Inactive [A] Virus causing a BSOD irql_not_less_or_equal stop:0x000000000a

Status
Not open for further replies.
uujyxuu

uujyxuu

Posts: 12   +0
This morning I got a BSOD with error code IRQL_NOT_LESS_OR_EQUAL STOP:0x000000000A , I think it was caused by a virus because when I tried moving my files from one computer to another as backup, my other computer got the BSOD as well.

When I scanned with TDSSKiller it found a rootkit.boot.pihar.c , which is labelled as cure and right now I have not yet continued with disinfection because I do not know if I should

I uploaded my dump files.

Please help me,

Thanks
 

Attachments

  • Minidump.zip
    97.6 KB · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
DDS Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/20/2011 5:52:22 PM
System Uptime: 11/19/2012 6:12:10 PM (0 hours ago)
.
Motherboard: LENOVO | | 2767MC6
Processor: Intel(R) Core(TM)2 Duo CPU P7370 @ 2.00GHz | None | 780/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 131 GiB total, 31.285 GiB free.
D: is FIXED (NTFS) - 102 GiB total, 10.991 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&33FD14CA&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&33FD14CA&0&18
Service:
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_20EC17AA&REV_07\3&33FD14CA&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_20EC17AA&REV_07\3&33FD14CA&0&1B
Service:
.
==== System Restore Points ===================
.
RP300: 11/19/2012 5:38:50 PM - Installed Debugging Tools for Windows (x64)
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
???? 5.7???
??????? 6.2???
??QQ2011
µTorrent
ActiveState Komodo Edit 6.1.1
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9 Pro Extended 64-bit Add-On
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Amazing Adventures Around the World
Android SDK Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Uninstaller
AVG 2012
Bejeweled 3
Bonjour
Bookworm Deluxe
Brother MFL-Pro Suite DCP-7065DN
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
Cisco AnyConnect VPN Client
ConvertXtoDVD 4.1.9.347
CPUID HWMonitor 1.17
Crystal Reports for Visual Studio
D3DX10
DAEMON Tools Lite
Debugging Tools for Windows (x64)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
DivX Web Player
Dropbox
Dynomite Deluxe
EASEUS Partition Master 7.0.1 Professional
ESET Online Scanner v3
Feeding Frenzy Deluxe 5.7.18.1
GOM Player
Google SketchUp Pro 7
Google Talk Plugin
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2455033)
iExplorer 2.2.1.3
Insaniquarium Deluxe 1.1
iTunes
Java Auto Updater
Java(TM) 6 Update 25 (64-bit)
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 25 (64-bit)
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 8.1.0 (Standard)
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.65.1.1000
MATLAB R2010a
Messenger Companion
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
ModelSim-Altera 6.6d (Quartus II 11.0) Starter Edition
MSVCRT
MSVCRT_amd64
Nios II EDS 11.0
Notepad++
Nuance PaperPort 12
Nuance PDF Viewer Plus
OpenSSH for Windows (remove only)
Paint.NET v3.5.8
PaperPort Image Printer 64-bit
Peggle Deluxe
PerfectDisk 11 Professional
PSpice Student 9.1
PX Profile Update
Quartus II 11.0 Web Edition
QuickTime
Razer Diamondback
RSA SecurID Software Token
Scansoft PDF Professional
Scrabble Plus 1.00
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Skype™ 5.10
SpeedFan (remove only)
Sql Server Customer Experience Improvement Program
System Update
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkVantage Fingerprint Software
TPFanControl v0.62
TreeSize Free V2.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.1
VNC Viewer 5.0.1
WampServer 2.1
WBFS Manager 2.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 7 (64-bit)
WinSCP 4.3.5
WinX Free iPod Video Converter 3.8.15
WinZip 15.5
Xming 6.9.0.31
Yawcam 0.3.7
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/19/2012 6:13:40 PM, Error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error The specified resource name cannot be found in the image file..
11/19/2012 5:28:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 5:27:14 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 5:27:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/19/2012 5:27:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/19/2012 5:26:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/19/2012 5:26:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/19/2012 5:26:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache lenovo.smi spldr TPPWRIF Wanarpv6
11/19/2012 5:26:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030b2f9a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\111912-23150-01.dmp. Report Id: 111912-23150-01.
11/19/2012 5:21:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005320bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\Minidump\111912-51979-01.dmp. Report Id: 111912-51979-01.
11/19/2012 2:47:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/19/2012 12:32:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000ebc00001544, 0x0000000000000002, 0x0000000000000001, 0xfffff800030a1ef5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111912-33384-01.
11/19/2012 11:29:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/19/2012 11:25:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005330bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111912-48251-01.
11/19/2012 11:21:28 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 11:21:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/19/2012 11:21:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/19/2012 11:20:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000e9, 0x0000000000000002, 0x0000000000000001, 0xfffff80003065ef5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111912-31527-01.
11/19/2012 11:20:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF Wanarpv6 WfpLwf
11/19/2012 11:20:26 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2012 11:20:26 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 11:20:26 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 11:20:26 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 11:20:26 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 11:20:25 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/19/2012 11:20:25 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2012 11:20:25 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2012 11:20:25 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2012 11:20:25 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/19/2012 11:12:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88009954378, 0xfffff88009953be0, 0xfffff880012a14f5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111912-49280-01.
11/19/2012 11:09:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
11/19/2012 11:09:56 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/19/2012 11:09:13 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/19/2012 11:02:43 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/18/2012 11:06:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/17/2012 5:08:06 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/16/2012 3:18:01 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/16/2012 3:15:36 PM, Error: Schannel [36888] - The following fatal alert was generated: 48. The internal error state is 552.
11/16/2012 3:15:36 PM, Error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
11/16/2012 2:33:10 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
11/16/2012 2:31:56 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
11/15/2012 8:54:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2761451).
11/13/2012 9:21:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PwmEWSvc service.
11/13/2012 4:33:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/12/2012 7:02:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PDEngine service.
.
==== End Of File ===========================
 
DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Jing at 18:51:24 on 2012-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3992.2224 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files (x86)\OpenSSH\usr\sbin\sshd.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Jing\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jing\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Razer\Diamondback\razerhid.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Razer\Diamondback\razerofa.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.babylon.com/?affID=114163&tt=3812_4&babsrc=HP_iclro&mntrId=fcc06ed800000000000000242cbf722d
uProxyOverride = local;*.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [Google Update] "C:\Users\Jing\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [BandwidthMonitor] C:\Users\Jing\Desktop\BWMonitor.exe
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NMGameX_AutoRun] C:\Windows\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\razerhid.exe
StartupFolder: C:\Users\Jing\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jing\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 208.77.2.11 207.200.7.21 75.75.75.75
TCP: Interfaces\{5C01B9C7-20F4-473E-9383-86B2121C1640} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{6012D7C2-A624-47DC-B086-8547568ED151} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{8221F501-CC2A-418C-9428-8F498AF97180} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24} : DHCPNameServer = 208.77.2.11 207.200.7.21 75.75.75.75
TCP: Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24}\14D444D25487472716E65647 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.3.0.2
TCP: Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24}\45967656277416274656E6 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24}\A43585 : DHCPNameServer = 64.71.255.198
TCP: Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24}\A584F455 : DHCPNameServer = 192.168.1.254 75.153.176.9
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: igfxcui - <no file>
Notify: klogon - <no file>
Notify: psfus - <no file>
AppInit_DLLs= acaptuser32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: QQ?????????: {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-2-20 31344]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-2-23 15472]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-18 203776]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-2-20 21992]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-2-23 93032]
R2 OpenSSHd;OpenSSH Server;C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe [2008-3-18 68096]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-8-18 148840]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 TVicPort64;TVicPort64;C:\Windows\System32\drivers\TVicPort64.sys [2011-7-31 16080]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-8-3 645048]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-9-2 245760]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-2-20 477032]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-20 254528]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-18 10611552]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BaiduUpdater;Baidu Updater;C:\Program Files (x86)\Baidu\BaiduUpdate\bdupdate.exe [2011-6-22 503536]
S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\System32\drivers\usbVM31b.sys [2005-9-19 142336]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-2-20 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-2-20 9096]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-12-9 25072]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-2-20 83304]
S3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\Razerlow.sys [2005-11-7 21120]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-3-10 125344]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2012-7-8 4714888]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\notepad.exe %1
FileExt: .chm: chm.file="hh.exe" %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: Applications\komodo.exe="C:\Program Files (x86)\ActiveState Komodo Edit 6\komodo.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-20 01:44:02 -------- d-----w- C:\Symbols
2012-11-20 01:40:07 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2012-11-20 01:38:16 -------- d-----w- C:\Users\Jing\AppData\Local\{6FF82B05-8B65-4C75-9EB5-3FE80742733A}
2012-11-20 01:31:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-19 23:35:17 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-19 19:29:21 -------- d-----w- C:\Users\Jing\AppData\Local\{E0123E74-19F4-46AB-96F2-89AB683C94E2}
2012-11-19 19:09:56 -------- d-----w- C:\Users\Jing\AppData\Local\{4509FB29-E4E4-4540-8903-A5F30C4452E4}
2012-11-17 06:39:48 -------- d-----w- C:\Users\Jing\AppData\Local\{98EC0252-4BBC-45DB-9D5B-A186C46EEB71}
2012-11-16 17:12:57 -------- d-----w- C:\Users\Jing\AppData\Local\{E1D96E72-CCC6-4DD7-B61A-C993CE071A98}
2012-11-16 11:00:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-11-16 11:00:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-11-16 11:00:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-11-16 11:00:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-11-15 03:13:40 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-15 03:13:10 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 03:13:10 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-10-28 03:12:24 0 -c--a-w- C:\Windows\System32\nsp3A79.tmp
2012-10-28 03:12:23 0 -c--a-w- C:\Windows\SysWow64\nsu3569.tmp
2012-10-23 02:42:36 5188280 -c--a-w- C:\Windows\System32\SogouPY.ime
2012-10-23 02:42:36 2980536 -c--a-w- C:\Windows\SysWow64\SogouPY.ime
.
==================== Find3M ====================
.
2012-11-16 11:02:21 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-16 11:02:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-16 11:02:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-16 11:02:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-16 11:02:21 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-16 11:02:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-16 11:02:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-16 11:02:21 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-16 11:02:21 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-16 11:02:21 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-16 11:02:21 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-16 11:02:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-12 02:22:59 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-12 02:22:59 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-12 02:22:59 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-12 02:22:33 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-12 02:22:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-12 02:22:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-12 02:22:17 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-12 02:21:41 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-12 02:21:41 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-12 02:20:57 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-12 02:20:57 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-12 02:20:57 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-12 02:20:57 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-12 02:20:57 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-12 02:20:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-09-30 03:54:26 25928 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 22:43:16 384352 -c--a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 18:52:30.84 ===============
 
MalwareByte log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.19.08
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jing :: JING-PC [administrator]
11/19/2012 5:50:33 PM
mbam-log-2012-11-19 (18-10-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215046
Time elapsed: 17 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\SogouExplorer (Adware.Sogou) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Jing\AppData\Roaming\SogouExplorer\SogouExplorerSetup.exe (Adware.Sogou) -> No action taken.
C:\Users\Jing\Downloads\OpenSSH_for_Windows_5.6p1-2.exe (Trojan.Agent) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
The svchost.exe trojan is deleted but it still comes back in later scans.

Also, my computer crashed once more today with different error code, so I also uploaded a new dump file zip which reported that chrome.exe was the program that caused the crash
 

Attachments

  • NewDump.zip
    25.6 KB · Views: 0
From my original post I already ran TDSSkiller and it came back with rootkit.boot.pihar.c , which I cured and now this scan came back clean, MalwareByte came back again clean as well, does that mean my computer won't crash again??


