    23:43:22.0623 5572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    23:43:22.0624 5572 CmBatt - ok
    23:43:22.0668 5572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    23:43:22.0671 5572 cmdide - ok
    23:43:22.0762 5572 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    23:43:22.0767 5572 CNG - ok
    23:43:22.0869 5572 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    23:43:22.0872 5572 Com4QLBEx - ok
    23:43:22.0915 5572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    23:43:22.0916 5572 Compbatt - ok
    23:43:22.0984 5572 CompFilter64 (553aa50f4d8f80320b59c6566d385a2f) C:\Windows\system32\DRIVERS\lvbflt64.sys
    23:43:22.0985 5572 CompFilter64 - ok
    23:43:23.0034 5572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    23:43:23.0036 5572 CompositeBus - ok
    23:43:23.0065 5572 COMSysApp - ok
    23:43:23.0103 5572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    23:43:23.0105 5572 crcdisk - ok
    23:43:23.0180 5572 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    23:43:23.0184 5572 CryptSvc - ok
    23:43:23.0267 5572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    23:43:23.0277 5572 DcomLaunch - ok
    23:43:23.0363 5572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    23:43:23.0368 5572 defragsvc - ok
    23:43:23.0471 5572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    23:43:23.0473 5572 DfsC - ok
    23:43:23.0601 5572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    23:43:23.0605 5572 Dhcp - ok
    23:43:23.0650 5572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    23:43:23.0651 5572 discache - ok
    23:43:23.0721 5572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    23:43:23.0723 5572 Disk - ok
    23:43:23.0796 5572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    23:43:23.0803 5572 Dnscache - ok
    23:43:23.0896 5572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    23:43:23.0904 5572 dot3svc - ok
    23:43:23.0944 5572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    23:43:23.0948 5572 DPS - ok
    23:43:23.0995 5572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    23:43:23.0997 5572 drmkaud - ok
    23:43:24.0255 5572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    23:43:24.0271 5572 DXGKrnl - ok
    23:43:24.0359 5572 EagleX64 - ok
    23:43:24.0425 5572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    23:43:24.0429 5572 EapHost - ok
    23:43:25.0464 5572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    23:43:25.0527 5572 ebdrv - ok
    23:43:25.0845 5572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    23:43:25.0850 5572 EFS - ok
    23:43:26.0101 5572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    23:43:26.0116 5572 ehRecvr - ok
    23:43:26.0182 5572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    23:43:26.0189 5572 ehSched - ok
    23:43:26.0441 5572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    23:43:26.0456 5572 elxstor - ok
    23:43:26.0508 5572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    23:43:26.0510 5572 ErrDev - ok
    23:43:26.0654 5572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    23:43:26.0664 5572 EventSystem - ok
    23:43:26.0729 5572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    23:43:26.0734 5572 exfat - ok
    23:43:26.0783 5572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    23:43:26.0788 5572 fastfat - ok
    23:43:26.0933 5572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    23:43:26.0949 5572 Fax - ok
    23:43:26.0999 5572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    23:43:27.0004 5572 fdc - ok
    23:43:27.0054 5572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    23:43:27.0061 5572 fdPHost - ok
    23:43:27.0085 5572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    23:43:27.0092 5572 FDResPub - ok
    23:43:27.0117 5572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    23:43:27.0119 5572 FileInfo - ok
    23:43:27.0139 5572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    23:43:27.0142 5572 Filetrace - ok
    23:43:27.0169 5572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    23:43:27.0171 5572 flpydisk - ok
    23:43:27.0251 5572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    23:43:27.0257 5572 FltMgr - ok
    23:43:27.0489 5572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    23:43:27.0514 5572 FontCache - ok
    23:43:27.0623 5572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:43:27.0634 5572 FontCache3.0.0.0 - ok
    23:43:27.0703 5572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    23:43:27.0706 5572 FsDepends - ok
    23:43:27.0761 5572 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    23:43:27.0763 5572 Fs_Rec - ok
    23:43:27.0851 5572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    23:43:27.0859 5572 fvevol - ok
    23:43:27.0932 5572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    23:43:27.0934 5572 gagp30kx - ok
    23:43:28.0087 5572 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    23:43:28.0093 5572 GameConsoleService - ok
    23:43:28.0151 5572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    23:43:28.0155 5572 GEARAspiWDM - ok
    23:43:28.0250 5572 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
    23:43:28.0253 5572 getPlusHelper - ok
    23:43:28.0386 5572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    23:43:28.0398 5572 gpsvc - ok
    23:43:28.0571 5572 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:43:28.0573 5572 gupdate - ok
    23:43:28.0627 5572 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:43:28.0629 5572 gupdatem - ok
    23:43:28.0696 5572 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    23:43:28.0699 5572 hamachi - ok
    23:43:29.0246 5572 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    23:43:29.0299 5572 Hamachi2Svc - ok
    23:43:29.0687 5572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    23:43:29.0692 5572 hcw85cir - ok
    23:43:29.0855 5572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    23:43:29.0867 5572 HdAudAddService - ok
    23:43:29.0907 5572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    23:43:29.0910 5572 HDAudBus - ok
    23:43:29.0933 5572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    23:43:29.0935 5572 HidBatt - ok
    23:43:29.0978 5572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    23:43:29.0983 5572 HidBth - ok
    23:43:30.0017 5572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    23:43:30.0022 5572 HidIr - ok
    23:43:30.0053 5572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    23:43:30.0055 5572 hidserv - ok
    23:43:30.0111 5572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    23:43:30.0113 5572 HidUsb - ok
    23:43:30.0337 5572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    23:43:30.0356 5572 hkmsvc - ok
    23:43:30.0504 5572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    23:43:30.0512 5572 HomeGroupListener - ok
    23:43:30.0584 5572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    23:43:30.0592 5572 HomeGroupProvider - ok
    23:43:30.0712 5572 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    23:43:30.0715 5572 HP Health Check Service - ok
    23:43:30.0768 5572 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    23:43:30.0769 5572 HpqKbFiltr - ok
    23:43:30.0997 5572 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    23:43:31.0003 5572 hpqwmiex - ok
    23:43:31.0094 5572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    23:43:31.0096 5572 HpSAMD - ok
    23:43:31.0294 5572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    23:43:31.0312 5572 HTTP - ok
    23:43:31.0363 5572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    23:43:31.0368 5572 hwpolicy - ok
    23:43:31.0439 5572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    23:43:31.0445 5572 i8042prt - ok
    23:43:31.0567 5572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    23:43:31.0577 5572 iaStorV - ok
    23:43:31.0725 5572 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    23:43:31.0730 5572 IDriverT - ok
    23:43:31.0917 5572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:43:31.0928 5572 idsvc - ok
    23:43:33.0754 5572 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    23:43:33.0919 5572 igfx - ok
    23:43:34.0271 5572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    23:43:34.0275 5572 iirsp - ok
    23:43:34.0525 5572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    23:43:34.0564 5572 IKEEXT - ok
    23:43:34.0639 5572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    23:43:34.0642 5572 intelide - ok
    23:43:34.0722 5572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    23:43:34.0725 5572 intelppm - ok
    23:43:34.0808 5572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    23:43:34.0818 5572 IPBusEnum - ok
    23:43:34.0876 5572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:43:34.0878 5572 IpFilterDriver - ok
    23:43:35.0014 5572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    23:43:35.0030 5572 iphlpsvc - ok
    23:43:35.0089 5572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    23:43:35.0097 5572 IPMIDRV - ok
    23:43:35.0158 5572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    23:43:35.0161 5572 IPNAT - ok
    23:43:35.0487 5572 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
    23:43:35.0503 5572 iPod Service - ok
    23:43:35.0571 5572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    23:43:35.0576 5572 IRENUM - ok
    23:43:35.0606 5572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    23:43:35.0608 5572 isapnp - ok
    23:43:35.0723 5572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    23:43:35.0734 5572 iScsiPrt - ok
    23:43:35.0798 5572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    23:43:35.0802 5572 kbdclass - ok
    23:43:35.0868 5572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    23:43:35.0875 5572 kbdhid - ok
    23:43:35.0931 5572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    23:43:35.0934 5572 KeyIso - ok
    23:43:35.0992 5572 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    23:43:35.0994 5572 KSecDD - ok
    23:43:36.0041 5572 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    23:43:36.0044 5572 KSecPkg - ok
    23:43:36.0080 5572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    23:43:36.0085 5572 ksthunk - ok
    23:43:36.0178 5572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    23:43:36.0185 5572 KtmRm - ok
    23:43:36.0316 5572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    23:43:36.0343 5572 LanmanServer - ok
    23:43:36.0443 5572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    23:43:36.0456 5572 LanmanWorkstation - ok
    23:43:36.0553 5572 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    23:43:36.0556 5572 LightScribeService - ok
    23:43:36.0610 5572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    23:43:36.0612 5572 lltdio - ok
    23:43:36.0661 5572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    23:43:36.0669 5572 lltdsvc - ok
    23:43:36.0692 5572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    23:43:36.0696 5572 lmhosts - ok
    23:43:36.0805 5572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    23:43:36.0809 5572 LSI_FC - ok
    23:43:36.0869 5572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    23:43:36.0872 5572 LSI_SAS - ok
    23:43:36.0900 5572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    23:43:36.0903 5572 LSI_SAS2 - ok
    23:43:36.0944 5572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    23:43:36.0947 5572 LSI_SCSI - ok
    23:43:36.0997 5572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    23:43:37.0000 5572 luafv - ok
    23:43:37.0069 5572 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    23:43:37.0071 5572 LVPr2M64 - ok
    23:43:37.0106 5572 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    23:43:37.0107 5572 LVPr2Mon - ok
    23:43:37.0291 5572 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    23:43:37.0295 5572 LVPrcS64 - ok
    23:43:37.0391 5572 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
    23:43:37.0396 5572 LVRS64 - ok
    23:43:38.0334 5572 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
    23:43:38.0400 5572 LVUVC64 - ok
    23:43:38.0770 5572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    23:43:38.0776 5572 Mcx2Svc - ok
    23:43:38.0834 5572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    23:43:38.0837 5572 megasas - ok
    23:43:38.0886 5572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    23:43:38.0890 5572 MegaSR - ok
    23:43:38.0958 5572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    23:43:38.0963 5572 MMCSS - ok
    23:43:38.0990 5572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    23:43:38.0993 5572 Modem - ok
     
  7. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    23:43:39.0037 5572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    23:43:39.0038 5572 monitor - ok
    23:43:39.0096 5572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    23:43:39.0100 5572 mouclass - ok
    23:43:39.0179 5572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    23:43:39.0182 5572 mouhid - ok
    23:43:39.0235 5572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    23:43:39.0237 5572 mountmgr - ok
    23:43:39.0425 5572 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    23:43:39.0427 5572 MozillaMaintenance - ok
    23:43:39.0484 5572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    23:43:39.0488 5572 mpio - ok
    23:43:39.0522 5572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    23:43:39.0525 5572 mpsdrv - ok
    23:43:39.0623 5572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    23:43:39.0644 5572 MpsSvc - ok
    23:43:39.0723 5572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    23:43:39.0728 5572 MRxDAV - ok
    23:43:39.0806 5572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:43:39.0810 5572 mrxsmb - ok
    23:43:39.0896 5572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:43:39.0902 5572 mrxsmb10 - ok
    23:43:39.0953 5572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:43:39.0956 5572 mrxsmb20 - ok
    23:43:39.0976 5572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    23:43:39.0978 5572 msahci - ok
    23:43:40.0007 5572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    23:43:40.0011 5572 msdsm - ok
    23:43:40.0053 5572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    23:43:40.0058 5572 MSDTC - ok
    23:43:40.0122 5572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    23:43:40.0124 5572 Msfs - ok
    23:43:40.0192 5572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    23:43:40.0197 5572 mshidkmdf - ok
    23:43:40.0249 5572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    23:43:40.0252 5572 msisadrv - ok
    23:43:40.0525 5572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    23:43:40.0531 5572 MSiSCSI - ok
    23:43:40.0556 5572 msiserver - ok
    23:43:41.0019 5572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    23:43:41.0021 5572 MSKSSRV - ok
    23:43:41.0109 5572 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys
    23:43:41.0111 5572 msloop - ok
    23:43:41.0145 5572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    23:43:41.0153 5572 MSPCLOCK - ok
    23:43:41.0180 5572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    23:43:41.0181 5572 MSPQM - ok
    23:43:41.0283 5572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    23:43:41.0290 5572 MsRPC - ok
    23:43:41.0318 5572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    23:43:41.0324 5572 mssmbios - ok
    23:43:41.0349 5572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    23:43:41.0351 5572 MSTEE - ok
    23:43:41.0383 5572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    23:43:41.0385 5572 MTConfig - ok
    23:43:41.0415 5572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    23:43:41.0418 5572 Mup - ok
    23:43:41.0619 5572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    23:43:41.0633 5572 napagent - ok
    23:43:41.0767 5572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    23:43:41.0776 5572 NativeWifiP - ok
    23:43:42.0010 5572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    23:43:42.0025 5572 NDIS - ok
    23:43:42.0060 5572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    23:43:42.0063 5572 NdisCap - ok
    23:43:42.0114 5572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    23:43:42.0116 5572 NdisTapi - ok
    23:43:42.0191 5572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    23:43:42.0195 5572 Ndisuio - ok
    23:43:42.0298 5572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    23:43:42.0307 5572 NdisWan - ok
    23:43:42.0384 5572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    23:43:42.0390 5572 NDProxy - ok
    23:43:42.0421 5572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    23:43:42.0424 5572 NetBIOS - ok
    23:43:42.0490 5572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    23:43:42.0496 5572 NetBT - ok
    23:43:42.0547 5572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    23:43:42.0551 5572 Netlogon - ok
    23:43:42.0750 5572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    23:43:42.0763 5572 Netman - ok
    23:43:42.0987 5572 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:43:42.0991 5572 NetMsmqActivator - ok
    23:43:43.0026 5572 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:43:43.0029 5572 NetPipeActivator - ok
    23:43:43.0142 5572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    23:43:43.0154 5572 netprofm - ok
    23:43:43.0176 5572 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:43:43.0178 5572 NetTcpActivator - ok
    23:43:43.0198 5572 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:43:43.0202 5572 NetTcpPortSharing - ok
    23:43:45.0015 5572 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    23:43:45.0148 5572 netw5v64 - ok
    23:43:45.0454 5572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    23:43:45.0456 5572 nfrd960 - ok
    23:43:45.0592 5572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    23:43:45.0603 5572 NlaSvc - ok
    23:43:45.0637 5572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    23:43:45.0640 5572 Npfs - ok
    23:43:45.0663 5572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    23:43:45.0669 5572 nsi - ok
    23:43:45.0691 5572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    23:43:45.0693 5572 nsiproxy - ok
    23:43:46.0107 5572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    23:43:46.0133 5572 Ntfs - ok
    23:43:46.0374 5572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    23:43:46.0376 5572 Null - ok
    23:43:46.0463 5572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    23:43:46.0469 5572 nvraid - ok
    23:43:46.0525 5572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    23:43:46.0529 5572 nvstor - ok
    23:43:46.0579 5572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    23:43:46.0583 5572 nv_agp - ok
    23:43:46.0775 5572 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:43:46.0784 5572 odserv - ok
    23:43:46.0824 5572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    23:43:46.0828 5572 ohci1394 - ok
    23:43:46.0872 5572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:43:46.0876 5572 ose - ok
    23:43:46.0935 5572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    23:43:46.0946 5572 p2pimsvc - ok
    23:43:47.0035 5572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    23:43:47.0059 5572 p2psvc - ok
    23:43:47.0108 5572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    23:43:47.0111 5572 Parport - ok
    23:43:47.0175 5572 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    23:43:47.0177 5572 partmgr - ok
    23:43:47.0245 5572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    23:43:47.0252 5572 PcaSvc - ok
    23:43:47.0315 5572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    23:43:47.0322 5572 pci - ok
    23:43:47.0338 5572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    23:43:47.0341 5572 pciide - ok
    23:43:47.0396 5572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    23:43:47.0403 5572 pcmcia - ok
    23:43:47.0437 5572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    23:43:47.0440 5572 pcw - ok
    23:43:47.0580 5572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    23:43:47.0594 5572 PEAUTH - ok
    23:43:47.0768 5572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    23:43:47.0776 5572 PerfHost - ok
    23:43:48.0166 5572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    23:43:48.0195 5572 pla - ok
    23:43:48.0332 5572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    23:43:48.0348 5572 PlugPlay - ok
    23:43:48.0392 5572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    23:43:48.0403 5572 PNRPAutoReg - ok
    23:43:48.0485 5572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    23:43:48.0492 5572 PNRPsvc - ok
    23:43:48.0565 5572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    23:43:48.0575 5572 PolicyAgent - ok
    23:43:48.0665 5572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    23:43:48.0680 5572 Power - ok
    23:43:48.0806 5572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    23:43:48.0809 5572 PptpMiniport - ok
    23:43:48.0875 5572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    23:43:48.0882 5572 Processor - ok
    23:43:48.0978 5572 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    23:43:48.0995 5572 ProfSvc - ok
    23:43:49.0040 5572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    23:43:49.0044 5572 ProtectedStorage - ok
    23:43:49.0123 5572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    23:43:49.0127 5572 Psched - ok
    23:43:49.0394 5572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    23:43:49.0418 5572 ql2300 - ok
    23:43:49.0573 5572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    23:43:49.0578 5572 ql40xx - ok
    23:43:49.0649 5572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    23:43:49.0657 5572 QWAVE - ok
    23:43:49.0693 5572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    23:43:49.0696 5572 QWAVEdrv - ok
    23:43:49.0725 5572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    23:43:49.0727 5572 RasAcd - ok
    23:43:49.0776 5572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:43:49.0779 5572 RasAgileVpn - ok
    23:43:49.0811 5572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    23:43:49.0817 5572 RasAuto - ok
    23:43:49.0877 5572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:43:49.0881 5572 Rasl2tp - ok
    23:43:49.0970 5572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    23:43:49.0980 5572 RasMan - ok
    23:43:50.0009 5572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    23:43:50.0012 5572 RasPppoe - ok
    23:43:50.0057 5572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    23:43:50.0061 5572 RasSstp - ok
    23:43:50.0137 5572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    23:43:50.0151 5572 rdbss - ok
    23:43:50.0196 5572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    23:43:50.0198 5572 rdpbus - ok
    23:43:50.0221 5572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:43:50.0224 5572 RDPCDD - ok
    23:43:50.0291 5572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    23:43:50.0294 5572 RDPENCDD - ok
    23:43:50.0339 5572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    23:43:50.0343 5572 RDPREFMP - ok
    23:43:50.0402 5572 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    23:43:50.0410 5572 RDPWD - ok
    23:43:50.0500 5572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    23:43:50.0504 5572 rdyboost - ok
    23:43:50.0721 5572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    23:43:50.0726 5572 RemoteAccess - ok
    23:43:50.0782 5572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    23:43:50.0789 5572 RemoteRegistry - ok
    23:43:50.0937 5572 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    23:43:50.0948 5572 RichVideo - ok
    23:43:51.0024 5572 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
    23:43:51.0028 5572 RMCAST - ok
    23:43:51.0081 5572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    23:43:51.0089 5572 RpcEptMapper - ok
    23:43:51.0118 5572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    23:43:51.0122 5572 RpcLocator - ok
    23:43:51.0295 5572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    23:43:51.0312 5572 RpcSs - ok
    23:43:51.0390 5572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    23:43:51.0393 5572 rspndr - ok
    23:43:51.0570 5572 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
    23:43:51.0575 5572 RSUSBSTOR - ok
    23:43:51.0692 5572 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    23:43:51.0704 5572 RTL8167 - ok
    23:43:51.0741 5572 RtsUIR - ok
    23:43:51.0800 5572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    23:43:51.0803 5572 SamSs - ok
    23:43:51.0883 5572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    23:43:51.0886 5572 sbp2port - ok
    23:43:52.0004 5572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    23:43:52.0014 5572 SCardSvr - ok
    23:43:52.0058 5572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    23:43:52.0064 5572 scfilter - ok
    23:43:52.0323 5572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    23:43:52.0355 5572 Schedule - ok
    23:43:52.0423 5572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    23:43:52.0432 5572 SCPolicySvc - ok
    23:43:52.0558 5572 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    23:43:52.0562 5572 sdbus - ok
    23:43:52.0629 5572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    23:43:52.0636 5572 SDRSVC - ok
    23:43:52.0716 5572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    23:43:52.0718 5572 secdrv - ok
    23:43:52.0767 5572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    23:43:52.0772 5572 seclogon - ok
    23:43:52.0799 5572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    23:43:52.0806 5572 SENS - ok
    23:43:52.0873 5572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    23:43:52.0879 5572 SensrSvc - ok
    23:43:52.0916 5572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    23:43:52.0918 5572 Serenum - ok
    23:43:52.0957 5572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    23:43:52.0960 5572 Serial - ok
    23:43:53.0009 5572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    23:43:53.0013 5572 sermouse - ok
    23:43:53.0120 5572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    23:43:53.0127 5572 SessionEnv - ok
    23:43:53.0168 5572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    23:43:53.0170 5572 sffdisk - ok
    23:43:53.0196 5572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    23:43:53.0198 5572 sffp_mmc - ok
    23:43:53.0217 5572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    23:43:53.0219 5572 sffp_sd - ok
    23:43:53.0251 5572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    23:43:53.0254 5572 sfloppy - ok
    23:43:53.0413 5572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    23:43:53.0424 5572 SharedAccess - ok
    23:43:53.0559 5572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    23:43:53.0574 5572 ShellHWDetection - ok
    23:43:53.0649 5572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    23:43:53.0653 5572 SiSRaid2 - ok
    23:43:53.0703 5572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    23:43:53.0705 5572 SiSRaid4 - ok
    23:43:53.0888 5572 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
    23:43:53.0901 5572 SkypeUpdate - ok
    23:43:54.0002 5572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    23:43:54.0007 5572 Smb - ok
    23:43:54.0086 5572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    23:43:54.0093 5572 SNMPTRAP - ok
    23:43:54.0131 5572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    23:43:54.0135 5572 spldr - ok
    23:43:54.0296 5572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    23:43:54.0315 5572 Spooler - ok
    23:43:55.0647 5572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    23:43:55.0760 5572 sppsvc - ok
    23:43:56.0016 5572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    23:43:56.0023 5572 sppuinotify - ok
    23:43:56.0212 5572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    23:43:56.0226 5572 srv - ok
    23:43:56.0422 5572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    23:43:56.0434 5572 srv2 - ok
    23:43:56.0543 5572 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    23:43:56.0550 5572 SrvHsfHDA - ok
    23:43:56.0896 5572 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    23:43:56.0935 5572 SrvHsfV92 - ok
    23:43:57.0346 5572 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    23:43:57.0378 5572 SrvHsfWinac - ok
    23:43:57.0477 5572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    23:43:57.0488 5572 srvnet - ok
    23:43:57.0588 5572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    23:43:57.0597 5572 SSDPSRV - ok
    23:43:57.0623 5572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    23:43:57.0633 5572 SstpSvc - ok
    23:43:57.0840 5572 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    23:43:57.0845 5572 STacSV - ok
    23:43:57.0985 5572 Steam Client Service - ok
    23:43:58.0073 5572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    23:43:58.0076 5572 stexstor - ok
    23:43:58.0257 5572 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
    23:43:58.0265 5572 STHDA - ok
    23:43:58.0453 5572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    23:43:58.0473 5572 stisvc - ok
    23:43:58.0530 5572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    23:43:58.0539 5572 swenum - ok
    23:43:58.0669 5572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    23:43:58.0683 5572 swprv - ok
    23:43:58.0854 5572 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
    23:43:58.0863 5572 SynTP - ok
    23:43:59.0663 5572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    23:43:59.0707 5572 SysMain - ok
    23:44:00.0094 5572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    23:44:00.0101 5572 TabletInputService - ok
    23:44:00.0524 5572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    23:44:00.0550 5572 TapiSrv - ok
    23:44:00.0660 5572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    23:44:00.0667 5572 TBS - ok
    23:44:02.0795 5572 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    23:44:02.0851 5572 Tcpip - ok
    23:44:05.0374 5572 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    23:44:05.0410 5572 TCPIP6 - ok
    23:44:05.0731 5572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    23:44:05.0735 5572 tcpipreg - ok
    23:44:05.0777 5572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    23:44:05.0779 5572 TDPIPE - ok
    23:44:05.0828 5572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    23:44:05.0830 5572 TDTCP - ok
    23:44:05.0911 5572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    23:44:05.0923 5572 tdx - ok
    23:44:06.0161 5572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    23:44:06.0177 5572 TermDD - ok
    23:44:06.0354 5572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    23:44:06.0374 5572 TermService - ok
    23:44:06.0435 5572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    23:44:06.0446 5572 Themes - ok
    23:44:06.0502 5572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    23:44:06.0505 5572 THREADORDER - ok
    23:44:06.0647 5572 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
    23:44:06.0651 5572 TIEHDUSB - ok
    23:44:06.0742 5572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    23:44:06.0753 5572 TrkWks - ok
    23:44:06.0972 5572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    23:44:06.0978 5572 TrustedInstaller - ok
    23:44:07.0060 5572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:44:07.0062 5572 tssecsrv - ok
    23:44:07.0145 5572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    23:44:07.0148 5572 TsUsbFlt - ok
    23:44:07.0304 5572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    23:44:07.0308 5572 tunnel - ok
    23:44:07.0350 5572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    23:44:07.0352 5572 uagp35 - ok
    23:44:07.0425 5572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    23:44:07.0433 5572 udfs - ok
    23:44:07.0511 5572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    23:44:07.0518 5572 UI0Detect - ok
    23:44:07.0579 5572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    23:44:07.0588 5572 uliagpkx - ok
    23:44:07.0652 5572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    23:44:07.0656 5572 umbus - ok
    23:44:07.0684 5572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    23:44:07.0688 5572 UmPass - ok
    23:44:07.0829 5572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    23:44:07.0853 5572 upnphost - ok
    23:44:07.0943 5572 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    23:44:07.0947 5572 USBAAPL64 - ok
    23:44:08.0118 5572 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    23:44:08.0124 5572 usbaudio - ok
    23:44:08.0193 5572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    23:44:08.0197 5572 usbccgp - ok
    23:44:08.0208 5572 USBCCID - ok
    23:44:08.0247 5572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    23:44:08.0251 5572 usbcir - ok
    23:44:08.0282 5572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    23:44:08.0284 5572 usbehci - ok
    23:44:08.0335 5572 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
    23:44:08.0343 5572 usbfilter - ok
    23:44:08.0559 5572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    23:44:08.0572 5572 usbhub - ok
    23:44:08.0652 5572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    23:44:08.0658 5572 usbohci - ok
    23:44:08.0759 5572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    23:44:08.0765 5572 usbprint - ok
    23:44:08.0860 5572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    23:44:08.0881 5572 usbscan - ok
    23:44:08.0951 5572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:44:08.0962 5572 USBSTOR - ok
    23:44:09.0006 5572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    23:44:09.0010 5572 usbuhci - ok
    23:44:09.0131 5572 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    23:44:09.0136 5572 usbvideo - ok
    23:44:09.0187 5572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    23:44:09.0199 5572 UxSms - ok
    23:44:09.0270 5572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    23:44:09.0275 5572 VaultSvc - ok
    23:44:09.0396 5572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    23:44:09.0401 5572 vdrvroot - ok
    23:44:09.0672 5572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    23:44:09.0689 5572 vds - ok
    23:44:09.0785 5572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    23:44:09.0787 5572 vga - ok
    23:44:09.0817 5572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    23:44:09.0820 5572 VgaSave - ok
    23:44:09.0891 5572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    23:44:09.0897 5572 vhdmp - ok
    23:44:09.0929 5572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    23:44:09.0930 5572 viaide - ok
    23:44:09.0981 5572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    23:44:09.0985 5572 volmgr - ok
    23:44:10.0057 5572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    23:44:10.0066 5572 volmgrx - ok
    23:44:10.0112 5572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    23:44:10.0117 5572 volsnap - ok
    23:44:10.0186 5572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    23:44:10.0189 5572 vsmraid - ok
    23:44:10.0375 5572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    23:44:10.0410 5572 VSS - ok
    23:44:10.0567 5572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    23:44:10.0569 5572 vwifibus - ok
    23:44:10.0653 5572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    23:44:10.0658 5572 vwififlt - ok
    23:44:10.0727 5572 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    23:44:10.0730 5572 vwifimp - ok
    23:44:11.0205 5572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    23:44:11.0231 5572 W32Time - ok
    23:44:11.0264 5572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    23:44:11.0266 5572 WacomPen - ok
    23:44:11.0344 5572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    23:44:11.0348 5572 WANARP - ok
    23:44:11.0358 5572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    23:44:11.0361 5572 Wanarpv6 - ok
    23:44:11.0545 5572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    23:44:11.0575 5572 WatAdminSvc - ok
    23:44:11.0845 5572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    23:44:11.0878 5572 wbengine - ok
    23:44:12.0707 5572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    23:44:12.0722 5572 WbioSrvc - ok
    23:44:12.0794 5572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    23:44:12.0811 5572 wcncsvc - ok
    23:44:12.0846 5572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    23:44:12.0852 5572 WcsPlugInService - ok
    23:44:12.0947 5572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    23:44:12.0948 5572 Wd - ok
    23:44:13.0113 5572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    23:44:13.0139 5572 Wdf01000 - ok
    23:44:13.0212 5572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    23:44:13.0227 5572 WdiServiceHost - ok
    23:44:13.0235 5572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    23:44:13.0241 5572 WdiSystemHost - ok
    23:44:13.0353 5572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    23:44:13.0371 5572 WebClient - ok
    23:44:13.0432 5572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    23:44:13.0447 5572 Wecsvc - ok
    23:44:13.0511 5572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    23:44:13.0517 5572 wercplsupport - ok
    23:44:13.0612 5572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    23:44:13.0624 5572 WerSvc - ok
    23:44:13.0733 5572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    23:44:13.0737 5572 WfpLwf - ok
    23:44:13.0783 5572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    23:44:13.0794 5572 WIMMount - ok
    23:44:13.0835 5572 WinDefend - ok
    23:44:13.0859 5572 WinHttpAutoProxySvc - ok
    23:44:13.0926 5572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    23:44:13.0930 5572 Winmgmt - ok
    23:44:14.0375 5572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    23:44:14.0423 5572 WinRM - ok
    23:44:14.0945 5572 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    23:44:14.0951 5572 WinUsb - ok
    23:44:15.0060 5572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    23:44:15.0145 5572 Wlansvc - ok
    23:44:15.0219 5572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    23:44:15.0220 5572 WmiAcpi - ok
    23:44:15.0335 5572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    23:44:15.0343 5572 wmiApSrv - ok
    23:44:15.0430 5572 WMPNetworkSvc - ok
    23:44:15.0465 5572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    23:44:15.0472 5572 WPCSvc - ok
    23:44:15.0530 5572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    23:44:15.0539 5572 WPDBusEnum - ok
    23:44:15.0579 5572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    23:44:15.0581 5572 ws2ifsl - ok
    23:44:15.0611 5572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    23:44:15.0618 5572 wscsvc - ok
    23:44:15.0643 5572 WSearch - ok
    23:44:16.0776 5572 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    23:44:16.0835 5572 wuauserv - ok
    23:44:17.0143 5572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    23:44:17.0148 5572 WudfPf - ok
    23:44:17.0250 5572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:44:17.0253 5572 WUDFRd - ok
    23:44:17.0328 5572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    23:44:17.0337 5572 wudfsvc - ok
    23:44:17.0438 5572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    23:44:17.0450 5572 WwanSvc - ok
    23:44:17.0525 5572 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    23:44:17.0535 5572 yukonw7 - ok
    23:44:17.0633 5572 MBR (0x1B8) (4185cddfe2ead4cc1d8daa8b39193406) \Device\Harddisk0\DR0
    23:44:17.0708 5572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    23:44:17.0708 5572 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    23:44:17.0728 5572 Boot (0x1200) (a0233923d7808027bab088ce4c792b81) \Device\Harddisk0\DR0\Partition0
    23:44:17.0734 5572 \Device\Harddisk0\DR0\Partition0 - ok
    23:44:17.0762 5572 Boot (0x1200) (569fd0cf5a0eba22b7682f53c2dae822) \Device\Harddisk0\DR0\Partition1
    23:44:17.0764 5572 \Device\Harddisk0\DR0\Partition1 - ok
    23:44:17.0798 5572 Boot (0x1200) (adec72a5659e0f0f960b0affe5dd01bc) \Device\Harddisk0\DR0\Partition2
    23:44:17.0800 5572 \Device\Harddisk0\DR0\Partition2 - ok
    23:44:17.0802 5572 ============================================================
    23:44:17.0802 5572 Scan finished
    23:44:17.0802 5572 ============================================================
    23:44:17.0846 5216 Detected object count: 2
    23:44:17.0846 5216 Actual detected object count: 2
    23:44:22.0049 5216 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    23:44:22.0049 5216 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    23:44:23.0315 5216 \Device\Harddisk0\DR0\# - copied to quarantine
    23:44:23.0315 5216 \Device\Harddisk0\DR0 - copied to quarantine
    23:44:23.0449 5216 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    23:44:23.0455 5216 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    23:44:23.0475 5216 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    23:44:23.0516 5216 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    23:44:23.0577 5216 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:44:23.0597 5216 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:44:23.0606 5216 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    23:44:23.0609 5216 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    23:44:23.0622 5216 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    23:44:23.0636 5216 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:44:23.0646 5216 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:44:23.0650 5216 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    23:44:23.0653 5216 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    23:44:23.0674 5216 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    23:44:23.0720 5216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    23:44:23.0767 5216 \Device\Harddisk0\DR0 - ok
    23:44:24.0184 5216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    23:52:04.0583 4504 Deinitialize success
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    Re-run MBAM one more time.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    Do I restart my computer if asked?
    I'll do that just in case and then download them
    e/ nothing detected!
    but will download the programs and post logs
     