19:21:59.0891 5740 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:22:00.0503 5740 ============================================================
19:22:00.0503 5740 Current date / time: 2012/11/19 19:22:00.0503
19:22:00.0503 5740 SystemInfo:
19:22:00.0503 5740
19:22:00.0504 5740 OS Version: 6.1.7600 ServicePack: 0.0
19:22:00.0504 5740 Product type: Workstation
19:22:00.0504 5740 ComputerName: JING-PC
19:22:00.0504 5740 UserName: Jing
19:22:00.0504 5740 Windows directory: C:\Windows
19:22:00.0504 5740 System windows directory: C:\Windows
19:22:00.0504 5740 Running under WOW64
19:22:00.0504 5740 Processor architecture: Intel x64
19:22:00.0504 5740 Number of processors: 2
19:22:00.0504 5740 Page size: 0x1000
19:22:00.0504 5740 Boot type: Normal boot
19:22:00.0504 5740 ============================================================
19:22:02.0189 5740 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:22:02.0201 5740 ============================================================
19:22:02.0201 5740 \Device\Harddisk0\DR0:
19:22:02.0201 5740 MBR partitions:
19:22:02.0201 5740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:22:02.0201 5740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x105E4800
19:22:02.0201 5740 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10617000, BlocksNum 0xCBAD1D0
19:22:02.0201 5740 ============================================================
19:22:02.0222 5740 C: <-> \Device\Harddisk0\DR0\Partition2
19:22:02.0324 5740 D: <-> \Device\Harddisk0\DR0\Partition3
19:22:02.0324 5740 ============================================================
19:22:02.0324 5740 Initialize success
19:22:02.0324 5740 ============================================================
19:22:10.0475 6096 ============================================================
19:22:10.0475 6096 Scan started
19:22:10.0475 6096 Mode: Manual; SigCheck; TDLFS;
19:22:10.0475 6096 ============================================================
19:22:11.0950 6096 ================ Scan system memory ========================
19:22:11.0950 6096 System memory - ok
19:22:11.0951 6096 ================ Scan services =============================
19:22:12.0165 6096 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:22:12.0339 6096 1394ohci - ok
19:22:12.0513 6096 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:22:12.0568 6096 ACPI - ok
19:22:12.0627 6096 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:22:12.0926 6096 AcpiPmi - ok
19:22:13.0087 6096 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:22:13.0109 6096 AdobeARMservice - ok
19:22:13.0183 6096 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:22:13.0219 6096 adp94xx - ok
19:22:13.0300 6096 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:22:13.0325 6096 adpahci - ok
19:22:13.0376 6096 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:22:13.0411 6096 adpu320 - ok
19:22:13.0448 6096 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:22:13.0657 6096 AeLookupSvc - ok
19:22:13.0691 6096 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:22:13.0799 6096 AFD - ok
19:22:13.0836 6096 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:22:13.0856 6096 agp440 - ok
19:22:13.0896 6096 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:22:13.0925 6096 ALG - ok
19:22:13.0971 6096 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:22:14.0003 6096 aliide - ok
19:22:14.0050 6096 [ 0B387CBB0C445893EA4907DF6312D367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:22:14.0166 6096 AMD External Events Utility - ok
19:22:14.0210 6096 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:22:14.0243 6096 amdide - ok
19:22:14.0292 6096 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:22:14.0364 6096 AmdK8 - ok
19:22:14.0647 6096 [ 393D90B57B1FA56CAF4E6CCC7A55B069 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:22:14.0875 6096 amdkmdag - ok
19:22:14.0914 6096 [ 62171B584A80E74FFF16A55BF95DD4C6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:22:14.0948 6096 amdkmdap - ok
19:22:14.0992 6096 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:22:15.0038 6096 AmdPPM - ok
19:22:15.0073 6096 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:22:15.0095 6096 amdsata - ok
19:22:15.0118 6096 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:22:15.0138 6096 amdsbs - ok
19:22:15.0155 6096 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:22:15.0171 6096 amdxata - ok
19:22:15.0231 6096 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:22:15.0409 6096 AppID - ok
19:22:15.0437 6096 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:22:15.0489 6096 AppIDSvc - ok
19:22:15.0547 6096 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:22:15.0594 6096 Appinfo - ok
19:22:15.0658 6096 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:22:15.0675 6096 Apple Mobile Device - ok
19:22:15.0710 6096 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:22:15.0754 6096 AppMgmt - ok
19:22:15.0786 6096 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:22:15.0802 6096 arc - ok
19:22:15.0845 6096 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:22:15.0867 6096 arcsas - ok
19:22:15.0954 6096 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:22:15.0982 6096 aspnet_state - ok
19:22:16.0015 6096 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:16.0092 6096 AsyncMac - ok
19:22:16.0121 6096 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:22:16.0136 6096 atapi - ok
19:22:16.0361 6096 [ 393D90B57B1FA56CAF4E6CCC7A55B069 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:22:16.0617 6096 atikmdag - ok
19:22:16.0690 6096 [ EA512F43F4A28D18B52CAFE8C93984FB ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
19:22:16.0741 6096 ATSwpWDF - ok
19:22:16.0782 6096 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:22:16.0863 6096 AudioEndpointBuilder - ok
19:22:16.0885 6096 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:22:16.0932 6096 AudioSrv - ok
19:22:17.0190 6096 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
19:22:17.0381 6096 AVGIDSAgent - ok
19:22:17.0442 6096 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:22:17.0462 6096 AVGIDSDriver - ok
19:22:17.0482 6096 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:22:17.0495 6096 AVGIDSFilter - ok
19:22:17.0611 6096 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:22:17.0628 6096 AVGIDSHA - ok
19:22:17.0672 6096 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:22:17.0698 6096 Avgldx64 - ok
19:22:17.0718 6096 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:22:17.0733 6096 Avgmfx64 - ok
19:22:17.0789 6096 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:22:17.0804 6096 Avgrkx64 - ok
19:22:17.0859 6096 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:22:17.0943 6096 Avgtdia - ok
19:22:17.0982 6096 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:22:18.0016 6096 avgwd - ok
19:22:18.0056 6096 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:22:18.0139 6096 AxInstSV - ok
19:22:18.0209 6096 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:22:18.0307 6096 b06bdrv - ok
19:22:18.0337 6096 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:22:18.0371 6096 b57nd60a - ok
19:22:18.0463 6096 [ 21E3EBC9AEC62A5D2E1033594D6F13AB ] BaiduUpdater C:\Program Files (x86)\Baidu\BaiduUpdate\bdupdate.exe
19:22:18.0523 6096 BaiduUpdater ( UnsignedFile.Multi.Generic ) - warning
19:22:18.0523 6096 BaiduUpdater - detected UnsignedFile.Multi.Generic (1)
19:22:18.0567 6096 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:22:18.0633 6096 BDESVC - ok
19:22:18.0693 6096 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:22:18.0772 6096 Beep - ok
19:22:18.0858 6096 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:22:18.0952 6096 BFE - ok
19:22:19.0007 6096 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
19:22:19.0075 6096 BITS - ok
19:22:19.0099 6096 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:19.0139 6096 blbdrive - ok
19:22:19.0248 6096 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:22:19.0290 6096 Bonjour Service - ok
19:22:19.0353 6096 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:22:19.0407 6096 bowser - ok
19:22:19.0443 6096 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:22:19.0482 6096 BrFiltLo - ok
19:22:19.0510 6096 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:22:19.0545 6096 BrFiltUp - ok
19:22:19.0614 6096 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
19:22:19.0671 6096 Browser - ok
19:22:19.0707 6096 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:22:19.0762 6096 Brserid - ok
19:22:19.0780 6096 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:22:19.0836 6096 BrSerWdm - ok
19:22:19.0863 6096 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:22:19.0914 6096 BrUsbMdm - ok
19:22:19.0943 6096 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:22:19.0975 6096 BrUsbSer - ok
19:22:20.0041 6096 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
19:22:20.0058 6096 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
19:22:20.0058 6096 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
19:22:20.0085 6096 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:22:20.0129 6096 BthEnum - ok
19:22:20.0157 6096 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:22:20.0192 6096 BTHMODEM - ok
19:22:20.0216 6096 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:22:20.0246 6096 BthPan - ok
19:22:20.0295 6096 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:22:20.0332 6096 BTHPORT - ok
19:22:20.0366 6096 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:22:20.0416 6096 bthserv - ok
19:22:20.0447 6096 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:22:20.0508 6096 BTHUSB - ok
19:22:20.0543 6096 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:22:20.0608 6096 cdfs - ok
19:22:20.0658 6096 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:22:20.0704 6096 cdrom - ok
19:22:20.0736 6096 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:22:20.0805 6096 CertPropSvc - ok
19:22:20.0831 6096 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:22:20.0862 6096 circlass - ok
19:22:20.0887 6096 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:22:20.0911 6096 CLFS - ok
19:22:20.0987 6096 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:22:21.0017 6096 clr_optimization_v2.0.50727_32 - ok
19:22:21.0064 6096 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:22:21.0083 6096 clr_optimization_v2.0.50727_64 - ok
19:22:21.0189 6096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:22:21.0210 6096 clr_optimization_v4.0.30319_32 - ok
19:22:21.0220 6096 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:22:21.0236 6096 clr_optimization_v4.0.30319_64 - ok
19:22:21.0273 6096 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:22:21.0289 6096 CmBatt - ok
19:22:21.0317 6096 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:22:21.0333 6096 cmdide - ok
19:22:21.0396 6096 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
19:22:21.0458 6096 CNG - ok
19:22:21.0484 6096 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:22:21.0499 6096 Compbatt - ok
19:22:21.0521 6096 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:22:21.0554 6096 CompositeBus - ok
19:22:21.0580 6096 COMSysApp - ok
19:22:21.0619 6096 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
19:22:21.0632 6096 cpuz135 - ok
19:22:21.0648 6096 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:22:21.0664 6096 crcdisk - ok
19:22:21.0703 6096 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:22:21.0763 6096 CryptSvc - ok
19:22:21.0800 6096 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
19:22:21.0874 6096 CSC - ok
19:22:21.0931 6096 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
19:22:21.0989 6096 CscService - ok
19:22:22.0062 6096 [ D00A4FE22216265783A08A05D268B902 ] DCamUSBVM C:\Windows\system32\Drivers\usbVM31b.sys
19:22:22.0109 6096 DCamUSBVM - ok
19:22:22.0175 6096 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:22:22.0234 6096 DcomLaunch - ok
19:22:22.0285 6096 [ CEC7F24E28B40829C0FD2D523E72B5D3 ] DefragFS C:\Windows\system32\drivers\DefragFS.sys
19:22:22.0301 6096 DefragFS - ok
19:22:22.0341 6096 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:22:22.0429 6096 defragsvc - ok
19:22:22.0472 6096 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:22:22.0544 6096 DfsC - ok
19:22:22.0591 6096 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:22:22.0700 6096 Dhcp - ok
19:22:22.0756 6096 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:22:22.0827 6096 discache - ok
19:22:22.0881 6096 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:22:22.0914 6096 Disk - ok
19:22:22.0961 6096 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:22:22.0994 6096 Dnscache - ok
19:22:23.0028 6096 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:22:23.0089 6096 dot3svc - ok
19:22:23.0217 6096 [ 7719FB1A82B2972B1F326AD2F80C2606 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
19:22:23.0267 6096 DozeSvc - ok
19:22:23.0300 6096 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:22:23.0366 6096 DPS - ok
19:22:23.0398 6096 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:22:23.0436 6096 drmkaud - ok
19:22:23.0499 6096 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:22:23.0524 6096 dtsoftbus01 - ok
19:22:23.0576 6096 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:22:23.0615 6096 DXGKrnl - ok
19:22:23.0647 6096 [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
19:22:23.0677 6096 DzHDD64 - ok
19:22:23.0711 6096 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
19:22:23.0751 6096 e1yexpress - ok
19:22:23.0781 6096 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:22:23.0840 6096 EapHost - ok
19:22:23.0959 6096 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:22:24.0057 6096 ebdrv - ok
19:22:24.0089 6096 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:22:24.0147 6096 EFS - ok
19:22:24.0219 6096 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:22:24.0272 6096 ehRecvr - ok
19:22:24.0318 6096 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:22:24.0588 6096 ehSched - ok
19:22:24.0673 6096 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:22:24.0708 6096 elxstor - ok
19:22:24.0744 6096 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
19:22:24.0771 6096 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
19:22:24.0771 6096 epmntdrv - detected UnsignedFile.Multi.Generic (1)