  10. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Hanson [Admin rights]
    Mode: Scan -- Date: 07/30/2012 00:44:29

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK2556GSY ATA Device +++++
    --- User ---
    [MBR] ab333830b7838469a66df03aa77114ec
    [BSP] fb5960c503bba0f555cbb4221172e057 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 223664 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 458473472 | Size: 14507 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  11. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-30 00:46:36
    -----------------------------
    00:46:36.158 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:46:36.158 Number of processors: 2 586 0x602
    00:46:36.158 ComputerName: HANSON-PC UserName: Hanson
    00:46:37.908 Initialize success
    00:46:38.819 AVAST engine defs: 12072901
    00:46:41.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:46:41.594 Disk 0 Vendor: TOSHIBA_MK2556GSY LH003C Size: 238475MB BusType: 11
    00:46:41.656 Disk 0 MBR read successfully
    00:46:41.656 Disk 0 MBR scan
    00:46:41.672 Disk 0 unknown MBR code
    00:46:41.672 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    00:46:41.688 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223664 MB offset 409600
    00:46:41.719 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14507 MB offset 458473472
    00:46:41.781 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
    00:46:41.875 Disk 0 scanning C:\Windows\system32\drivers
    00:46:59.006 Service scanning
    00:47:25.103 Modules scanning
    00:47:25.103 Disk 0 trace - called modules:
    00:47:25.473 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    00:47:25.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800312d4a0]
    00:47:25.503 3 CLASSPNP.SYS[fffff880010fe43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030d1680]
    00:47:26.356 AVAST engine scan C:\Windows
    00:47:29.555 AVAST engine scan C:\Windows\system32
    00:50:40.848 AVAST engine scan C:\Windows\system32\drivers
    00:50:53.228 AVAST engine scan C:\Users\Hanson
    00:52:22.135 Disk 0 MBR has been saved successfully to "C:\Users\Hanson\Desktop\MBR.dat"
    00:52:22.165 The log file has been saved successfully to "C:\Users\Hanson\Desktop\aswMBR.txt"
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    ComboFix 12-07-30.01 - Hanson 07/30/2012 21:07:44.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1640 [GMT -4:00]
    Running from: c:\users\Hanson\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Hanson\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-31 01:19 . 2012-07-31 01:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-07-31 01:19 . 2012-07-31 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-31 01:14 . 2012-07-31 01:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EF8CA33-0EC5-4437-9786-05245F5DED9A}\offreg.dll
    2012-07-30 03:41 . 2012-07-30 03:44 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-29 21:38 . 2012-07-29 21:38 -------- d-----w- C:\Riot Games
    2012-07-29 21:29 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-29 21:29 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-29 21:29 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-29 21:29 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-29 21:29 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-29 21:29 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-29 21:29 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-29 21:28 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-29 21:28 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-29 21:28 . 2012-07-29 21:28 -------- d-----w- c:\programdata\AVAST Software
    2012-07-29 21:28 . 2012-07-29 21:28 -------- d-----w- c:\program files\AVAST Software
    2012-07-29 21:17 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EF8CA33-0EC5-4437-9786-05245F5DED9A}\mpengine.dll
    2012-07-29 18:03 . 2012-07-29 18:03 -------- d-----w- c:\windows\Sun
    2012-07-26 03:16 . 2012-07-26 03:16 -------- d-----w- c:\users\Hanson\AppData\Local\Aeria Games
    2012-07-26 03:14 . 2012-07-26 03:14 -------- d-----w- c:\programdata\Aeria Games
    2012-07-26 02:55 . 2012-07-26 02:55 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-07-14 19:22 . 2012-07-29 21:09 -------- d-----w- c:\users\Hanson\AppData\Local\LogMeIn Hamachi
    2012-07-14 19:21 . 2012-07-14 19:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-07-11 22:31 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-10 22:43 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-06 23:18 . 2012-07-06 23:43 -------- d-----w- c:\users\Hanson\AppData\Local\Turbine
    2012-07-06 23:17 . 2012-07-07 00:20 -------- d-----w- c:\users\Hanson\AppData\Local\ApplicationHistory
    2012-07-06 23:16 . 2012-07-06 23:16 -------- d-----w- c:\windows\SysWow64\URTTEMP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-29 22:42 . 2012-06-24 15:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-29 22:42 . 2011-05-29 04:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 22:25 . 2010-06-23 19:14 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-03 17:46 . 2010-06-22 23:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-22 12:56 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 12:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 12:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 12:56 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 12:56 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 12:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 12:56 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-22 12:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-22 12:55 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 16:25 . 2010-06-12 19:20 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-04 11:06 . 2012-06-14 18:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 18:21 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 18:21 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2010-06-15 00:52 . 2010-06-14 02:09 147235840 ----a-w- c:\program files (x86)\Dragonica_Setup1.1.32.exe.part
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Hanson\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2010-11-10 24032]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
    R3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 22:42]
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 02:28]
    .
    2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 02:28]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 171520]
    "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    FF - ProfilePath - c:\users\Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\pin114hd.test\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Project D - c:\users\Hanson\Desktop\Diablo II\Uninstal.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-30 21:25:23
    ComboFix-quarantined-files.txt 2012-07-31 01:25
    .
    Pre-Run: 91,195,453,440 bytes free
    Post-Run: 91,710,439,424 bytes free
    .
    - - End Of File - - E42CD0209D899589E8998A8D967E37BF
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good :)

    Any current issues?

    ==================================

    Uninstall:
    Ask Toolbar
    Ask Toolbar Updater
    ...typical foistware.

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    Nope, nothing wrong.
    OTL
    OTL logfile created on: 7/30/2012 9:38:21 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Hanson\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 17.51% Memory free
    5.49 Gb Paging File | 2.75 Gb Available in Paging File | 50.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.42 Gb Total Space | 83.66 Gb Free Space | 38.30% Space Free | Partition Type: NTFS
    Drive D: | 14.17 Gb Total Space | 2.34 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

    Computer Name: HANSON-PC | User Name: Hanson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/30 21:36:33 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hanson\Desktop\OTL.exe
    PRC - [2012/07/29 18:32:14 | 009,162,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.170\deploy\League of Legends.exe
    PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/05/29 11:45:18 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    PRC - [2012/05/29 11:44:58 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe
    PRC - [2012/02/15 15:39:14 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\LolClient.exe
    PRC - [2011/10/09 12:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/29 18:32:27 | 000,929,792 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.170\deploy\rads.dll
    MOD - [2012/07/29 18:32:14 | 009,162,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.170\deploy\League of Legends.exe
    MOD - [2012/05/29 11:45:18 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    MOD - [2012/05/29 11:44:58 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe
    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/14 12:01:59 | 000,958,976 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll
    MOD - [2011/07/14 12:01:59 | 000,132,096 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
    MOD - [2011/07/14 12:01:58 | 007,006,208 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll
    MOD - [2011/07/14 12:01:58 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/07/29 18:42:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/18 23:05:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/10 18:27:25 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
    SRV - [2012/07/05 22:52:07 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
    DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/09 22:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2010/11/09 22:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010/11/09 22:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/09/21 22:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
    DRV:64bit: - [2009/06/24 15:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/03/09 09:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {246FE02C-BED3-460C-9130-8D4E17E68F93}
    IE:64bit: - HKLM\..\SearchScopes\{246FE02C-BED3-460C-9130-8D4E17E68F93}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{29E328AF-967A-494F-A77D-96A420D38DCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {246FE02C-BED3-460C-9130-8D4E17E68F93}
    IE - HKLM\..\SearchScopes\{246FE02C-BED3-460C-9130-8D4E17E68F93}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{29E328AF-967A-494F-A77D-96A420D38DCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKCU\..\SearchScopes,DefaultScope = {246FE02C-BED3-460C-9130-8D4E17E68F93}
    IE - HKCU\..\SearchScopes\{246FE02C-BED3-460C-9130-8D4E17E68F93}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{29E328AF-967A-494F-A77D-96A420D38DCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKCU\..\SearchScopes\{6CA9A827-A715-41BA-9337-6B53866BA139}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=6206D9C7-F83E-4054-A47F-EA73F7F12EF7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {6cbc25b0-0a52-11df-8a39-0800200c9a66}:1.0.25
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
    FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Hanson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/31 00:08:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/29 17:28:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 23:05:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/12 17:06:43 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 23:05:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/12 17:06:43 | 000,000,000 | ---D | M]

    [2010/06/12 14:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanson\AppData\Roaming\Mozilla\Extensions
    [2011/07/01 14:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\50o9cgps.default\extensions
    [2011/05/24 15:23:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\50o9cgps.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2012/07/30 21:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\pin114hd.test\extensions
    [2012/06/21 13:28:46 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\pin114hd.test\extensions\djziggy@gmail.com
    [2011/06/22 14:18:50 | 000,000,923 | ---- | M] () -- C:\Users\Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\50o9cgps.default\searchplugins\conduit.xml
    [2012/04/24 23:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/02/27 17:20:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
    [2012/07/18 23:05:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/10 15:27:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hanson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Hanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Hanson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Hanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Hanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\Hanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
    CHR - Extension: Gmail = C:\Users\Hanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
  16. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    O1 HOSTS File: ([2012/07/30 21:20:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Hanson\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6790BE9-F4E3-42AF-8B87-3333657C8737}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF26BD33-FCC4-450A-9A59-BE0D09DD8931}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 21:36:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Hanson\Desktop\OTL.exe
    [2012/07/30 21:04:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/30 21:04:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/30 21:04:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/30 21:04:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/30 21:04:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/30 20:35:14 | 004,722,436 | R--- | C] (Swearware) -- C:\Users\Hanson\Desktop\ComboFix.exe
    [2012/07/30 00:45:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Hanson\Desktop\aswMBR.exe
    [2012/07/30 00:43:52 | 000,000,000 | ---D | C] -- C:\Users\Hanson\Desktop\RK_Quarantine
    [2012/07/29 23:41:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/29 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Hanson\Desktop\tdsskiller
    [2012/07/29 21:34:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hanson\Desktop\dds.scr
    [2012/07/29 21:33:02 | 000,000,000 | ---D | C] -- C:\Users\Hanson\Desktop\gmer
    [2012/07/29 17:38:30 | 000,000,000 | ---D | C] -- C:\Riot Games
    [2012/07/29 17:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/29 17:29:35 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/29 17:29:34 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/29 17:29:25 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/29 17:29:24 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/29 17:29:21 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/29 17:29:17 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/29 17:29:14 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/29 17:28:38 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/29 17:28:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/29 17:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/29 17:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/29 14:03:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/07/28 13:53:56 | 000,000,000 | ---D | C] -- C:\Users\Hanson\Desktop\Terraria
    [2012/07/28 13:43:22 | 000,000,000 | ---D | C] -- C:\Users\Hanson\Desktop\N Terraria
    [2012/07/25 23:16:01 | 000,000,000 | ---D | C] -- C:\Users\Hanson\AppData\Local\Aeria Games
    [2012/07/25 23:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
    [2012/07/25 22:55:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2012/07/14 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\Hanson\AppData\Local\LogMeIn Hamachi
    [2012/07/14 15:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2012/07/14 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2012/07/14 14:34:30 | 000,000,000 | ---D | C] -- C:\Users\Hanson\Desktop\Server
    [2012/07/07 15:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    [2012/07/06 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\Hanson\AppData\Local\Turbine
    [2012/07/06 19:17:54 | 000,000,000 | ---D | C] -- C:\Users\Hanson\AppData\Local\ApplicationHistory
    [2012/07/06 19:16:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
    [2010/06/13 22:09:02 | 147,235,840 | ---- | C] (THQ*ICE LLC ) -- C:\Program Files (x86)\Dragonica_Setup1.1.32.exe.part
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 21:41:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/30 21:39:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/30 21:36:33 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hanson\Desktop\OTL.exe
    [2012/07/30 21:20:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/30 20:41:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 20:35:48 | 004,722,436 | R--- | M] (Swearware) -- C:\Users\Hanson\Desktop\ComboFix.exe
    [2012/07/30 20:25:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 16:58:16 | 000,017,920 | ---- | M] () -- C:\Users\Hanson\Desktop\quote tihng.wps
    [2012/07/30 16:58:16 | 000,016,608 | ---- | M] () -- C:\Users\Hanson\AppData\Roaming\wklnhst.dat
    [2012/07/30 12:33:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 12:33:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 12:25:46 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 00:52:22 | 000,000,512 | ---- | M] () -- C:\Users\Hanson\Desktop\MBR.dat
    [2012/07/30 00:45:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Hanson\Desktop\aswMBR.exe
    [2012/07/30 00:43:33 | 001,552,384 | ---- | M] () -- C:\Users\Hanson\Desktop\RogueKiller.exe
    [2012/07/29 23:16:34 | 002,117,108 | ---- | M] () -- C:\Users\Hanson\Desktop\tdsskiller.zip
    [2012/07/29 21:35:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Hanson\Desktop\dds.scr
    [2012/07/29 21:27:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 17:52:48 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2012/07/29 17:29:36 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/29 17:29:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/07/28 12:48:36 | 000,559,662 | ---- | M] () -- C:\Users\Hanson\Desktop\N Terraria.zip
    [2012/07/27 20:25:53 | 000,020,992 | ---- | M] () -- C:\Users\Hanson\Desktop\quotes.wps
    [2012/07/25 15:48:56 | 000,016,861 | ---- | M] () -- C:\Users\Hanson\Desktop\what is this supposed to be.png
    [2012/07/23 20:35:49 | 000,018,944 | ---- | M] () -- C:\Users\Hanson\Desktop\the call of the wild.wps
    [2012/07/18 23:05:10 | 000,002,044 | ---- | M] () -- C:\Users\Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/17 22:29:16 | 000,000,212 | ---- | M] () -- C:\Users\Hanson\Documents\PWOOptions.ini
    [2012/07/12 21:53:05 | 001,155,007 | ---- | M] () -- C:\Users\Hanson\Desktop\vs phg.png
    [2012/07/12 18:18:29 | 000,363,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/07 15:29:31 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/07/06 19:19:26 | 000,000,094 | ---- | M] () -- C:\Users\Hanson\AppData\Local\fusioncache.dat
    [2012/07/06 19:17:22 | 000,809,422 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/06 19:17:22 | 000,669,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/06 19:17:22 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/30 21:04:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/30 21:04:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/30 21:04:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/30 21:04:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/30 21:04:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/30 16:58:15 | 000,017,920 | ---- | C] () -- C:\Users\Hanson\Desktop\quote tihng.wps
    [2012/07/30 00:52:22 | 000,000,512 | ---- | C] () -- C:\Users\Hanson\Desktop\MBR.dat
    [2012/07/30 00:43:29 | 001,552,384 | ---- | C] () -- C:\Users\Hanson\Desktop\RogueKiller.exe
    [2012/07/29 23:16:18 | 002,117,108 | ---- | C] () -- C:\Users\Hanson\Desktop\tdsskiller.zip
    [2012/07/29 21:27:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/29 17:52:48 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2012/07/29 17:29:36 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/29 17:29:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/07/28 12:48:11 | 000,559,662 | ---- | C] () -- C:\Users\Hanson\Desktop\N Terraria.zip
    [2012/07/27 17:20:34 | 000,020,992 | ---- | C] () -- C:\Users\Hanson\Desktop\quotes.wps
    [2012/07/25 15:48:56 | 000,016,861 | ---- | C] () -- C:\Users\Hanson\Desktop\what is this supposed to be.png
    [2012/07/22 23:03:08 | 000,018,944 | ---- | C] () -- C:\Users\Hanson\Desktop\the call of the wild.wps
    [2012/07/12 21:53:04 | 001,155,007 | ---- | C] () -- C:\Users\Hanson\Desktop\vs phg.png
    [2012/07/07 15:29:20 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/07/06 19:19:26 | 000,000,094 | ---- | C] () -- C:\Users\Hanson\AppData\Local\fusioncache.dat
    [2012/01/31 16:49:35 | 000,038,542 | ---- | C] () -- C:\Windows\DIIUnin.dat
    [2012/01/30 21:05:51 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2012/01/30 21:05:51 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2012/01/30 21:05:51 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2012/01/21 15:52:39 | 000,000,024 | ---- | C] () -- C:\Users\Hanson\random.dat
    [2012/01/21 15:52:38 | 000,000,045 | ---- | C] () -- C:\Users\Hanson\jagex_cl_runescape_LIVE.dat
    [2012/01/17 19:53:09 | 000,000,600 | ---- | C] () -- C:\Users\Hanson\AppData\Roaming\winscp.rnd
    [2011/10/22 17:38:48 | 000,000,286 | ---- | C] () -- C:\Windows\SysWow64\msexcrt.ini
    [2011/09/16 15:34:53 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2011/05/28 13:57:50 | 000,809,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/23 23:03:35 | 000,016,896 | ---- | C] () -- C:\Users\Hanson\fghjfghjdghfg.wps
    [2011/04/19 22:07:19 | 000,156,292 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/03/19 20:47:58 | 000,083,091 | ---- | C] () -- C:\Windows\War3Unin.dat
    [2011/02/12 18:56:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/09 14:40:39 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
    [2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2010/10/15 20:27:05 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/08/10 00:07:54 | 000,007,597 | ---- | C] () -- C:\Users\Hanson\AppData\Local\Resmon.ResmonCfg
    [2010/06/16 20:08:49 | 000,016,608 | ---- | C] () -- C:\Users\Hanson\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2012/07/14 18:17:14 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\.minecraft
    [2010/06/16 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\DragonicaSCB
    [2011/01/09 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\FirstClass
    [2011/10/27 14:51:20 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\fltk.org
    [2010/06/27 18:59:04 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\fofix
    [2011/02/03 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\GetRightToGo
    [2011/07/26 19:22:18 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\go
    [2011/01/16 12:49:41 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\Hive Cluster
    [2012/01/26 15:40:09 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\JGsoft
    [2011/10/17 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\Leadertech
    [2010/07/01 19:37:44 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\LolClient
    [2012/05/24 15:33:25 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\LolClient2
    [2010/08/09 02:15:45 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\muvee Technologies
    [2011/04/01 17:51:21 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\NeopleLauncherDFO
    [2011/11/13 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\paup
    [2010/07/27 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\PlayFirst
    [2011/12/04 00:27:20 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\redsn0w
    [2011/11/27 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\SplitMediaLabs
    [2012/05/14 15:56:42 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\SystemRequirementsLab
    [2010/06/16 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\Template
    [2010/06/22 19:36:00 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\Tific
    [2011/10/18 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\Unity
    [2012/04/25 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\uTorrent
    [2010/06/11 16:57:14 | 000,000,000 | ---D | M] -- C:\Users\Hanson\AppData\Roaming\WildTangent
    [2012/05/17 15:07:39 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(16).TXT
    [2010/09/16 22:21:10 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(20).TXT
    [2011/01/04 16:17:41 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(29).TXT
    [2012/05/17 15:07:39 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/11/15 16:52:13 | 000,000,651 | ---- | M] ()(C:\Users\Hanson\AppData\Local\PMB Fik?s) -- C:\Users\Hanson\AppData\Local\PMB Fik聥s
    [2011/11/15 16:52:13 | 000,000,651 | ---- | C] ()(C:\Users\Hanson\AppData\Local\PMB Fik?s) -- C:\Users\Hanson\AppData\Local\PMB Fik聥s

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
     
  17. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    Extras

    OTL Extras logfile created on: 7/30/2012 9:38:21 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Hanson\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 17.51% Memory free
    5.49 Gb Paging File | 2.75 Gb Available in Paging File | 50.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.42 Gb Total Space | 83.66 Gb Free Space | 38.30% Space Free | Partition Type: NTFS
    Drive D: | 14.17 Gb Total Space | 2.34 Gb Free Space | 16.52% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