19:22:24.0802 6096 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:22:24.0836 6096 ErrDev - ok
19:22:24.0874 6096 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
19:22:24.0901 6096 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
19:22:24.0901 6096 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
19:22:24.0948 6096 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:22:25.0021 6096 EventSystem - ok
19:22:25.0050 6096 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:22:25.0112 6096 exfat - ok
19:22:25.0148 6096 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:22:25.0196 6096 fastfat - ok
19:22:25.0273 6096 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:22:25.0332 6096 Fax - ok
19:22:25.0346 6096 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:22:25.0382 6096 fdc - ok
19:22:25.0409 6096 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:22:25.0451 6096 fdPHost - ok
19:22:25.0467 6096 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:22:25.0531 6096 FDResPub - ok
19:22:25.0546 6096 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:22:25.0563 6096 FileInfo - ok
19:22:25.0581 6096 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:22:25.0634 6096 Filetrace - ok
19:22:25.0739 6096 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:22:25.0796 6096 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:22:25.0796 6096 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:22:25.0816 6096 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:22:25.0846 6096 flpydisk - ok
19:22:25.0879 6096 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:22:25.0905 6096 FltMgr - ok
19:22:25.0988 6096 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
19:22:26.0060 6096 FontCache - ok
19:22:26.0114 6096 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:22:26.0144 6096 FontCache3.0.0.0 - ok
19:22:26.0161 6096 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:22:26.0181 6096 FsDepends - ok
19:22:26.0203 6096 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:22:26.0222 6096 Fs_Rec - ok
19:22:26.0241 6096 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:22:26.0273 6096 fvevol - ok
19:22:26.0311 6096 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:22:26.0327 6096 gagp30kx - ok
19:22:26.0423 6096 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:22:26.0438 6096 GEARAspiWDM - ok
19:22:26.0478 6096 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:22:26.0530 6096 gpsvc - ok
19:22:26.0702 6096 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:22:26.0725 6096 gupdate - ok
19:22:26.0730 6096 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:22:26.0746 6096 gupdatem - ok
19:22:26.0776 6096 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:22:26.0808 6096 hcw85cir - ok
19:22:26.0864 6096 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:22:26.0920 6096 HdAudAddService - ok
19:22:26.0950 6096 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:22:26.0982 6096 HDAudBus - ok
19:22:27.0013 6096 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:22:27.0042 6096 HidBatt - ok
19:22:27.0067 6096 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:22:27.0098 6096 HidBth - ok
19:22:27.0112 6096 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:22:27.0145 6096 HidIr - ok
19:22:27.0174 6096 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:22:27.0222 6096 hidserv - ok
19:22:27.0262 6096 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:22:27.0301 6096 HidUsb - ok
19:22:27.0333 6096 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:22:27.0397 6096 hkmsvc - ok
19:22:27.0415 6096 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:22:27.0469 6096 HomeGroupListener - ok
19:22:27.0509 6096 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:22:27.0531 6096 HomeGroupProvider - ok
19:22:27.0586 6096 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:22:27.0603 6096 HpSAMD - ok
19:22:27.0641 6096 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:22:27.0702 6096 HTTP - ok
19:22:27.0721 6096 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:22:27.0737 6096 hwpolicy - ok
19:22:27.0799 6096 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:22:27.0822 6096 i8042prt - ok
19:22:27.0865 6096 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
19:22:27.0891 6096 iaStorV - ok
19:22:27.0932 6096 [ A9BD44426A69079240767FE4AEE0EA71 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:22:27.0944 6096 IBMPMDRV - ok
19:22:27.0990 6096 [ 57D4A3ED5497DB0C5A53E680A9BDD1C6 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
19:22:28.0002 6096 IBMPMSVC - ok
19:22:28.0051 6096 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:22:28.0085 6096 idsvc - ok
19:22:28.0353 6096 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:22:28.0712 6096 igfx - ok
19:22:28.0760 6096 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:22:28.0776 6096 iirsp - ok
19:22:28.0813 6096 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:22:28.0870 6096 IKEEXT - ok
19:22:28.0904 6096 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:22:28.0937 6096 intelide - ok
19:22:29.0227 6096 [ 677AA5991026A65ADA128C4B59CF2BAD ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
19:22:29.0520 6096 intelkmd - ok
19:22:29.0558 6096 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:22:29.0581 6096 intelppm - ok
19:22:29.0610 6096 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:22:29.0694 6096 IPBusEnum - ok
19:22:29.0714 6096 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:22:29.0769 6096 IpFilterDriver - ok
19:22:29.0799 6096 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:22:29.0860 6096 iphlpsvc - ok
19:22:29.0892 6096 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:22:29.0924 6096 IPMIDRV - ok
19:22:29.0947 6096 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:22:30.0001 6096 IPNAT - ok
19:22:30.0084 6096 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:22:30.0131 6096 iPod Service - ok
19:22:30.0180 6096 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:22:30.0200 6096 IRENUM - ok
19:22:30.0241 6096 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:22:30.0258 6096 isapnp - ok
19:22:30.0285 6096 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:22:30.0307 6096 iScsiPrt - ok
19:22:30.0345 6096 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
19:22:30.0376 6096 ivusb - ok
19:22:30.0417 6096 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:22:30.0433 6096 kbdclass - ok
19:22:30.0448 6096 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:22:30.0467 6096 kbdhid - ok
19:22:30.0499 6096 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
19:22:30.0517 6096 KeyIso - ok
19:22:30.0558 6096 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:22:30.0592 6096 KSecDD - ok
19:22:30.0600 6096 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:22:30.0621 6096 KSecPkg - ok
19:22:30.0653 6096 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:22:30.0703 6096 ksthunk - ok
19:22:30.0748 6096 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:22:30.0830 6096 KtmRm - ok
19:22:30.0879 6096 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:22:30.0934 6096 LanmanServer - ok
19:22:30.0963 6096 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:22:31.0034 6096 LanmanWorkstation - ok
19:22:31.0100 6096 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
19:22:31.0128 6096 lenovo.smi - ok
19:22:31.0163 6096 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
19:22:31.0178 6096 Lenovo.VIRTSCRLSVC - ok
19:22:31.0215 6096 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:22:31.0288 6096 lltdio - ok
19:22:31.0332 6096 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:22:31.0413 6096 lltdsvc - ok
19:22:31.0433 6096 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:22:31.0475 6096 lmhosts - ok
19:22:31.0534 6096 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:22:31.0567 6096 LSI_FC - ok
19:22:31.0588 6096 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:22:31.0606 6096 LSI_SAS - ok
19:22:31.0628 6096 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:22:31.0645 6096 LSI_SAS2 - ok
19:22:31.0669 6096 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:22:31.0687 6096 LSI_SCSI - ok
19:22:31.0717 6096 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:22:31.0818 6096 luafv - ok
19:22:31.0843 6096 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:22:31.0861 6096 Mcx2Svc - ok
19:22:31.0884 6096 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:22:31.0900 6096 megasas - ok
19:22:31.0938 6096 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:22:31.0971 6096 MegaSR - ok
19:22:32.0024 6096 Microsoft SharePoint Workspace Audit Service - ok
19:22:32.0050 6096 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:22:32.0121 6096 MMCSS - ok
19:22:32.0138 6096 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:22:32.0199 6096 Modem - ok
19:22:32.0240 6096 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:22:32.0281 6096 monitor - ok
19:22:32.0309 6096 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:22:32.0326 6096 mouclass - ok
19:22:32.0343 6096 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:22:32.0375 6096 mouhid - ok
19:22:32.0426 6096 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:22:32.0443 6096 mountmgr - ok
19:22:32.0476 6096 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:22:32.0495 6096 mpio - ok
19:22:32.0513 6096 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:22:32.0555 6096 mpsdrv - ok
19:22:32.0578 6096 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:22:32.0650 6096 MpsSvc - ok
19:22:32.0692 6096 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:22:32.0738 6096 MRxDAV - ok
19:22:32.0770 6096 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:22:32.0827 6096 mrxsmb - ok
19:22:32.0902 6096 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:22:32.0934 6096 mrxsmb10 - ok
19:22:32.0945 6096 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:22:32.0974 6096 mrxsmb20 - ok
19:22:32.0986 6096 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\Windows\system32\drivers\msahci.sys
19:22:33.0003 6096 msahci - ok
19:22:33.0038 6096 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:22:33.0058 6096 msdsm - ok
19:22:33.0080 6096 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:22:33.0119 6096 MSDTC - ok
19:22:33.0141 6096 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:22:33.0182 6096 Msfs - ok
19:22:33.0190 6096 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:22:33.0248 6096 mshidkmdf - ok
19:22:33.0253 6096 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:22:33.0269 6096 msisadrv - ok
19:22:33.0303 6096 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:22:33.0359 6096 MSiSCSI - ok
19:22:33.0363 6096 msiserver - ok
19:22:33.0398 6096 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:22:33.0456 6096 MSKSSRV - ok
19:22:33.0481 6096 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:22:33.0534 6096 MSPCLOCK - ok
19:22:33.0551 6096 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:22:33.0623 6096 MSPQM - ok
19:22:33.0638 6096 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:22:33.0667 6096 MsRPC - ok
19:22:33.0689 6096 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:22:33.0704 6096 mssmbios - ok
19:22:33.0741 6096 MSSQL$SQLEXPRESS - ok
19:22:33.0820 6096 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:22:33.0837 6096 MSSQLServerADHelper100 - ok
19:22:33.0884 6096 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:22:33.0948 6096 MSTEE - ok
19:22:33.0967 6096 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:22:34.0003 6096 MTConfig - ok
19:22:34.0029 6096 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:22:34.0047 6096 Mup - ok
19:22:34.0091 6096 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:22:34.0153 6096 napagent - ok
19:22:34.0204 6096 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:22:34.0254 6096 NativeWifiP - ok
19:22:34.0293 6096 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:22:34.0331 6096 NDIS - ok
19:22:34.0362 6096 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:34.0403 6096 NdisCap - ok
19:22:34.0466 6096 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:34.0524 6096 NdisTapi - ok
19:22:34.0539 6096 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:22:34.0589 6096 Ndisuio - ok
19:22:34.0607 6096 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:22:34.0648 6096 NdisWan - ok
19:22:34.0648 6096 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:22:34.0732 6096 NDProxy - ok
19:22:34.0765 6096 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:22:34.0817 6096 NetBIOS - ok
19:22:34.0838 6096 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:22:34.0883 6096 NetBT - ok
19:22:34.0923 6096 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
19:22:34.0939 6096 Netlogon - ok
19:22:34.0984 6096 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:22:35.0048 6096 Netman - ok
19:22:35.0080 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:35.0096 6096 NetMsmqActivator - ok
19:22:35.0114 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:35.0128 6096 NetPipeActivator - ok
19:22:35.0156 6096 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:22:35.0227 6096 netprofm - ok
19:22:35.0246 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:35.0260 6096 NetTcpActivator - ok
19:22:35.0266 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:35.0288 6096 NetTcpPortSharing - ok
19:22:35.0491 6096 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:22:35.0672 6096 netw5v64 - ok
19:22:35.0702 6096 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:22:35.0718 6096 nfrd960 - ok
19:22:35.0799 6096 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:22:35.0886 6096 NlaSvc - ok
19:22:35.0901 6096 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:22:35.0955 6096 Npfs - ok
19:22:35.0972 6096 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:22:36.0015 6096 nsi - ok
19:22:36.0034 6096 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:22:36.0076 6096 nsiproxy - ok
19:22:36.0148 6096 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:22:36.0204 6096 Ntfs - ok
19:22:36.0224 6096 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:22:36.0276 6096 Null - ok
19:22:36.0323 6096 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
19:22:36.0354 6096 nvraid - ok
19:22:36.0373 6096 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
19:22:36.0393 6096 nvstor - ok
 
19:22:36.0393 6096 nvstor - ok
19:22:36.0416 6096 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:22:36.0435 6096 nv_agp - ok
19:22:36.0559 6096 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:22:36.0613 6096 odserv - ok
19:22:36.0638 6096 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:22:36.0675 6096 ohci1394 - ok
19:22:36.0750 6096 [ A61D617F37456D9D32F98BF70EB5D414 ] OpenSSHd C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
19:22:36.0758 6096 OpenSSHd ( UnsignedFile.Multi.Generic ) - warning
19:22:36.0758 6096 OpenSSHd - detected UnsignedFile.Multi.Generic (1)
19:22:36.0828 6096 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:22:36.0844 6096 ose - ok
19:22:37.0063 6096 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:22:37.0244 6096 osppsvc - ok
19:22:37.0289 6096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:22:37.0343 6096 p2pimsvc - ok
19:22:37.0389 6096 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:22:37.0433 6096 p2psvc - ok
19:22:37.0469 6096 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:22:37.0488 6096 Parport - ok
19:22:37.0525 6096 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:22:37.0543 6096 partmgr - ok
19:22:37.0567 6096 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:22:37.0602 6096 PcaSvc - ok
19:22:37.0711 6096 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{127174DC-C366ED8B-06020101}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
19:22:37.0737 6096 PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok
19:22:37.0761 6096 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:22:37.0780 6096 pci - ok
19:22:37.0793 6096 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:22:37.0808 6096 pciide - ok
19:22:37.0817 6096 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:22:37.0834 6096 pcmcia - ok
19:22:37.0865 6096 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:22:37.0882 6096 pcw - ok
19:22:37.0983 6096 [ 14BC059431E2A2EE80D061FA96AA6855 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
19:22:38.0103 6096 PDAgent - ok
19:22:38.0188 6096 [ F2F3D113FE08252D21790402EE3F61EA ] PDEngine C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
19:22:38.0306 6096 PDEngine - ok
19:22:38.0377 6096 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
19:22:38.0393 6096 PDFProFiltSrvPP - ok
19:22:38.0426 6096 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:22:38.0487 6096 PEAUTH - ok
19:22:38.0568 6096 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:22:38.0643 6096 PeerDistSvc - ok
19:22:38.0711 6096 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:22:38.0742 6096 PerfHost - ok
19:22:38.0806 6096 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:22:38.0880 6096 pla - ok
19:22:38.0912 6096 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:22:38.0994 6096 PlugPlay - ok
19:22:39.0028 6096 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:22:39.0051 6096 PNRPAutoReg - ok
19:22:39.0078 6096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:22:39.0098 6096 PNRPsvc - ok
19:22:39.0140 6096 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:22:39.0259 6096 PolicyAgent - ok
19:22:39.0310 6096 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:22:39.0355 6096 Power - ok
19:22:39.0461 6096 [ 7A1E6CF32EDFF1F13186997FCA086FC7 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
19:22:39.0490 6096 Power Manager DBC Service - ok
19:22:39.0522 6096 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:22:39.0581 6096 PptpMiniport - ok
19:22:39.0607 6096 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:22:39.0639 6096 Processor - ok
19:22:39.0669 6096 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
19:22:39.0719 6096 ProfSvc - ok
19:22:39.0734 6096 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:22:39.0752 6096 ProtectedStorage - ok
19:22:39.0779 6096 [ 4A768FB063A38B0A78AD97617D3A04F5 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
19:22:39.0833 6096 psadd - ok
19:22:39.0896 6096 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:22:39.0935 6096 Psched - ok
19:22:39.0966 6096 [ 20EFF1CA8922F6A834261B985550A51D ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
19:22:39.0986 6096 PwmEWSvc - ok
19:22:40.0059 6096 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:22:40.0130 6096 ql2300 - ok
19:22:40.0171 6096 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:22:40.0190 6096 ql40xx - ok
19:22:40.0263 6096 QQSysMon - ok
19:22:40.0315 6096 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:22:40.0354 6096 QWAVE - ok
19:22:40.0378 6096 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:22:40.0401 6096 QWAVEdrv - ok
19:22:40.0432 6096 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:22:40.0496 6096 RasAcd - ok
19:22:40.0535 6096 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:22:40.0615 6096 RasAgileVpn - ok
19:22:40.0695 6096 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:22:40.0785 6096 RasAuto - ok
19:22:40.0816 6096 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:22:40.0891 6096 Rasl2tp - ok
19:22:40.0922 6096 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:22:40.0971 6096 RasMan - ok
19:22:40.0971 6096 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:22:41.0034 6096 RasPppoe - ok
19:22:41.0073 6096 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:22:41.0124 6096 RasSstp - ok
19:22:41.0170 6096 [ 81DDBF4FE998EF1F4BA230F7E8D8C67E ] Razerlow C:\Windows\system32\drivers\Razerlow.sys
19:22:41.0212 6096 Razerlow - ok
19:22:41.0235 6096 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:22:41.0302 6096 rdbss - ok
19:22:41.0333 6096 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:22:41.0363 6096 rdpbus - ok
19:22:41.0373 6096 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:22:41.0426 6096 RDPCDD - ok
19:22:41.0454 6096 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:22:41.0507 6096 RDPDR - ok
19:22:41.0532 6096 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:22:41.0587 6096 RDPENCDD - ok
19:22:41.0617 6096 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:22:41.0667 6096 RDPREFMP - ok
19:22:41.0781 6096 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:22:41.0899 6096 RDPWD - ok
19:22:42.0022 6096 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:22:42.0053 6096 rdyboost - ok
19:22:42.0084 6096 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:22:42.0140 6096 RemoteAccess - ok
19:22:42.0173 6096 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:22:42.0225 6096 RemoteRegistry - ok
19:22:42.0263 6096 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:22:42.0294 6096 RFCOMM - ok
19:22:42.0309 6096 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:22:42.0365 6096 RpcEptMapper - ok
19:22:42.0381 6096 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:22:42.0410 6096 RpcLocator - ok
19:22:42.0504 6096 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
19:22:42.0565 6096 RpcSs - ok
19:22:42.0601 6096 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
19:22:42.0622 6096 RsFx0103 - ok
19:22:42.0653 6096 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:22:42.0705 6096 rspndr - ok
19:22:42.0735 6096 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
19:22:42.0795 6096 s3cap - ok
19:22:42.0812 6096 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:22:42.0829 6096 SamSs - ok
19:22:42.0853 6096 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:22:42.0871 6096 sbp2port - ok
19:22:42.0901 6096 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:22:42.0946 6096 SCardSvr - ok
19:22:42.0972 6096 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:22:43.0028 6096 scfilter - ok
19:22:43.0089 6096 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:22:43.0141 6096 Schedule - ok
19:22:43.0159 6096 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:22:43.0247 6096 SCPolicySvc - ok
19:22:43.0295 6096 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:22:43.0329 6096 sdbus - ok
19:22:43.0359 6096 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:22:43.0400 6096 SDRSVC - ok
19:22:43.0445 6096 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:22:43.0493 6096 secdrv - ok
19:22:43.0510 6096 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:22:43.0568 6096 seclogon - ok
19:22:43.0589 6096 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:22:43.0644 6096 SENS - ok
19:22:43.0666 6096 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:22:43.0692 6096 SensrSvc - ok
19:22:43.0707 6096 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:22:43.0749 6096 Serenum - ok
19:22:43.0792 6096 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:22:43.0824 6096 Serial - ok
19:22:43.0859 6096 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:22:43.0880 6096 sermouse - ok
19:22:43.0917 6096 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:22:43.0960 6096 SessionEnv - ok
19:22:43.0987 6096 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:22:44.0018 6096 sffdisk - ok
19:22:44.0041 6096 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:22:44.0074 6096 sffp_mmc - ok
19:22:44.0106 6096 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:22:44.0137 6096 sffp_sd - ok
19:22:44.0153 6096 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:22:44.0188 6096 sfloppy - ok
19:22:44.0234 6096 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:22:44.0313 6096 SharedAccess - ok
19:22:44.0354 6096 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:22:44.0450 6096 ShellHWDetection - ok
19:22:44.0490 6096 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:22:44.0507 6096 SiSRaid2 - ok
19:22:44.0533 6096 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:22:44.0550 6096 SiSRaid4 - ok
19:22:44.0640 6096 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:22:44.0659 6096 SkypeUpdate - ok
19:22:44.0712 6096 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:22:44.0789 6096 Smb - ok
19:22:44.0832 6096 [ C5B1A19B14F19B08AE72FCB20A3075B6 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
19:22:44.0856 6096 smihlp - ok
19:22:44.0902 6096 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:22:44.0932 6096 SNMPTRAP - ok
19:22:45.0008 6096 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
19:22:45.0023 6096 speedfan - ok
19:22:45.0033 6096 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:22:45.0049 6096 spldr - ok
19:22:45.0095 6096 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
19:22:45.0155 6096 Spooler - ok
19:22:45.0291 6096 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:22:45.0442 6096 sppsvc - ok
19:22:45.0455 6096 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:22:45.0508 6096 sppuinotify - ok
19:22:45.0580 6096 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:22:45.0609 6096 SQLAgent$SQLEXPRESS - ok
19:22:45.0686 6096 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:22:45.0716 6096 SQLBrowser - ok
19:22:45.0767 6096 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:22:45.0783 6096 SQLWriter - ok
19:22:45.0851 6096 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:22:45.0901 6096 srv - ok
19:22:45.0929 6096 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:22:45.0967 6096 srv2 - ok
19:22:46.0006 6096 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:22:46.0030 6096 SrvHsfHDA - ok
19:22:46.0113 6096 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:22:46.0178 6096 SrvHsfV92 - ok
19:22:46.0195 6096 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:22:46.0226 6096 SrvHsfWinac - ok
19:22:46.0306 6096 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:22:46.0340 6096 srvnet - ok
19:22:46.0381 6096 [ 7525E8CC3F60CCEF004BB8C3408B8AD4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
19:22:46.0395 6096 ssadbus ( UnsignedFile.Multi.Generic ) - warning
19:22:46.0395 6096 ssadbus - detected UnsignedFile.Multi.Generic (1)
19:22:46.0432 6096 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:22:46.0486 6096 SSDPSRV - ok
19:22:46.0520 6096 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:22:46.0563 6096 SstpSvc - ok
19:22:46.0590 6096 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:22:46.0605 6096 stexstor - ok
19:22:46.0655 6096 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:22:46.0681 6096 StillCam - ok
19:22:46.0766 6096 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:22:46.0812 6096 stisvc - ok
19:22:46.0822 6096 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
19:22:46.0839 6096 storflt - ok
19:22:46.0867 6096 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
19:22:46.0883 6096 storvsc - ok
19:22:46.0938 6096 [ 5E8261EDDFD7C1851B78E27705CD7F59 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
19:22:46.0948 6096 SUService ( UnsignedFile.Multi.Generic ) - warning
19:22:46.0948 6096 SUService - detected UnsignedFile.Multi.Generic (1)
19:22:46.0990 6096 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:22:47.0062 6096 swenum - ok
19:22:47.0103 6096 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:22:47.0176 6096 swprv - ok
19:22:47.0278 6096 [ D8205430CFD64FDB7D691D3BB74FD18F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:22:47.0352 6096 SynTP - ok
19:22:47.0416 6096 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:22:47.0494 6096 SysMain - ok
19:22:47.0521 6096 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:22:47.0545 6096 TabletInputService - ok
19:22:47.0565 6096 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:22:47.0613 6096 TapiSrv - ok