    Computer Name: HANSON-PC | User Name: Hanson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05B60C20-3ED8-4186-AB9A-5ABC24D73F3A}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher |
    "{07BC7B1F-9573-48C5-99C8-0CBB91A2087E}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher |
    "{0D90FD79-BCD7-48F2-B2B6-871FADEED1FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{10A7AF96-F439-45C0-A834-14D54473CD6A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1225C8B7-EFA4-456A-91B3-441A6F4BB79D}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
    "{128F0373-37AE-4630-A8D9-585962920126}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{15DD251F-AE46-4623-B42B-75E53E198333}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
    "{1AA5AC96-5EAC-43DD-8F2A-507EA15ABC14}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
    "{1B7E43D2-1054-4AE9-A05D-E7787D7F758D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1BDE26C2-F3A5-44B6-AF45-647A88D5FDA2}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
    "{1C4AB018-EE3C-45EF-AFDF-1FC092038344}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
    "{1E1EF6F0-E5F2-493A-8863-FE58832AFED4}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
    "{1EC9E14A-BA8C-49D2-8228-C0EF249C508D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{258D0E8D-EC27-4642-A53C-4B8C78BB81C9}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher |
    "{2704786A-FE86-4516-8CD9-BCF881291650}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2A9CED71-D4A2-43E0-8238-138DEDE82374}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
    "{2F5CF252-5682-4050-9A78-5BB7EF181CE4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3400617D-F3EB-4606-B89B-9CE475D251B3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{381997F3-5BE0-4E1E-B0D5-1E023C61967A}" = lport=6941 | protocol=6 | dir=in | name=league of legends launcher |
    "{3970DA64-9913-4A7F-9E36-C3E0E78A0528}" = rport=139 | protocol=6 | dir=out | app=system |
    "{3D46BED1-CA3D-42B5-A063-977DC677D2A8}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher |
    "{3E548292-0D15-4D2B-8F02-58CA0FBCF4AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{40A88635-58F6-4A06-BC3A-DDD99D672019}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{426BBBB3-9C41-455F-AAF9-2F2B94DFD2C0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{430761CA-BCDD-4E06-8727-B8B4D9826C4A}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
    "{45A2B890-282F-402A-B7BB-01252794296B}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
    "{4706F1D4-69BE-4297-A481-7F64055C3108}" = lport=6941 | protocol=17 | dir=in | name=league of legends launcher |
    "{48D5D2C2-D07A-4944-9DDA-84E8AE2F6C88}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4A85191F-F5D4-45DE-AADA-4434D483AB7F}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher |
    "{4BD216E6-F45E-4C46-A85C-C4CC173D02AA}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
    "{4F741548-C62B-4DAF-9F8F-4523E0C4A8F4}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
    "{50BD5A2D-5E91-4AC1-A4FB-601E79717705}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
    "{50C5ED2D-6C26-4E43-8D70-7BB36B00261D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{541ECE89-E27D-47E4-BBB9-5319B8D1E693}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{5576035F-7447-496E-B5D4-990D9752EC73}" = lport=138 | protocol=17 | dir=in | app=system |
    "{563104EE-0E47-45AA-B59A-D1697087C06C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{59ED617C-3581-45F5-8530-68BCB1DEDE19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5AC4398B-8A71-47EA-80C1-AF2F8C2C511C}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
    "{5D392505-8190-472C-95E0-F541272F9B3B}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
    "{6A1399E5-E325-4DF0-9476-D624454C46EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{6BA7BCA2-6E90-4F6F-AC3D-CA729855AD9A}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
    "{6D1FB4D9-65CE-4566-8BE1-2650D1DD3203}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6D7337F8-C45E-4CB8-8720-D4679B9217AE}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7093AA8C-82FA-4AA7-9862-FE00D1E28001}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{794FF407-E0A3-4AD9-AF2B-F5266FA363D4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{7C61169F-FBB6-429E-B9EE-F9B53B059277}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{88A4DF7A-30BB-4B17-ACD5-757F20C194FE}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher |
    "{930F4CE3-C6F0-413C-858A-9E055D70B145}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher |
    "{944952ED-8D41-4599-A93C-B11CCA1835D0}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher |
    "{97CCD224-EF7F-4E90-A64F-06B704B56AAC}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher |
    "{9AC50941-8C73-48C4-8B84-ADB75B355DB0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A4871DB8-1412-42C6-8171-42E0319B960D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{AC9D7804-80A9-4E84-A794-06610440A710}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
    "{BA3F95CD-AA91-4BB1-83EA-F0D41E39455B}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
    "{BE0D3360-726D-41CB-9986-929C5A66D8C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BF630020-927A-4F1A-886A-D41610065AB5}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
    "{C06C2DCC-398F-4BB5-9C80-CE8A8305BEA5}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C40376E7-D3BC-4DCF-B3FF-4C659F48ABC7}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
    "{C4212F12-187B-4419-8E23-CAE24446C396}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher |
    "{C4B5E5A4-A56C-49DC-9A2D-B7176F8BB0D2}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
    "{C72E94F6-B0CE-4F9A-87AE-4076A71B2FBD}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
    "{C9C3A056-11CE-4559-B65D-286DBB51010F}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher |
    "{D7102BD4-7CAE-49EE-BB76-EB754C73F8DC}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
    "{DE7630EC-D9CA-4A30-B23E-B32E93213FAC}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E2ADDF20-8EA3-4E0B-B057-D14D11387378}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher |
    "{EE2580E7-05DB-4610-A326-C599DB73F57D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
    "{EE6E8BCB-55F8-48C4-92B5-31DA5929C172}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EE81F304-BD5F-4F83-A19D-8A4DE3BFB103}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
    "{F0406C71-0B7B-460E-85C6-1C331C8B1A91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F79B3058-F391-43A6-AA7A-133FBD16790D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FB3837A2-3767-4CA2-A2F9-AC0381411A71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FF3A933F-AF6B-457B-A15E-69C62F033AB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0000AA1C-80DC-4D4F-BD59-998C637AB32F}" = protocol=6 | dir=in | app=c:\program files (x86)\terraria\terraria.exe |
    "{032BBAE9-E62F-47EA-A7C1-DE1EF03C16AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{03B90C6A-BD12-49B2-B006-BBA0FC706E74}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.404\agent.exe |
    "{07E96C08-1ACD-478B-B784-F1469BF9CA8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{099F35CC-2C85-4B47-A2AE-B2E86A1FB5F5}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{0AA463D1-E76A-45B6-85F2-4EB8C7687C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |
    "{0D6DAE19-9E8C-47BC-B2A0-ACFE92134419}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{0D87B600-6DCD-47C5-98AF-D3C72DEFFCEA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{121B4664-4CB1-485C-A8A8-AD0A9C3452B8}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{134A39DD-BAAD-47C3-AF75-DB6D7CC89A22}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1544E03A-F17A-4A3E-8E9F-56ECF414A75C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "{17F30827-008E-4A03-BECE-E928F47F5ABF}" = protocol=17 | dir=in | app=c:\program files (x86)\zbattle.net\zbattle.net.exe |
    "{18938272-EC6B-4BD5-8D60-4419A9E20D03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "{1A8C3C37-641D-43FF-A35F-C63F67C5AF66}" = protocol=17 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
    "{1AC67C9F-A4B2-48AC-882F-984540FDAF2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1BB458EF-4ED6-4612-A7DE-32547740A37D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
    "{1D08ACE8-A0ED-4701-A0F2-8E0B67C4280D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
    "{1DB8943B-5244-4249-A983-DFAA1358FED5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{1E67534D-F043-4BDA-8B99-CF6D774778E3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{1F83B610-10EC-44B8-A7A1-686D71384CD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1FA30ADD-0209-4EC6-962C-198C8A43141E}" = protocol=6 | dir=in | app=c:\program files (x86)\zbattle.net\zbattle.net.exe |
    "{213A6E60-28B7-41AE-8D05-51F20B437EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
    "{2516B475-CC7B-40CB-BDB0-E62C72580FBD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{256086EB-FC2F-4C12-8F24-2A7CB33959EC}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
    "{2D99E626-F859-4703-9352-F7FCEB487360}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{31C9B416-5EB6-476D-9D99-4EED2D426F7F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.403\agent.exe |
    "{3205F6C4-AE6C-4A33-A096-BFDD2A2D791F}" = protocol=17 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |
    "{369094F9-F715-46F4-97D8-1B9145F6E864}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{37D487B4-C66F-4556-883B-B80AF9BF418C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{3863BA09-0FCD-4A09-A5FF-7335B0A58C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{3BFF857D-3242-47D5-BBB4-732580CABC03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{422F57F5-56B7-47D8-81A2-D061AD061A48}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{435CE041-DFE1-4EEE-AA60-F3E0F391712F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{444EE1A3-C89E-469D-BF98-D01071423511}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{44F5DF36-19FE-4112-BA0F-01E16168CD36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{46B47F2A-3BEB-4DBD-B07E-9279B276A13D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{472154EC-69DD-4202-B1C2-833AF342DD21}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "{483A1488-9570-461D-9824-14FA60439A8D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.404\agent.exe |
    "{4C819DC4-CA5E-4693-B953-89C5D813354C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{4D3AACEF-707F-4EB1-B642-92CAA50FD10A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{4FB605F5-E6DE-417F-B4F6-3CFFD20DDA0D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{4FFB0B49-0002-472D-94D4-C09E55CF7791}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "{55D21E85-DDE9-4F7B-A637-6C4EA96E8F58}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{567B9F94-38B6-4523-9A10-37A7624FE939}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5684C2F9-0C2E-4AB8-9813-E2761F2E7732}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{56D407AB-CF45-40E0-88A7-8347BF588C1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5DC2F3C8-C5EE-4019-971D-358908AAC3E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{64064710-74F4-462B-BDF0-BB7865DDABAE}" = protocol=6 | dir=out | app=system |
    "{642A8835-3C8A-433C-BFFD-073DE2086A69}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{68741B84-D86F-48BF-8D3E-F751843B3C52}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6B8D7936-8460-434A-8228-D1354D9646EE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{72107683-8074-483F-84EE-9C08EA7A63AD}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{7210948C-1FC8-43C0-99AF-A5092A5310ED}" = protocol=17 | dir=in | app=c:\program files (x86)\terraria\terraria.exe |
    "{729A9D0B-05EF-4019-9DF6-93235E4E1EAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{780468C8-39F9-4C98-95AC-0CD110C92042}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{7CDEAE28-B25D-4B94-9B5A-5E92692AF7C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{7CEE1846-AB5C-4FA7-9A19-710777242018}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{80AF7D53-61F5-4CE6-BB49-83FD86EE33A5}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
    "{85EFFF2C-9761-4C77-9DDA-3789DDD9A07D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{86AE57BC-87EF-4504-AA1D-33ADCBB2971D}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
    "{86B90CBF-DC2B-41ED-8485-B054C9DA1620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{8AC351B4-BA3F-40A4-8284-18A07E615CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{911CD650-E5FF-44BB-BF03-D34BBFD3C498}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{925B26FD-0CF6-4A03-94EF-4861A77D45D8}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{92911337-E410-4C20-96CD-50D54F78C052}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{930D8D2B-6359-4B25-967D-063F63579E82}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{938BF4EF-8832-44B1-BAC1-B614CCFDD57B}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{9A01D1E9-78DE-445B-AC73-8B3C0A7F631D}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
    "{9A28489F-8C8A-4954-8E13-39AC337B63B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{9F534100-4203-4773-9C00-07971D081542}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{A24A78C1-8751-4949-B655-7118A01C4E5D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A6FEB230-F755-4E0B-9D3E-99C480E42BA7}" = protocol=58 | dir=in | app=system |
    "{A7489E2D-6DD4-4EE7-9E23-2E33EEEDD3C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{A8D8736F-3EFA-4711-AE3B-C33577CA107D}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
    "{A9747F27-2B30-4E08-BEB3-6EA5E4E04023}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AA7DFC77-4AE5-44C6-B6D4-0DB0AF186D0E}" = protocol=17 | dir=in | app=c:\users\hanson\desktop\maplestory\arcanems.exe |
    "{AB7424E8-5938-43E7-B7D5-1D396243B893}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
    "{AF66AE2B-6609-48EF-8A7C-AF73E3D238CC}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{AF95EB56-51D2-4230-A550-0A6069290B03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B014C4B9-B108-47CB-93DE-29E2499CE200}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{B3C4E7B5-F0EF-4071-9060-8FD7CDEEF7B2}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "{B547A938-20E0-40BF-AF40-EB88AB3C04AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{B63F4C63-E8FB-4972-8861-6DF5B552C054}" = protocol=6 | dir=in | app=g:\starcraft ii\starcraft ii.exe |