19:22:47.0626 6096 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:22:47.0670 6096 TBS - ok
19:22:47.0674 6096 TcHardWare - ok
19:22:47.0773 6096 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:22:47.0877 6096 Tcpip - ok
19:22:47.0984 6096 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:22:48.0034 6096 TCPIP6 - ok
19:22:48.0054 6096 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:22:48.0095 6096 tcpipreg - ok
19:22:48.0121 6096 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:22:48.0203 6096 TDPIPE - ok
19:22:48.0246 6096 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:22:48.0278 6096 TDTCP - ok
19:22:48.0325 6096 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:22:48.0379 6096 tdx - ok
19:22:48.0394 6096 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:22:48.0411 6096 TermDD - ok
19:22:48.0455 6096 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:22:48.0529 6096 TermService - ok
19:22:48.0549 6096 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:22:48.0580 6096 Themes - ok
19:22:48.0639 6096 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:22:48.0691 6096 THREADORDER - ok
19:22:48.0730 6096 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
19:22:48.0743 6096 TPPWRIF - ok
19:22:48.0765 6096 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:22:48.0833 6096 TrkWks - ok
19:22:48.0887 6096 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:22:48.0912 6096 TrustedInstaller - ok
19:22:48.0930 6096 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:48.0978 6096 tssecsrv - ok
19:22:49.0027 6096 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:22:49.0081 6096 tunnel - ok
19:22:49.0109 6096 TVICPORT - ok
19:22:49.0156 6096 [ A65643ED30A30E46317C0B25818BC9B7 ] TVicPort64 C:\Windows\system32\drivers\TVicPort64.sys
19:22:49.0170 6096 TVicPort64 - ok
19:22:49.0194 6096 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:22:49.0210 6096 uagp35 - ok
19:22:49.0261 6096 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:22:49.0320 6096 udfs - ok
19:22:49.0367 6096 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:22:49.0389 6096 UI0Detect - ok
19:22:49.0418 6096 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:22:49.0434 6096 uliagpkx - ok
19:22:49.0460 6096 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:22:49.0489 6096 umbus - ok
19:22:49.0513 6096 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:22:49.0552 6096 UmPass - ok
19:22:49.0598 6096 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
19:22:49.0631 6096 UmRdpService - ok
19:22:49.0657 6096 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:22:49.0710 6096 upnphost - ok
19:22:49.0761 6096 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:22:49.0829 6096 USBAAPL64 - ok
19:22:49.0856 6096 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:22:49.0896 6096 usbccgp - ok
19:22:49.0934 6096 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:22:49.0973 6096 usbcir - ok
19:22:49.0983 6096 [ DF9F9AFC9AAABD8ED47975D44E38169A ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:22:50.0028 6096 usbehci - ok
19:22:50.0071 6096 [ 372A91BC3C6603080A793880B0873785 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:22:50.0093 6096 usbhub - ok
19:22:50.0117 6096 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:22:50.0145 6096 usbohci - ok
19:22:50.0166 6096 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:22:50.0186 6096 usbprint - ok
19:22:50.0210 6096 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:50.0228 6096 USBSTOR - ok
19:22:50.0255 6096 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:22:50.0303 6096 usbuhci - ok
19:22:50.0324 6096 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:22:50.0362 6096 usbvideo - ok
19:22:50.0409 6096 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:22:50.0440 6096 usb_rndisx - ok
19:22:50.0468 6096 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:22:50.0515 6096 UxSms - ok
19:22:50.0534 6096 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
19:22:50.0551 6096 VaultSvc - ok
19:22:50.0578 6096 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:22:50.0594 6096 vdrvroot - ok
19:22:50.0624 6096 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:22:50.0675 6096 vds - ok
19:22:50.0706 6096 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:22:50.0754 6096 vga - ok
19:22:50.0770 6096 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:22:50.0826 6096 VgaSave - ok
19:22:50.0847 6096 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:22:50.0868 6096 vhdmp - ok
19:22:50.0901 6096 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:22:50.0917 6096 viaide - ok
19:22:50.0965 6096 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
19:22:50.0997 6096 vmbus - ok
19:22:51.0014 6096 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
19:22:51.0043 6096 VMBusHID - ok
19:22:51.0078 6096 [ 93F279A2C172562050700A18FA84BE2E ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
19:22:51.0124 6096 vncmirror - ok
19:22:51.0338 6096 [ 2ADFBDEFBDB38ACFFA5F05827E7A3FD9 ] vncserver C:\Program Files\RealVNC\VNC Server\vncserver.exe
19:22:51.0509 6096 vncserver - ok
19:22:51.0547 6096 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:22:51.0563 6096 volmgr - ok
19:22:51.0583 6096 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:22:51.0607 6096 volmgrx - ok
19:22:51.0617 6096 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
19:22:51.0640 6096 volsnap - ok
19:22:51.0730 6096 [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
19:22:51.0763 6096 vpnagent - ok
19:22:51.0791 6096 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
19:22:51.0804 6096 vpnva - ok
19:22:51.0841 6096 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:22:51.0861 6096 vsmraid - ok
19:22:51.0964 6096 [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
19:22:51.0988 6096 VSPerfDrv100 - ok
19:22:52.0060 6096 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:22:52.0177 6096 VSS - ok
19:22:52.0224 6096 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:22:52.0313 6096 vwifibus - ok
19:22:52.0441 6096 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:22:52.0504 6096 W32Time - ok
19:22:52.0525 6096 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:22:52.0557 6096 WacomPen - ok
19:22:52.0687 6096 [ D70A492306861004A0DB1024CE634837 ] wampapache c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
19:22:52.0723 6096 wampapache ( UnsignedFile.Multi.Generic ) - warning
19:22:52.0723 6096 wampapache - detected UnsignedFile.Multi.Generic (1)
19:22:52.0764 6096 wampmysqld - ok
19:22:52.0800 6096 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:22:52.0863 6096 WANARP - ok
19:22:52.0867 6096 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:22:52.0909 6096 Wanarpv6 - ok
19:22:53.0001 6096 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:22:53.0060 6096 WatAdminSvc - ok
19:22:53.0122 6096 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:22:53.0224 6096 wbengine - ok
19:22:53.0279 6096 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:22:53.0310 6096 WbioSrvc - ok
19:22:53.0347 6096 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:22:53.0375 6096 wcncsvc - ok
19:22:53.0393 6096 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:22:53.0434 6096 WcsPlugInService - ok
19:22:53.0462 6096 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:22:53.0478 6096 Wd - ok
19:22:53.0515 6096 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:22:53.0546 6096 WDC_SAM - ok
19:22:53.0598 6096 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:22:53.0646 6096 Wdf01000 - ok
19:22:53.0669 6096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:22:53.0705 6096 WdiServiceHost - ok
19:22:53.0709 6096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:22:53.0732 6096 WdiSystemHost - ok
19:22:53.0756 6096 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
19:22:53.0796 6096 WebClient - ok
19:22:53.0822 6096 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:22:53.0876 6096 Wecsvc - ok
19:22:53.0900 6096 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:22:53.0958 6096 wercplsupport - ok
19:22:53.0984 6096 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:22:54.0027 6096 WerSvc - ok
19:22:54.0052 6096 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:22:54.0092 6096 WfpLwf - ok
19:22:54.0107 6096 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:22:54.0123 6096 WIMMount - ok
19:22:54.0150 6096 WinDefend - ok
19:22:54.0158 6096 WinHttpAutoProxySvc - ok
19:22:54.0209 6096 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:22:54.0277 6096 Winmgmt - ok
19:22:54.0354 6096 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:22:54.0466 6096 WinRM - ok
19:22:54.0526 6096 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
19:22:54.0566 6096 WinUSB - ok
19:22:54.0630 6096 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:22:54.0711 6096 Wlansvc - ok
19:22:54.0865 6096 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:22:54.0984 6096 wlidsvc - ok
19:22:55.0015 6096 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:22:55.0037 6096 WmiAcpi - ok
19:22:55.0068 6096 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:22:55.0103 6096 wmiApSrv - ok
19:22:55.0126 6096 WMPNetworkSvc - ok
19:22:55.0156 6096 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:22:55.0195 6096 WPCSvc - ok
19:22:55.0211 6096 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:22:55.0264 6096 WPDBusEnum - ok
19:22:55.0294 6096 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:22:55.0335 6096 ws2ifsl - ok
19:22:55.0370 6096 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:22:55.0430 6096 wscsvc - ok
19:22:55.0458 6096 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:22:55.0499 6096 WSDPrintDevice - ok
19:22:55.0503 6096 WSearch - ok
19:22:55.0600 6096 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:22:55.0720 6096 wuauserv - ok
19:22:55.0746 6096 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:22:55.0806 6096 WudfPf - ok
19:22:55.0864 6096 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:22:55.0914 6096 WUDFRd - ok
19:22:55.0942 6096 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:22:55.0993 6096 wudfsvc - ok
19:22:56.0008 6096 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:22:56.0045 6096 WwanSvc - ok
19:22:56.0110 6096 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:22:56.0153 6096 yukonw7 - ok
19:22:56.0218 6096 ================ Scan global ===============================
19:22:56.0240 6096 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:22:56.0296 6096 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:22:56.0308 6096 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:22:56.0339 6096 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:22:56.0367 6096 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:22:56.0374 6096 [Global] - ok
19:22:56.0375 6096 ================ Scan MBR ==================================
19:22:56.0401 6096 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:22:56.0782 6096 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:22:56.0782 6096 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:22:56.0783 6096 ================ Scan VBR ==================================
19:22:56.0789 6096 [ 8A64B679A0EB1E76C8772252DEFFA709 ] \Device\Harddisk0\DR0\Partition1
19:22:56.0793 6096 \Device\Harddisk0\DR0\Partition1 - ok
19:22:56.0820 6096 [ EB0B82E9EAAAA2F9FA2C37C5FD3C9B0A ] \Device\Harddisk0\DR0\Partition2
19:22:56.0822 6096 \Device\Harddisk0\DR0\Partition2 - ok
19:22:56.0849 6096 [ 84E149A4FCC0B82156781F201D629BCF ] \Device\Harddisk0\DR0\Partition3
19:22:56.0851 6096 \Device\Harddisk0\DR0\Partition3 - ok
19:22:56.0852 6096 ============================================================
19:22:56.0852 6096 Scan finished
19:22:56.0852 6096 ============================================================
19:22:56.0870 7104 Detected object count: 10
19:22:56.0870 7104 Actual detected object count: 10
19:23:04.0773 7104 BaiduUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0773 7104 BaiduUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0773 7104 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0773 7104 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0774 7104 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0774 7104 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0774 7104 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0774 7104 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0777 7104 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0777 7104 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0777 7104 OpenSSHd ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0777 7104 OpenSSHd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0782 7104 ssadbus ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0782 7104 ssadbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0783 7104 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0783 7104 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0785 7104 wampapache ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:04.0785 7104 wampapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:04.0786 7104 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:23:04.0786 7104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:23:06.0930 6092 Deinitialize success
 
Good :)

We'll run some more checks...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
RogueKiller V8.3.0 [Nov 19 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Jing [Admin rights]
Mode : Remove -- Date : 11/19/2012 19:44:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : BandwidthMonitor (C:\Users\Jing\Desktop\BWMonitor.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> DELETED
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\Run : NMGameX_AutoRun (C:\Windows\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : PPort12reminder ("C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini") -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS543225L9SA00 ATA Device +++++
--- User ---
[MBR] 01c7cb33b1feab46269d39449754ac73
[BSP] bd11fdf063df59c4991f1e200e59df18 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 134089 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 274821120 | Size: 104282 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11192012_02d1944.txt >>
RKreport[1]_S_11192012_02d1943.txt ; RKreport[2]_D_11192012_02d1944.txt
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Sorry it took a while for Combofix to finish

ComboFix 12-11-19.03 - Jing 11/19/2012 20:51:16.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3992.1942 [GMT -8:00]
Running from: c:\users\Jing\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))
.
.
2012-11-20 05:01 . 2012-11-20 05:01--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-20 01:44 . 2012-11-20 01:45--------d-----w-C:\Symbols
2012-11-20 01:40 . 2012-11-20 01:45--------d-----w-c:\program files\Debugging Tools for Windows (x64)
2012-11-20 01:31 . 2012-11-20 01:31--------d-----w-C:\TDSSKiller_Quarantine
2012-11-19 23:35 . 2012-11-19 23:35--------d-----w-c:\program files (x86)\ESET
2012-11-16 11:00 . 2012-11-16 11:02887296----a-w-c:\program files\Internet Explorer\iedvtool.dll
2012-11-16 11:00 . 2012-11-16 11:02678912----a-w-c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-11-16 11:00 . 2012-11-16 11:02499200----a-w-c:\program files\Internet Explorer\jsdbgui.dll
2012-11-16 11:00 . 2012-11-16 11:02387584----a-w-c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-11-16 11:00 . 2012-11-16 11:0217811968----a-w-c:\windows\system32\mshtml.dll
2012-11-16 11:00 . 2012-11-16 11:0210925568----a-w-c:\windows\system32\ieframe.dll
2012-11-15 03:13 . 2012-11-15 17:203147264----a-w-c:\windows\system32\win32k.sys
2012-11-15 03:13 . 2012-11-15 16:5195744----a-w-c:\windows\system32\synceng.dll
2012-11-15 03:13 . 2012-11-15 16:5178336----a-w-c:\windows\SysWow64\synceng.dll
2012-10-28 03:12 . 2012-10-28 03:120-c--a-w-c:\windows\system32\nsp3A79.tmp
2012-10-28 03:12 . 2012-10-28 03:120-c--a-w-c:\windows\SysWow64\nsu3569.tmp
2012-10-23 02:42 . 2012-10-23 02:425188280-c--a-w-c:\windows\system32\SogouPY.ime
2012-10-23 02:42 . 2012-10-23 02:422980536-c--a-w-c:\windows\SysWow64\SogouPY.ime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 02:22 . 2012-10-11 02:375505904----a-w-c:\windows\system32\ntoskrnl.exe
2012-10-12 02:22 . 2012-10-11 02:373958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-10-12 02:22 . 2012-10-11 02:373902832----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-10-12 02:22 . 2012-10-11 02:37220160----a-w-c:\windows\system32\wintrust.dll
2012-10-12 02:22 . 2012-10-11 02:37172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-10-12 02:22 . 2012-10-11 02:372048----a-w-c:\windows\SysWow64\tzres.dll
2012-10-12 02:22 . 2012-10-11 02:372048----a-w-c:\windows\system32\tzres.dll
2012-10-12 02:21 . 2012-10-11 02:37714752----a-w-c:\windows\system32\kerberos.dll
2012-10-12 02:21 . 2012-10-11 02:37541184----a-w-c:\windows\SysWow64\kerberos.dll
2012-10-12 02:20 . 2012-10-11 02:371462784----a-w-c:\windows\system32\crypt32.dll
2012-10-12 02:20 . 2012-10-11 02:37182272----a-w-c:\windows\system32\cryptsvc.dll
2012-10-12 02:20 . 2012-10-11 02:37140288----a-w-c:\windows\system32\cryptnet.dll
2012-10-12 02:20 . 2012-10-11 02:37139264----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-10-12 02:20 . 2012-10-11 02:371157632----a-w-c:\windows\SysWow64\crypt32.dll
2012-10-12 02:20 . 2012-10-11 02:37103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-09-30 03:54 . 2012-05-27 05:2125928-c--a-w-c:\windows\system32\drivers\mbam.sys
2012-08-24 22:43 . 2012-08-24 22:43384352-c--a-w-c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-25 98304]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Diamondback"="c:\program files (x86)\Razer\Diamondback\razerhid.exe" [2007-02-14 147456]
.
c:\users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jing\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ PDBoot.exe\0autocheck autochk /K:C *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime FileREG_SZ SOGOUPY.IME
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OpenSSHd;OpenSSH Server;c:\program files (x86)\OpenSSH\bin\cygrunsrv.exe [2008-03-18 68096]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BaiduUpdater;Baidu Updater;c:\program files (x86)\Baidu\BaiduUpdate\bdupdate.exe [2011-04-27 503536]
R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2005-09-19 142336]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-12-09 25072]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 QQSysMon;QQSysMon;c:\program files (x86)\Tencent\QQPCMgr\5.0.1415.205\QQSysMon.sys [x]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [2005-11-07 21120]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-01-29 125344]
R3 TcHardWare;TcHardWare;c:\program files (x86)\Tencent\QQPCMgr\5.0.1415.205\QQPCHW-x64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe [2012-06-30 4714888]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-24 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-07-04 31344]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 203776]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TVicPort64;TVicPort64; [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-07-04 477032]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-20 254528]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-26 10611552]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38397335
*Deregistered* - 38397335
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 17:17]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 17:17]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1192680077-2527291933-1768738536-1000Core.job
- c:\users\Jing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 23:08]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1192680077-2527291933-1768738536-1000UA.job
- c:\users\Jing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 23:08]
.
2012-10-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-01-27 22:29]
.
2012-11-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2011-01-27 22:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Jing\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 85328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.babylon.com/?affID=114163&tt=3812_4&babsrc=HP_iclro&mntrId=fcc06ed800000000000000242cbf722d
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.77.2.11 207.200.7.21 75.75.75.75
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
inifile=c:\windows\SysWow64\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-igfxcui - (no file)
Notify-klogon - (no file)
Notify-psfus - (no file)
SafeBoot-14626634.sys
BHO-{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - c:\program files (x86)\Tencent\QQPCMgr\5.0.1415.205\TSWebMon64.dat
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-19 21:22:35
ComboFix-quarantined-files.txt 2012-11-20 05:22
.
Pre-Run: 39,079,903,232 bytes free
Post-Run: 40,171,450,368 bytes free
.
- - End Of File - - B9CB4622AED6BC09566012ABD6254849
 
Looks good.

Any current issues?

=============================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Here is the OTL logs, I lost the adwcleaner logs when I uninstalled the program, but it looked clean. I also didn't have any more BSODs for the last 6 hours :)



OTL Extras logfile created on: 11/19/2012 10:14:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jing\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 34.79% Memory free
7.80 Gb Paging File | 4.84 Gb Available in Paging File | 62.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 130.95 Gb Total Space | 37.36 Gb Free Space | 28.53% Space Free | Partition Type: NTFS
Drive D: | 101.84 Gb Total Space | 21.59 Gb Free Space | 21.20% Space Free | Partition Type: NTFS