    "{BAAD58BE-D58F-4435-8A56-437D4FADC2B4}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{BAD57603-5A26-4CDE-AB23-04E80F4E691A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C49B530B-5FC5-430F-9794-C1A33097B2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\diablo ii.exe |
    "{C60F598F-9708-4D6E-ABB3-EA983D6F4437}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "{C788DEDB-E11F-4C6D-B97B-E7FE9E848B17}" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
    "{CB03FFFB-05B7-4A7D-89A2-E537BE4BE71E}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{CB107E50-3CBE-478C-A286-657207A56175}" = protocol=6 | dir=in | app=c:\users\hanson\desktop\maplestory\arcanems.exe |
    "{CC90F4BD-3893-4460-88C1-F2FE52661CDC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.403\agent.exe |
    "{CD3C32C8-FCFB-41B9-976C-D8022C819B3E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{CF70D105-6EB6-46D8-857B-E71E4F4DED36}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{D0F041B3-B33E-4CE8-87BD-F6DB7BECCBD2}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{D3B9125F-2FA9-447A-ABE0-919648E77FAA}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
    "{D5206849-0E17-4CE1-B872-7A2F387C1A6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
    "{DB679011-BDB4-4A59-BEDB-A485B3CCD430}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
    "{DCAD14A0-8715-4688-82A8-F258F46EF3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{DD579BF3-9148-40BB-9ACC-EED8EA9B7C36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E4F0520C-D8B0-4B76-9EB0-8A1076B8E130}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{E65E4132-3F21-457D-81A1-0BAECC2BBDEE}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\diablo ii.exe |
    "{E753CCBE-56C1-4E4D-B69B-4BAF16F54291}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{E9ECDDF9-8089-4E89-8BC7-8F9089195E2C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{ED240464-D04D-4AEE-BBE8-80AE290405DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{ED46D5FE-8FED-4C4E-8EDE-DCED3B728F65}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{F42C381D-41C3-4F8E-A0E9-7B167C73F9C6}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{F9963C6E-C5FB-4CDC-B3D4-093D9C68F97C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
    "{F9A5C914-F1F4-49D7-8FF5-D21ACD17CC48}" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
    "{FA2B35AF-A2F6-421C-AD6B-7010B8B6A462}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FFB25A5B-0980-45D7-8459-CA6922C852CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FFD155A0-9CB0-4144-8150-DFB48978A908}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{0294475A-B03F-462F-8EA2-7F9505D1BE5D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "TCP Query User{0E3C0DD2-7098-468A-90EB-E2FECCECB6AE}C:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe |
    "TCP Query User{1253125E-CE78-4A3D-9752-26C282FACCE9}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "TCP Query User{190B20D4-51E7-48F1-8495-762F841717C0}C:\program files (x86)\diablo ii\d2se.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\d2se.exe |
    "TCP Query User{1F2A26E4-2AC1-4D37-B092-D4E97E549641}C:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe |
    "TCP Query User{1FECA34C-046E-4669-8CBB-119131A31146}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{2B6E0956-A077-406B-B3CE-33A40D8AA543}C:\users\hanson\desktop\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base17326\sc2.exe |
    "TCP Query User{35B88168-A532-4D8D-AF17-BC2EAE90689E}C:\users\hanson\downloads\starcraft ii\starcraft ii public test.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\starcraft ii public test.exe |
    "TCP Query User{3C9237D1-18BC-4F8A-A7B7-2CF6CB455481}C:\users\hanson\desktop\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base19132\sc2.exe |
    "TCP Query User{440AD689-4116-4BB6-887A-6157E7AA5B72}C:\users\hanson\desktop\maplestory\arcanems.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\maplestory\arcanems.exe |
    "TCP Query User{46B96965-86AA-4CA1-9D34-8385BD6AE015}C:\users\hanson\downloads\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{499CB468-8ADA-43CD-95F0-24A0F5D69B55}C:\users\hanson\downloads\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\starcraft ii.exe |
    "TCP Query User{4C6675AD-95C9-4BBD-B1A4-5EA24F6A5FE0}C:\users\hanson\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hanson\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{511CE6A7-4314-49B4-AEBD-8E4ADB4198A5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{60484BA0-E89C-4A4A-9FBE-2A64853F26C1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{6074B9DD-28CA-45C8-B463-29A919D8B4E1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{682B341B-0BAB-46F6-A764-8ACD85196D0B}C:\users\hanson\desktop\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base18092\sc2.exe |
    "TCP Query User{6B35F5B7-3EBE-467E-9065-1D180AA21710}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
    "TCP Query User{71F8A952-AF9D-417A-8614-6B5A43AE5E2D}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
    "TCP Query User{7346DFDD-DDE7-4455-9C50-A32C09AA52F9}G:\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=g:\starcraft ii\versions\base15405\sc2.exe |
    "TCP Query User{79F746F1-F321-445A-A3FE-128DAAD25E34}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
    "TCP Query User{81D824A5-7A3A-4DC2-9446-46FF9DD4C04D}C:\users\hanson\desktop\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base15405\sc2.exe |
    "TCP Query User{87C7C499-B5CE-4D0F-8743-55362C9DB2BE}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{92DE47FC-4D39-4ADB-B178-2C56BFA585DD}C:\users\hanson\downloads\ghostone1.7.266\ghostone\ghost.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\ghostone1.7.266\ghostone\ghost.exe |
    "TCP Query User{932BC3BA-A405-4F39-8693-6593C79668FA}C:\users\hanson\downloads\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16755\sc2.exe |
    "TCP Query User{9AF16BF5-4554-4B87-8147-638177B4DD58}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
    "TCP Query User{9F11B27C-D9F5-41AD-B8E7-4B95F3043F58}G:\aoe2 conquerers copy\empires2.exe" = protocol=6 | dir=in | app=g:\aoe2 conquerers copy\empires2.exe |
    "TCP Query User{A0AEB8BC-110B-4CFD-B880-D92C87D8C51A}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
    "TCP Query User{A8E9D8E2-0EF7-481B-830B-041C831311F4}C:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe |
    "TCP Query User{AA73E612-442E-455F-9340-59D223D23290}C:\program files (x86)\fahclient\fahclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |
    "TCP Query User{BF6BDBF6-85C1-4208-B71C-84B7CAE945D4}C:\users\hanson\desktop\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base16939\sc2.exe |
    "TCP Query User{C283EB03-9D55-41AB-9088-0FA513148ADD}G:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\warcraft iii\war3.exe |
    "TCP Query User{C2AFFD0D-FAAC-4221-B208-6C9031CB2F70}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{C46530D3-30E7-4B95-A80C-EC7E676B55DB}C:\users\hanson\downloads\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base15405\sc2.exe |
    "TCP Query User{CB3D04C7-8760-4244-B984-CF52A79428D3}C:\users\hanson\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hanson\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{D68B3FD8-EBC3-45C2-863E-F5F6A039D93E}C:\users\hanson\desktop\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\starcraft ii.exe |
    "TCP Query User{E04F3AB3-0C38-420D-92C2-D063A0BEBC9E}C:\users\hanson\downloads\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16561\sc2.exe |
    "TCP Query User{E1C879AA-DBD7-4C08-A7F3-2D2E601AA6CF}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "TCP Query User{E433426F-2EED-45EF-94EC-557B168D7FBA}C:\users\hanson\desktop\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base19679\sc2.exe |
    "TCP Query User{EDAA9027-95A4-4978-BE4B-0CBECEFC3976}C:\users\hanson\desktop\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base18574\sc2.exe |
    "TCP Query User{FD8ECDF3-C574-4E19-8477-136C15926C48}C:\users\hanson\desktop\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\hanson\desktop\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{FD993CC3-C97E-4593-9E59-87476A9C45A9}C:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe" = protocol=6 | dir=in | app=c:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe |
    "UDP Query User{085116A0-EBD1-47DD-8BD9-A9BC2FDE5D3B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{0D17502E-A9AA-457C-829D-3BDD063B1F32}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{1263213A-F5EF-455E-8BC3-082BBA3B49D1}C:\users\hanson\desktop\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base16939\sc2.exe |
    "UDP Query User{128BBA92-0D2A-47EB-A774-51B96580FA69}C:\users\hanson\desktop\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base18574\sc2.exe |
    "UDP Query User{1A5C1B68-E5E9-471C-B09B-31B6A4155A1D}G:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\warcraft iii\war3.exe |
    "UDP Query User{1ACB2DCB-D224-4B24-B52E-6BA69690A503}C:\program files (x86)\diablo ii\d2se.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\d2se.exe |
    "UDP Query User{296AFF2A-6819-490E-A846-9B65E79F9A5F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "UDP Query User{2A67434A-7494-4540-81DA-9CFBB7BF6DAD}G:\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=g:\starcraft ii\versions\base15405\sc2.exe |
    "UDP Query User{2B86FB12-2EEE-4813-A5CF-7DDFEFD5A8A7}G:\aoe2 conquerers copy\empires2.exe" = protocol=17 | dir=in | app=g:\aoe2 conquerers copy\empires2.exe |
    "UDP Query User{32550CE5-9EF0-4BB1-878F-A1CBED838482}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
    "UDP Query User{3751848C-67D3-44A7-990A-81191C705CD3}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "UDP Query User{3EBE7CD1-687C-4BC8-86B4-7E5723AA8AF9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{3F2EBE85-A2C9-422B-9AB4-E427E2E57A63}C:\users\hanson\desktop\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{48DFD2E2-6D6F-4F41-AD9D-D0CB50EB2784}C:\users\hanson\downloads\ghostone1.7.266\ghostone\ghost.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\ghostone1.7.266\ghostone\ghost.exe |
    "UDP Query User{4CA20E49-EA2D-4D7F-B080-8A1EA40A2C58}C:\users\hanson\desktop\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base17326\sc2.exe |
    "UDP Query User{5AFB9C7A-B9A9-40CF-B0AD-338C2ACFBB8F}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "UDP Query User{5EF911EB-989A-4887-B053-E923844DA12A}C:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe |
    "UDP Query User{5FA77C65-9478-48AD-A6D2-3C4DB1BCE842}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
    "UDP Query User{635AF25E-9318-4C5B-9E26-6A45729C6329}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{63FBCCAD-9ECD-41B6-8549-D777AF33F287}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
    "UDP Query User{6453CE6D-785E-4D0D-A36C-2E71917A2206}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{679E0CFE-645C-48FA-AEBA-060B85CB2664}C:\users\hanson\downloads\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{6C98556D-398A-4B33-B5D9-1E473006FF1A}C:\users\hanson\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hanson\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{6F989D66-8F0F-434F-958A-1A242D6A0040}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
    "UDP Query User{719F948B-219A-424C-93F2-8D82541DD2D4}C:\users\hanson\downloads\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16561\sc2.exe |
    "UDP Query User{958D6975-0272-4FF9-9A35-F6721A4644F6}C:\users\hanson\downloads\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\starcraft ii.exe |
    "UDP Query User{9C502E07-479A-4EB0-B611-764AA48B9F02}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
    "UDP Query User{9F7EB885-70EB-4EE4-90C4-F76AFAA0A58B}C:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe |
    "UDP Query User{A12B63D3-B5FA-4E61-A131-010BF900A5E5}C:\users\hanson\downloads\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base15405\sc2.exe |
    "UDP Query User{A2629503-EA74-41D8-8406-703CC34BA867}C:\users\hanson\downloads\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16755\sc2.exe |
    "UDP Query User{A746BA59-B4AE-4DBE-9D30-85F339089778}C:\users\hanson\desktop\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base19679\sc2.exe |
    "UDP Query User{AC5731DD-E0F4-4960-80C3-76B3B9887E87}C:\users\hanson\desktop\maplestory\arcanems.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\maplestory\arcanems.exe |
    "UDP Query User{B13FAA20-3D8E-42C0-9E6F-A35C79D43278}C:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\ghostone1.7.266\ghostone\ghostone.exe |
    "UDP Query User{BFE36BEA-1EEA-4C4D-A5AB-EFDE2423BCDF}C:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\versions\base16605\sc2.exe |
    "UDP Query User{C45AB300-BADC-4140-B26B-040B04ACF241}C:\users\hanson\desktop\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base19132\sc2.exe |
    "UDP Query User{DA9E1235-8141-4521-B520-CF0A38B1EAF1}C:\users\hanson\desktop\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base15405\sc2.exe |
    "UDP Query User{DDC56995-51AC-4E6E-BEF0-051EA475C83B}C:\users\hanson\desktop\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\versions\base18092\sc2.exe |
    "UDP Query User{E5B58814-7A0F-457C-BDB2-BA781C861A2A}C:\users\hanson\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hanson\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{E9EEAB7B-9D35-4D50-BD98-639A3B08DCB3}C:\users\hanson\desktop\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\users\hanson\desktop\starcraft ii\starcraft ii.exe |
    "UDP Query User{FA6F892E-50B6-4E01-8505-49B62C1669CB}C:\users\hanson\downloads\starcraft ii\starcraft ii public test.exe" = protocol=17 | dir=in | app=c:\users\hanson\downloads\starcraft ii\starcraft ii public test.exe |
    "UDP Query User{FB10B952-AB91-4193-9BDF-6DFD1D0BA8AE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{FE276585-6727-4AB1-A13B-63D32D27D883}C:\program files (x86)\fahclient\fahclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |
     