Computer Name: JING-PC | User Name: Jing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- %SystemRoot%\System32\winhlp32.exe %1
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt[@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- %SystemRoot%\System32\winhlp32.exe %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1192680077-2527291933-1768738536-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082EF985-3CCE-475C-AB2D-B2FCC510BE81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C43C762-AAB5-4B9E-B591-A54744298B97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{100E2799-DE17-41D8-8808-FE2AE08FCD84}" = lport=139 | protocol=6 | dir=in | app=system |
"{16DAE7F4-2DD6-4E98-818D-89229BBE06A6}" = rport=445 | protocol=6 | dir=out | app=system |
"{196EC697-8760-476F-BC3C-03DD90F8AF82}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{219749C8-E479-4E1C-B12F-2DBEFD5E14B6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{272F1839-F50D-44C8-BF73-0F0DD5B99906}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A9AC264-3DF7-4BF5-ABF1-F42925D050CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3D530463-D7FD-4A2E-9DD4-D9A46444A68C}" = lport=445 | protocol=6 | dir=in | app=system |
"{41262395-A3A6-4D72-90C2-E5309C5BAC38}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{47F349C7-1134-48E4-B3BD-984962828980}" = rport=10243 | protocol=6 | dir=out | app=system |
"{68CA29B1-8138-442C-8352-3809500C8BF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ED26AC8-8489-4430-8FEC-57EA5D81AF94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BD471EE-ECD8-4F38-8408-EFBCB7782FD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DB416EA-ACAB-4021-AD86-3E1B8064AF18}" = rport=137 | protocol=17 | dir=out | app=system |
"{8DFFFE20-3CD5-4DFF-A0FD-498AAFAF0DA9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{930B2580-929E-45B9-B92C-29DBCFCADDCE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{95CDDE36-8E8F-49E2-9CCA-B028C3B5538D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FD4A471-C12E-4804-B76E-766EF259C915}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A528A342-3CBB-4581-A2BE-B3DB7E5F6D30}" = lport=137 | protocol=17 | dir=in | app=system |
"{A630DC7F-2D75-4606-B18A-15B8ABAB8DD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C88CFB91-F34A-4667-B7C3-443CAF321216}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC4ED2DE-2820-468F-B7F8-5790B8A709C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1B6F9D1-3C3D-474D-92B0-F983E9E13598}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D4183BD4-FABD-4B20-BA6E-7840E10817E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7083B29-9CF8-4EFD-9105-6896196C4289}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D942EA69-A62A-4F94-9B9B-3592D4C4E91E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2FDA104-F138-4975-893F-0E16D6965F1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB2361D7-E1C2-4966-8699-6C3AFEBA4337}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0AB1E6C-744A-441D-8D6D-B2F643B5F3DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4CD8EF4-FAF6-4B4C-BA89-F9AF5FBC940C}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017E6C03-659A-4F77-875B-C4CC41C3A2F1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{0193F009-FAA0-45DF-BC6D-9F3B853E6F37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{078131DA-C061-4619-950C-C92B49ED9C8A}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.0.0.6076\pinyinup.exe |
"{097277FF-9E4E-430E-A79A-189DB0CE42E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0AE0CF28-A6DC-495F-910D-FB996ED85A94}" = protocol=17 | dir=in | app=c:\users\jing\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0C1526F7-2036-42FB-B43C-698C6FA9A001}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0EDE428C-C0E8-49F1-8C37-1A914DAAAB9D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\111\tencentdl.exe |
"{13F43B7E-B722-489F-BE0D-23650D172B55}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{15DADA0B-1FB0-4397-90FC-F382630B358D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{186D5E11-BD00-4734-801C-23019EC5AB32}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.1.0.6700\pinyinup.exe |
"{196F96AC-4A04-4A1C-BCB6-7C5CFB4BB273}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\5.2.0.5225\pinyinup.exe |
"{1C07D4BE-EB1F-44A6-BCFD-01E5DF55517D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1F562195-D720-4C3F-A2A4-F32765D5F264}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe |
"{272B0D72-D1B3-437D-9F62-F82CAB91733F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D409312-90F3-4D1D-9D75-1C2129E1D1A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E7F2B75-F262-4307-AE33-1AA5C251E2F6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F0C464E-73C9-46FF-9D51-357867BA2B44}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{313E5034-2211-4EDE-BD7C-95451D30769E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{32538752-34CB-4A91-BB7A-D16A1034C7F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{358ACF43-6742-44CB-B824-CDF7BC944F2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{379504E7-2FC0-4C70-9955-02ED34ECDE14}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3AC91979-7695-4FEC-B31E-B3404DE943D8}" = protocol=6 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"{3C1AAD03-9BB8-4275-B005-818BBB66137C}" = protocol=6 | dir=out | app=system |
"{3C6E3E41-298C-4C20-B6F7-48C72DCA4961}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{3F95811E-DC3C-490B-A0D0-74AEA7A8FA22}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{40FD116F-4106-4423-B6FA-7454EA27AE25}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7476\pinyinup.exe |
"{412531BA-307B-4129-9049-8F4ED80A3787}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{485FC663-6524-4DB7-B6E2-A97045A7D717}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{4AE4255E-C0B9-4C04-A688-83549D3400F5}" = protocol=6 | dir=in | app=c:\users\jing\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4E8FD220-9208-408B-B859-B08A1CB4D738}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53297EC6-29A7-4F6F-B924-60DD46EDB9F8}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe |
"{54030B21-B2D7-45BD-9813-94430CF57919}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C567A43-07F0-451C-9320-3E738CCB5884}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe |
"{5CA1E64E-541F-4682-B649-8737EF2118B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{5D59A803-2987-45B6-A4AF-D52F89F268F9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6104700D-7BCE-4FD3-9BCE-81E278F39418}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{62082CCF-B029-40E0-A1C9-E509B42435E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{62AF1D0C-9544-4D96-A3D8-06DD94E2A3B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66D42A0F-BB09-432A-8732-8B1C685DDF74}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{69C46AA7-AA80-47D3-824F-C936649BE989}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6C606F53-C338-427C-A587-A2AFF387CF0B}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.0.0.6076\pinyinup.exe |
"{73E23DB9-6B1E-4D43-AE2D-EAC707EDC3F6}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe |
"{74DED41C-E08C-41D3-AB91-C86F1C8E28F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{75075199-A9BA-49F1-A0EE-FEFD409451BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C11D436-5BA9-4F04-A667-09A96ED56281}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{7FD4910D-6B72-4234-8923-BCE52A0307C0}" = protocol=6 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"{88FCA41B-8643-4057-9D4F-C546198CED11}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.1.0.6700\pinyinup.exe |
"{893EA2C9-C5AD-4AA6-B029-21298ED06FEC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8948E307-B1E4-4D44-815D-ABB8128FEB81}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.8278\pinyinup.exe |
"{89B6224D-6FF6-4D30-B83A-FEB71052EBC6}" = protocol=17 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"{8A8F7C9D-1B23-4350-8B77-E3F12E8CC197}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\5.2.0.5374\pinyinup.exe |
"{8D8DB579-C05C-477A-9C4B-61C9A474FB6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8F118BD8-27C0-4B45-80DB-54D9372AB378}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{946522B1-DFDA-4EC0-9A89-A5B8D7033E07}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{95BCD07E-8355-43B0-A4B5-F0EBAF911E1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96972904-5571-4B35-932F-5BCD5A4D1C9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9FEB414E-D510-419C-8518-D78FD9778B05}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A22406AE-BD5A-4B6A-AAF8-A3D96735722E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"{A4F220B9-2E78-4D9C-B6FC-B60AE344434D}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{A83A0769-19BD-41EC-ADAD-F13B41BB1317}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\5.2.0.5374\pinyinup.exe |
"{AA1BB7B1-5ADC-4185-A029-05A889698F30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAC31436-AE5F-4961-9D1C-95EF25A7E51E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE97510E-ED12-4B7F-A79D-D49B1BF00C66}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"{B311F06D-FD5D-4468-B2BF-2D76C7FE10FE}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.8278\pinyinup.exe |
"{B3469260-2135-480D-9C9D-A66F390DF6C3}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{B3949396-8099-476F-885C-EADA68B1B560}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.8278\pinyinup.exe |
"{B3D14FC4-6A7C-49A2-9435-8FA4F3EF4397}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B48EBF31-077C-459F-8338-2D21A5045ACF}" = protocol=17 | dir=in | app=c:\users\jing\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BCACAF7E-DA1D-4E08-93C1-ABB1807A3F39}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\5.2.0.5225\pinyinup.exe |
"{C358618A-66AE-4193-9A0C-8DD256F653BE}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{CBA81FC0-2A41-492E-ACC2-567A814E46D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CECA9A3C-0424-4BE1-ACFA-1C1273F5FC89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEFF4758-5508-4045-BC30-13FB4AC850BB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D8B792F9-993A-4136-8160-BA85D42D9035}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.8278\pinyinup.exe |
"{DC80F77B-D4F3-4F1C-8EB8-15A70F9E4B08}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{DCA07049-2A56-4C43-A654-FE5DF1756785}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD64E24E-AA85-4598-B5C1-80503E497942}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{E18AC87E-6762-49E4-88D6-DE6474292271}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{E31C324E-2946-4672-8DC3-116502566AF8}" = protocol=17 | dir=in | app=c:\program files (x86)\gridservice\peer.exe |
"{E967CD88-D80F-4651-9FE6-74EB4D150030}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EA86916E-CF7C-4663-A2D5-153AF6AE29EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF6CD7AB-0BC1-4BB1-AE52-3EC66FDF41AA}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{F06852EC-7B8D-4FCB-AE12-166BA9D704DF}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7476\pinyinup.exe |
"{F3429ECE-BC15-483F-B017-3F9B5E5FE4B7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3EFC1AB-67DF-44B8-A443-03214DA3EBC8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F5F58FF2-C101-4D62-B038-D76A6B09C0F0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\111\tencentdl.exe |
"{F5FA8460-4B5D-4AB4-9AE4-7EF945EF27D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9EB1515-BB53-4964-9CBE-52890117CAE0}" = protocol=6 | dir=in | app=c:\users\jing\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0171AECB-F27B-4587-9A25-A1E01BD02AB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{0BFA9797-4259-41BB-ABCA-0CB2EEC6DA7D}C:\program files (x86)\tudou\·éëùtudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tudou\·éëùtudou\tudouva.exe |
"TCP Query User{7B036BBA-5BAE-442D-A66F-79B54E6DDF64}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"TCP Query User{99113B16-799F-42FF-93AB-BA04AFCA7514}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"TCP Query User{A05EA41A-E18B-4144-8BBE-41F519D80883}C:\users\jing\downloads\tinyumbrella-5.10.02.exe" = protocol=6 | dir=in | app=c:\users\jing\downloads\tinyumbrella-5.10.02.exe |
"TCP Query User{B834104A-91CB-4F57-8879-2BFAA7688C87}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{C7DD5E7A-4A8D-40F7-9563-3399566FA9FE}C:\program files (x86)\chefvillebot\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\chefvillebot\iexplore.exe |
"UDP Query User{0DF60987-6C9F-415F-B2FF-FCED8481FB83}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"UDP Query User{2E2A745F-E9BB-40F9-B6C9-3D6317FF42B2}C:\program files (x86)\tudou\·éëùtudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tudou\·éëùtudou\tudouva.exe |
"UDP Query User{35709E03-20A9-43A8-9307-20442698AA5B}C:\program files (x86)\ttplayer\ttplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ttplayer\ttplayer.exe |
"UDP Query User{4D335745-A1EE-44F2-8AA0-F443FE2A8514}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{6D761609-CBDF-4493-8B0A-40A36A085FB3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B1C3EBE4-7040-4C7A-A34D-6649CF89C3D9}C:\program files (x86)\chefvillebot\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\chefvillebot\iexplore.exe |
"UDP Query User{FCA82728-154B-40F8-B87A-58004E8115F6}C:\users\jing\downloads\tinyumbrella-5.10.02.exe" = protocol=17 | dir=in | app=c:\users\jing\downloads\tinyumbrella-5.10.02.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{233B6B34-0F9C-A0FE-644F-AD095159A13F}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}" = ThinkVantage Fingerprint Software
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6FEDAFB4-A2AE-4D6B-A505-D82B07291F40}" = AVG 2012
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9DADBA45-2B06-4F7F-970B-E854ABC8917A}" = WBFS Manager 2.5
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEC6013A-8D16-AECA-8056-A5C069C53775}" = ATI Catalyst Install Manager
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"ATI Uninstaller" = ATI Uninstaller
"AVG" = AVG 2012
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"RealVNC_is1" = VNC Server 5.0.1
"RealVNCViewer_is1" = VNC Viewer 5.0.1
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.8.0
"WinRAR archiver" = WinRAR 4.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F94DD7-23FC-F9A3-E6CB-FFF62D3781E5}" = Catalyst Control Center InstallProxy
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{135564A5-0EFA-2F0B-EDCF-B72A418A5BF7}" = CCC Help German
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1DDFD690-5E51-9FD5-9F0C-D8FE63F3345B}" = Catalyst Control Center Localization All
"{1EB00890-0240-4C6E-00FC-8C9BE40A4D2F}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FA85D65-C835-47DD-918C-C89E94F82B76}" = CCC Help Japanese
"{1FEB4B4E-25A3-8DEC-9D2A-811B2ECEF9CB}" = CCC Help Chinese Traditional
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}" = RSA SecurID Software Token
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C61BFD6-E5F7-49B8-BBA0-3B926D30D51F}" = Nios II EDS 11.0
"{33354277-77C8-48BA-8A94-3E7AED843070}" = ModelSim-Altera 6.6d (Quartus II 11.0) Starter Edition
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7065DN
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{467B5735-3B42-D37C-C54D-AB18AD66D926}" = CCC Help Chinese Standard
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B367DD2-2579-0B71-FDEF-DE647C99F7E6}" = ccc-core-static
"{5D38A14D-8B90-434E-A28F-47A2279C0F40}" = ActiveState Komodo Edit 6.1.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{652DB766-49B5-041F-6E4A-B04D7CDAAADF}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{766BE352-7FEF-48F3-A7E7-0271FD62A1B0}" = CCC Help Dutch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.7
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95903DC0-1F68-958D-88C2-EE128AC2A59A}" = CCC Help Korean
"{96AAFA4F-F32A-4545-8A48-C83A5FA4092F}" = Catalyst Control Center - Branding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2A7B30A-06C7-E43E-29EF-5F0F5C68C9AE}" = CCC Help French
"{A34D4567-ABAE-B82E-E84D-C5A054EC5F8C}" = PX Profile Update
"{A4EEF9EC-DE66-E8E9-1FBB-3DDEB32CC069}" = CCC Help Swedish
"{A62EA688-9C10-4500-5248-8495842932AA}" = CCC Help English
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BD097E7D-A033-24B9-6D13-C7C63D775A0E}" = Catalyst Control Center Graphics Previews Vista
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1F5AFB0-2822-90A3-1AE0-E6603B7BE1E7}" = CCC Help Italian
"{F9DA8B7B-130D-4502-82BF-E981D1F827DC}" = Quartus II 11.0 Web Edition
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazing Adventures Around the World" = Amazing Adventures Around the World
"Android SDK Tools" = Android SDK Tools
"Bejeweled 3" = Bejeweled 3
"Bookworm Deluxe" = Bookworm Deluxe
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX Setup
"Dynomite Deluxe" = Dynomite Deluxe
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 7.0.1 Professional
"ESET Online Scanner" = ESET Online Scanner v3
"Feeding Frenzy Deluxe 5.7.18.1" = Feeding Frenzy Deluxe 5.7.18.1
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Insaniquarium Deluxe 1.1" = Insaniquarium Deluxe 1.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Standard)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Messenger Plus!" = Messenger Plus! 5
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSSH" = OpenSSH for Windows (remove only)
"Peggle Deluxe" = Peggle Deluxe
"PRJPRO" = Microsoft Office Project Professional 2007
"PSpice Student" = PSpice Student 9.1
"Scrabble Plus 1.00" = Scrabble Plus 1.00
"Sogou Input" = 搜狗拼音输入法 6.2正式版
"SpeedFan" = SpeedFan (remove only)
"TreeSize Free_is1" = TreeSize Free V2.5
"TTPlayer" = 千千静听 5.7正式版
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WampServer 2_is1" = WampServer 2.1
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"WinX Free iPod Video Converter_is1" = WinX Free iPod Video Converter 3.8.15
"Xming_is1" = Xming 6.9.0.31
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1192680077-2527291933-1768738536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2012 9:30:24 AM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14352

Error - 6/8/2012 10:08:53 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/8/2012 10:08:53 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 45523479

Error - 6/8/2012 10:08:53 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 45523479

Error - 6/8/2012 10:08:54 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/8/2012 10:08:54 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 45524851

Error - 6/8/2012 10:08:54 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 45524851

Error - 6/8/2012 10:08:55 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/8/2012 10:08:55 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 45526021

Error - 6/8/2012 10:08:55 PM | Computer Name = Jing-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 45526021
 
[ Cisco AnyConnect VPN Client Events ]
Error - 11/19/2012 9:32:59 PM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11/19/2012 9:32:59 PM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 11/19/2012 10:13:16 PM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11/19/2012 10:13:16 PM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11/19/2012 10:13:16 PM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11/19/2012 10:13:16 PM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 11/20/2012 2:07:03 AM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11/20/2012 2:07:03 AM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11/20/2012 2:07:03 AM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11/20/2012 2:07:03 AM | Computer Name = Jing-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

[ System Events ]
Error - 12/10/2011 2:12:58 AM | Computer Name = Jing-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:10:26 AM on ?12/?10/?2011 was unexpected.

Error - 12/10/2011 2:13:21 AM | Computer Name = JING-PC | Source = BugCheck | ID = 1001
Description =

Error - 12/10/2011 10:48:17 AM | Computer Name = Jing-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
Server (SQLEXPRESS) service to connect.

Error - 12/10/2011 10:48:17 AM | Computer Name = Jing-PC | Source = Service Control Manager | ID = 7000
Description = The SQL Server (SQLEXPRESS) service failed to start due to the following
error: %%1053

Error - 12/10/2011 10:49:12 AM | Computer Name = Jing-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Cisco
EnergyWise Enabler service to connect.

Error - 12/10/2011 10:49:12 AM | Computer Name = Jing-PC | Source = Service Control Manager | ID = 7000
Description = The Cisco EnergyWise Enabler service failed to start due to the following
error: %%1053

Error - 12/10/2011 10:49:15 AM | Computer Name = Jing-PC | Source = DCOM | ID = 10016
Description =

Error - 12/10/2011 10:50:37 AM | Computer Name = Jing-PC | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 12/10/2011 10:57:22 AM | Computer Name = Jing-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 12/14/2011 12:38:52 PM | Computer Name = Jing-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
OTL.txt
OTL logfile created on: 11/19/2012 10:14:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jing\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 34.79% Memory free
7.80 Gb Paging File | 4.84 Gb Available in Paging File | 62.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 130.95 Gb Total Space | 37.36 Gb Free Space | 28.53% Space Free | Partition Type: NTFS
Drive D: | 101.84 Gb Total Space | 21.59 Gb Free Space | 21.20% Space Free | Partition Type: NTFS