  18. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
    "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
    "{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
    "CCleaner" = CCleaner
    "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
    "EditPad Lite" = EditPad Lite 7.1.1
    "LSI Soft Modem" = LSI HDA Modem
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
    "{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
    "{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
    "{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83
    "{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
    "{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
    "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
    "{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
    "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1" = D2SE V2.2.0
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
    "{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
    "{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
    "{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
    "{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C684A01-7F9C-40E7-AF94-BFE24BC89C97}" = XSplit
    "{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
    "{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
    "{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
    "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
    "{E1D0E5FE-CBB8-45BE-BF84-0E0AC5021B05}" = PAUPstar
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
    "{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
    "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Akamai" = Akamai NetSession Interface Service
    "avast" = avast! Free Antivirus
    "BIT.TRIP RUNNER" = BIT.TRIP RUNNER (remove only)
    "conduitEngine" = Conduit Engine
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "DragonNest" = DragonNest
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "hon" = Heroes of Newerth
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Logitech Vid" = Logitech Vid HD
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "LOLReplay" = LOLReplay
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MapleStory" = MapleStory
    "MapleStoryTespia" = MapleStoryTespia
    "Mesquite" = Mesquite
    "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OpenAL" = OpenAL
    "PokerStars.net" = PokerStars.net
    "Project D" = Project D
    "ShiftWindow_is1" = ShiftWindow 1.02
    "Steam App 105600" = Terraria
    "Steam App 113200" = The Binding of Isaac
    "Steam App 570" = Dota 2
    "Steam App 65800" = Dungeon Defenders
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "Warcraft III" = Warcraft III
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "winscp3_is1" = WinSCP 4.3.6

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Game Organizer" = EasyBits GO
    "NCsoft-Aion" = Aion
    "UnityWebPlayer" = Unity Web Player
    "Warcraft III" = Warcraft III: All Products

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/11/2011 2:36:21 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/11/2011 2:36:21 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/11/2011 2:36:28 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/11/2011 2:36:28 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/11/2011 2:36:29 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/11/2011 2:36:30 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/11/2011 2:37:57 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/11/2011 2:37:57 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/13/2011 1:52:38 PM | Computer Name = Hanson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 8/15/2011 8:28:29 PM | Computer Name = Hanson-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 5.0.0.4183 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1288 Start
    Time: 01cc5b6c7f8742b2 Termination Time: 296 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 9d6ff0d6-c79e-11e0-94b4-c80aa96043b1

    [ Hewlett-Packard Events ]
    Error - 7/30/2011 1:04:37 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/30/2011 1:04:37 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/30/2011 1:23:24 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/30/2011 1:23:24 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 11/26/2011 12:54:53 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 11/26/2011 12:54:53 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 12/3/2011 1:31:45 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US An unspecified error occurred on the render thread. PresentationCore

    at System.Windows.Media.MediaContext.NotifyPartitionIsZombie(Int32 failureCode)

    at System.Windows.Media.MediaContext.NotifyChannelMessage() at System.Windows.Interop.HwndTarget.HandleMessage(Int32
    msg, IntPtr wparam, IntPtr lparam) at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
    hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr
    hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
    o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
    Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


    Error - 12/3/2011 1:31:47 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Exception from HRESULT: 0x88980406 PresentationCore at System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

    at System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
    hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
    windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
    isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel) at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
    enableRenderTarget, Nullable`1 channelSet) at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
    enableRenderTarget) at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
    lParam) at System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
    wparam, IntPtr lparam) at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
    hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr
    hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
    o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
    Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


    Error - 12/3/2011 1:31:49 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US An unspecified error occurred on the render thread. PresentationCore

    at System.Windows.Media.MediaContext.NotifyPartitionIsZombie(Int32 failureCode)

    at System.Windows.Media.MediaContext.NotifyChannelMessage() at System.Windows.Media.MediaContext.CompleteRender()

    at System.Windows.Media.MediaContext.LeaveInterlockedPresentation() at System.Windows.Media.MediaContext.DisconnectHandler(Object
    obj) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
    Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


    Error - 2/25/2012 5:11:47 PM | Computer Name = Hanson-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    [ System Events ]
    Error - 7/29/2012 5:10:37 PM | Computer Name = Hanson-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 7/29/2012 5:16:31 PM | Computer Name = Hanson-PC | Source = DCOM | ID = 10010
    Description =

    Error - 7/29/2012 9:50:40 PM | Computer Name = Hanson-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 7/29/2012 11:53:42 PM | Computer Name = Hanson-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 7/30/2012 12:25:51 PM | Computer Name = Hanson-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 7/30/2012 8:25:58 PM | Computer Name = Hanson-PC | Source = Service Control Manager | ID = 7034
    Description = The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 7/30/2012 9:04:17 PM | Computer Name = Hanson-PC | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 7/30/2012 9:14:42 PM | Computer Name = Hanson-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/30/2012 9:19:09 PM | Computer Name = Hanson-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/30/2012 9:21:01 PM | Computer Name = Hanson-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - No CLSID value found.
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC654325-1273-C2A9-2B7C-45D29BCE68FB} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC654325-1273-C2A9-2B7C-45D29BCE68FB}\ not found.
    ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 156931631 bytes
    ->Java cache emptied: 39222 bytes
    ->FireFox cache emptied: 66854048 bytes
    ->Flash cache emptied: 15569 bytes

    User: Hanson
    ->Temp folder emptied: 703777 bytes
    ->Temporary Internet Files folder emptied: 20664330 bytes
    ->Java cache emptied: 36650139 bytes
    ->FireFox cache emptied: 1263612267 bytes
    ->Google Chrome cache emptied: 37099193 bytes
    ->Flash cache emptied: 3397495 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,513.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Hanson
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Hanson
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07302012_224946

    Files\Folders moved on Reboot...
    C:\Users\Hanson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Hanson\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  21. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader X (10.1.1)
    Mozilla Firefox (14.0.1)
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 15% Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````
     
  22. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    Farbar Service Scanner Version: 26-07-2012
    Ran by Hanson (administrator) on 30-07-2012 at 23:23:33
    Running from "C:\Users\Hanson\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  23. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    C:\TDSSKiller_Quarantine\29.07.2012_23.38.36\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.38.36\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_23.43.04\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =========================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  25. Hanson Duan

    Hanson Duan TS Rookie Topic Starter Posts: 20

    Thanks a bunch! I will preform the final steps later when I get the chance to.
    If I could donate I would, but for now I can only offer my thanks. Hopefully I wont have to return to this forums again, but if I do I know that you guys can help.

    e/ Also is it fine for me to delete all the programs used in the process?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...