Computer Name: JING-PC | User Name: Jing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 22:14:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jing\Downloads\OTL.exe
PRC - [2012/10/31 14:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/15 03:42:20 | 002,913,464 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\6.2.0.8278\SGTool.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/05/24 10:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jing\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/03 13:43:46 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/07/03 23:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/07/03 23:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/02/18 14:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/01/20 01:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/10 15:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/26 14:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/26 14:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/09/03 00:44:38 | 000,388,110 | ---- | M] () -- C:\Program Files (x86)\OpenSSH\usr\sbin\sshd.exe
PRC - [2010/06/10 10:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/04/07 11:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 11:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/08 20:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/05 16:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 05:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/10/02 20:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/03/18 02:28:46 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
PRC - [2007/02/14 10:15:04 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback\razerhid.exe
PRC - [2007/02/14 10:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/31 14:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 14:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 14:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 14:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 14:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 14:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 14:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2011/09/27 03:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 03:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/10 15:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/01/10 15:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/20 22:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 17:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 13:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 13:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/27 13:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2007/02/14 10:15:04 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback\razerhid.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/06/29 20:01:42 | 004,714,888 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC Server\vncserver.exe -- (vncserver)
SRV:64bit: - [2011/04/25 08:03:46 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/15 11:18:32 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011/03/15 11:18:22 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2011/02/01 10:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/04/07 11:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/03 13:43:46 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/07/03 23:02:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/07/03 23:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/07/03 23:02:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/04/27 01:37:05 | 000,503,536 | ---- | M] (Baidu.com, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Baidu\BaiduUpdate\bdupdate.exe -- (BaiduUpdater)
SRV - [2011/02/20 16:31:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/18 14:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/11/24 11:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/10/24 09:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 20:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 05:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/18 02:28:46 | 000,068,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe -- (OpenSSHd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/06/29 19:39:02 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/11 23:01:06 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/03 13:27:30 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/07/03 23:02:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/07/03 23:02:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/05/10 04:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/25 08:30:32 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/25 08:30:32 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/25 07:23:34 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/20 15:16:19 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/02/01 10:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/12/09 14:52:42 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)
DRV:64bit: - [2010/11/11 08:47:53 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/09 11:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/14 16:26:48 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/07 11:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 20:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/15 05:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 05:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/07 03:22:04 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2010/01/29 11:39:10 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2009/12/03 13:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 09:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/13 11:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV:64bit: - [2008/05/06 13:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/02/18 21:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2006/10/12 23:21:00 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVicPort64.sys -- (TVicPort64)
DRV:64bit: - [2005/11/07 10:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Razerlow.sys -- (Razerlow)
DRV:64bit: - [2005/09/19 13:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2010/07/15 05:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 05:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/04/24 21:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Razerlow.sys -- (Razerlow)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 21 C3 9D 52 D1 CB 01 [binary data]
IE - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.53\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jing\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jing\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jing\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jing\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/02/21 19:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/02/21 19:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 19:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/28 10:13:45 | 000,000,000 | ---D | M]

[2012/08/24 20:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jing\AppData\Roaming\Mozilla\Extensions
[2012/08/24 20:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jing\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jing\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.53\npplugin2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jing\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jing\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.53\npplugin2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX HiQ = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_1\
CHR - Extension: AVG Safe Search = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Safe Search = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_1\
CHR - Extension: AVG Do Not Track = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: AVG Do Not Track = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_1\
CHR - Extension: Gmail = C:\Users\Jing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/19 20:26:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1192680077-2527291933-1768738536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.77.2.11 207.200.7.21 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C01B9C7-20F4-473E-9383-86B2121C1640}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6012D7C2-A624-47DC-B086-8547568ED151}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8221F501-CC2A-418C-9428-8F498AF97180}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E993F2E2-2ADA-4936-B0E0-09234CBF2F24}: DhcpNameServer = 208.77.2.11 207.200.7.21 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk /K:C *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 22:07:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/19 21:22:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/19 19:59:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/19 19:59:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/19 19:59:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/19 19:59:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/19 19:58:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/19 19:55:39 | 005,003,338 | R--- | C] (Swearware) -- C:\Users\Jing\Desktop\ComboFix.exe
[2012/11/19 19:43:01 | 000,000,000 | ---D | C] -- C:\Users\Jing\Desktop\RK_Quarantine
[2012/11/19 19:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/19 17:44:02 | 000,000,000 | ---D | C] -- C:\Symbols
[2012/11/19 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2012/11/19 17:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2012/11/19 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Jing\AppData\Local\{6FF82B05-8B65-4C75-9EB5-3FE80742733A}
[2012/11/19 17:31:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/19 15:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/19 14:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/11/19 11:29:21 | 000,000,000 | ---D | C] -- C:\Users\Jing\AppData\Local\{E0123E74-19F4-46AB-96F2-89AB683C94E2}
[2012/11/19 11:09:56 | 000,000,000 | ---D | C] -- C:\Users\Jing\AppData\Local\{4509FB29-E4E4-4540-8903-A5F30C4452E4}
[2012/11/16 22:39:48 | 000,000,000 | ---D | C] -- C:\Users\Jing\AppData\Local\{98EC0252-4BBC-45DB-9D5B-A186C46EEB71}
[2012/11/16 09:12:57 | 000,000,000 | ---D | C] -- C:\Users\Jing\AppData\Local\{E1D96E72-CCC6-4DD7-B61A-C993CE071A98}
[2012/11/15 20:19:01 | 013,278,471 | ---- | C] (ChefVilleBot ) -- C:\Users\Jing\Desktop\ChefVilleBotSetup.exe
[2012/11/15 20:07:07 | 000,000,000 | ---D | C] -- C:\Users\Jing\Desktop\codebase-php
[2012/10/22 18:42:36 | 005,188,280 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\SogouPY.ime
[2012/10/22 18:42:36 | 002,980,536 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysWow64\SogouPY.ime
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/19 22:16:48 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/19 22:16:48 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/19 22:13:47 | 000,875,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/19 22:13:47 | 000,728,784 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/19 22:13:47 | 000,146,710 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/19 22:07:20 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/19 22:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/19 22:06:52 | 3139,522,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/19 21:23:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/19 21:22:11 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192680077-2527291933-1768738536-1000UA.job
[2012/11/19 20:26:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/19 19:55:50 | 005,003,338 | R--- | M] (Swearware) -- C:\Users\Jing\Desktop\ComboFix.exe
[2012/11/19 19:19:21 | 000,002,293 | ---- | M] () -- C:\Users\Jing\Desktop\Google Chrome.lnk
[2012/11/19 17:58:52 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/11/19 17:43:52 | 100,666,563 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/11/19 14:44:11 | 000,001,803 | ---- | M] () -- C:\Users\Jing\Desktop\MagicISO.lnk
[2012/11/19 13:42:19 | 000,000,087 | ---- | M] () -- C:\Users\Jing\AppData\Roaming\mbam.context.scan
[2012/11/19 13:30:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/19 12:31:32 | 529,109,620 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 10:59:17 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1192680077-2527291933-1768738536-1000Core.job
[2012/11/18 18:27:01 | 000,495,095 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/16 02:36:02 | 000,419,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/26 08:16:52 | 000,176,840 | ---- | M] () -- C:\Users\Jing\Desktop\JXCurrentResume.pdf
[2012/10/25 13:09:34 | 034,765,602 | ---- | M] () -- C:\Users\Jing\Desktop\bu-home-04.zip
[2012/10/22 18:42:36 | 005,188,280 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\SogouPY.ime
[2012/10/22 18:42:36 | 002,980,536 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysWow64\SogouPY.ime
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/19 19:59:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/19 19:59:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/19 19:59:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/19 19:59:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/19 19:59:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/19 19:19:21 | 000,002,293 | ---- | C] () -- C:\Users\Jing\Desktop\Google Chrome.lnk
[2012/11/19 19:18:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/19 19:18:13 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/19 14:44:11 | 000,001,803 | ---- | C] () -- C:\Users\Jing\Desktop\MagicISO.lnk
[2012/11/19 13:42:19 | 000,000,087 | ---- | C] () -- C:\Users\Jing\AppData\Roaming\mbam.context.scan
[2012/11/18 00:07:14 | 034,765,602 | ---- | C] () -- C:\Users\Jing\Desktop\bu-home-04.zip
[2012/10/26 08:16:49 | 000,176,840 | ---- | C] () -- C:\Users\Jing\Desktop\JXCurrentResume.pdf
[2012/09/24 23:01:03 | 000,000,312 | ---- | C] () -- C:\Users\Jing\.octave_hist
[2012/09/17 21:19:16 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/09/09 23:47:34 | 000,000,038 | ---- | C] () -- C:\Users\Jing\.lesshst
[2012/08/19 14:20:21 | 000,027,520 | ---- | C] () -- C:\Users\Jing\AppData\Local\dt.dat
[2011/10/23 04:42:42 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/10/15 07:39:17 | 000,016,924 | ---- | C] () -- C:\Users\Jing\qms-bmh3.bmp
[2011/10/15 07:39:16 | 000,016,924 | ---- | C] () -- C:\Users\Jing\qms-bmh2.bmp
[2011/10/15 07:39:16 | 000,016,924 | ---- | C] () -- C:\Users\Jing\qms-bmh1.bmp
[2011/10/15 07:37:16 | 000,000,016 | -H-- | C] () -- C:\Users\Jing\5vFfCOufnM8
[2011/10/11 12:29:33 | 000,000,600 | ---- | C] () -- C:\Users\Jing\AppData\Roaming\winscp.rnd
[2011/09/26 15:27:10 | 000,006,024 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2011/09/26 15:27:09 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2011/09/26 15:27:09 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2011/09/26 15:27:09 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2011/09/26 15:27:09 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2011/09/26 15:27:09 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2011/09/26 15:27:09 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2011/09/26 15:27:09 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2011/09/26 15:27:09 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2011/09/26 15:27:09 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2011/09/26 15:27:09 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2011/09/26 15:27:09 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2011/09/26 15:27:09 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2011/09/26 15:27:09 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2011/09/26 15:27:09 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2011/09/26 15:27:09 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2011/09/26 15:27:09 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2011/09/20 17:28:14 | 000,000,600 | ---- | C] () -- C:\Users\Jing\AppData\Local\PUTTY.RND
[2011/09/15 16:27:02 | 000,000,265 | ---- | C] () -- C:\Users\Jing\quartus2.qreg
[2011/09/15 16:02:59 | 000,000,865 | ---- | C] () -- C:\Users\Jing\quartus2.ini
[2011/09/02 13:05:30 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/09/02 13:05:23 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/08/18 05:48:35 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/08/18 05:48:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/18 05:44:17 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/06 11:46:25 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2011/06/05 15:40:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/11 13:57:18 | 000,050,328 | ---- | C] () -- C:\Windows\SysWow64\kmetjgjujzoq.exe
[2011/04/09 09:39:31 | 000,003,584 | ---- | C] () -- C:\Users\Jing\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 09:17:32 | 000,888,688 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/20 17:10:14 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/02/20 17:10:14 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/02/20 17:10:14 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/02/20 17:10:14 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/02/20 17:10:14 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/02/20 16:02:59 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/02/20 15:54:25 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/12 17:34:58 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/12 17:34:58 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/28 10:09:53 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\AVG2012
[2011/02/20 15:47:37 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\BWMonitor
[2012/02/15 16:43:45 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\ControlCenter4
[2011/02/20 15:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\DAEMON Tools Lite
[2012/08/22 21:13:49 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Digiarty
[2012/11/19 22:09:01 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Dropbox
[2011/12/25 12:35:45 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\e-academy Inc
[2012/08/22 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\E-Zsoft
[2012/09/21 19:04:31 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\ExpressFiles
[2012/01/01 09:37:59 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\GetRightToGo
[2011/08/16 06:09:54 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\JAM Software
[2012/07/30 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Notepad++
[2011/09/02 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Nuance
[2011/10/23 04:43:38 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\PopCapv1006
[2011/02/20 17:26:41 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\PwrMgr
[2011/08/01 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Scrabble Plus
[2011/07/06 22:34:57 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Tencent
[2011/02/20 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\TTPlayer
[2011/02/20 15:35:11 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Update
[2012/11/18 22:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\uTorrent
[2011/03/17 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\Vso
[2011/10/02 09:40:05 | 000,000,000 | ---D | M] -- C:\Users\Jing\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/10/27 19:12:19 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
[2011/06/22 07:06:00 | 000,002,040 | ---- | M] ()(C:\Users\Jing\Desktop\????.lnk) -- C:\Users\Jing\Desktop\千千静听.lnk
[2011/02/20 15:32:52 | 000,002,040 | ---- | C] ()(C:\Users\Jing\Desktop\????.lnk) -- C:\Users\Jing\Desktop\千千静听.lnk
(C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
[2011/10/15 07:37:16 | 000,000,016 | -H-- | C] () -- C:\Users\Jing\5vFfCOufnM8
[2011/05/11 13:57:18 | 000,050,328 | ---- | C] () -- C:\Windows\SysWow64\kmetjgjujzoq.exe

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans..

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

H
Freezes after BSOD
Replies
10
Views
1K
bazz2004
B
midian182
Mystery of LG washing machine using 3.6GB of data daily could have a simple explanation
2
Replies
37
Views
743
ZedRM
ZedRM
H
BSOD during youtube video - Windows 7 64 - suspected hardware malfunction
Replies
15
Views
2K
Kshipper
Kshipper

Latest posts

Back