1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

avast says my svchost.exe has a [Trj]

Discussion in 'Virus & Other Malware Removal' started by thorandai, Jan 12, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    um first off im not a very experienced computer guy that is why im here my issue is that my computer has recently started to slow down and have issues with the firewall disabling, internet and network not working properly as in keeps loading not showing an error screen until after a few minutes has passed and when i restart everything works as should.i dont know if this explains a lot but when starting the computer my avast says that it is scanning svchost.exe in sandbox and then shortly after it states that there is an issue with it and it puts it in its virus chest when i looked at the virus description in avast virus chest it says, Dyna:FakeSys-E [Trj];Dyna:FakeS as the description of the virus I then researched it and lead me here i followed the steps in the "Everyone must read this before posting for help" and the logs are as follows

    HIJACKTHIS LOG

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:00:36 PM, on 1/12/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Users\THORAN~1\AppData\Local\Temp\svchost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\program files (x86)\ncsoft\launcher\NCLauncher.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\thorandai\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=bc1d934a00000000000000ffb8210817
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll (file missing)
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\BabylonToolbarTlbr.dll (file missing)
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
    O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [Adobe] C:\ProgramData\Adobe\1901D86.vbe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files (x86)\ncsoft\launcher\NCLauncher.exe /Minimized
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
    O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll c:\progra~1\lucidl~1\virtu\x86\appini~1.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: CyberLink Product - 2012/03/09 16:22:12 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11782 bytes

    DDS.TXT LOG

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by thorandai at 22:00:46 on 2013-01-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16297.12776 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    "C:\Users\THORAN~1\AppData\Local\Temp\svchost.exe" -o http://v502th.chickenkiller.com -O v500:v500 -l 1
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\program files (x86)\ncsoft\launcher\NCLauncher.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\thorandai\Desktop\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
    dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
    TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [PlayNC Launcher] <no file>
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
    mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe] C:\ProgramData\Adobe\1901D86.vbe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    TCP: NameServer = 205.171.3.25 205.171.2.25
    TCP: Interfaces\{AEE0C666-CFF4-4C50-9705-6CDF8D73FFA1} : DHCPNameServer = 205.171.3.25 205.171.2.25
    AppInit_DLLs= c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll c:\progra~1\lucidl~1\virtu\x86\appini~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-28 8704]
    R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-3-9 15368]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-25 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-25 370288]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-25 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-25 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-3 44808]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-9 2656280]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-3-29 57088]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-7 80384]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-4-23 32344]
    R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-3-9 65632]
    S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/09 16:22:12;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-8 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .chm: CHM="C:\Program Files (x86)\Go PDF Reader\GoPDFReader.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-11 17:50:02 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\mpengine.dll
    2013-01-09 03:47:26 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 03:47:26 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 03:46:25 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 03:46:24 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 03:46:24 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 03:46:24 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 03:43:55 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-09 03:42:50 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-07 15:00:15 -------- d-----w- C:\Users\thorandai\AppData\Local\Fallout3
    2012-12-31 18:35:13 -------- d-----w- C:\Users\thorandai\AppData\Local\SvchostViewer
    2012-12-31 18:29:52 -------- d-----w- C:\Users\thorandai\AppData\Roaming\ParetoLogic
    2012-12-31 18:29:52 -------- d-----w- C:\Users\thorandai\AppData\Roaming\DriverCure
    2012-12-31 18:29:42 -------- d-----w- C:\ProgramData\ParetoLogic
    2012-12-31 01:53:10 -------- d-----w- C:\Users\thorandai\AppData\Local\Programs
    2012-12-30 07:41:43 -------- d-----w- C:\Users\thorandai\Assassins Creed III-SKIDROW
    2012-12-30 00:56:18 -------- d-----w- C:\Users\thorandai\AppData\Local\Black_Tree_Gaming
    2012-12-30 00:56:15 -------- d-----w- C:\Program Files\Nexus Mod Manager
    2012-12-27 01:37:54 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-27 01:37:25 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-27 01:36:48 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-12-27 01:36:31 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-12-26 18:36:15 -------- d-----w- C:\Users\thorandai\AppData\Roaming\ZombieDriver
    2012-12-26 18:36:10 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-12-26 18:36:10 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-12-26 18:36:10 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-12-26 18:36:10 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-12-26 18:36:10 -------- d-----w- C:\Program Files (x86)\OpenAL
    2012-12-21 17:59:42 -------- d-----w- C:\Users\thorandai\AppData\Local\DDMSettings
    2012-12-21 17:48:41 -------- d-----w- C:\Program Files\DivX
    2012-12-21 17:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2012-12-21 17:46:18 -------- d-----w- C:\Program Files (x86)\DivX
    2012-12-21 17:45:04 -------- d-----w- C:\ProgramData\DivX
    2012-12-21 06:57:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 06:57:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 06:57:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 06:57:07 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-19 15:26:23 -------- d-----w- C:\Users\thorandai\AppData\Local\Skyrim
    .
    ==================== Find3M ====================
    .
    2013-01-10 19:44:06 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-01-10 19:44:06 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-01-09 15:53:39 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 15:53:39 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-07 01:50:04 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-09 01:48:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-09 01:48:04 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-09 01:48:04 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 15:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    .
    ============= FINISH: 22:00:54.09 ===============

    ATTACH.TXT LOG

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/8/2012 10:22:18 PM
    System Uptime: 1/12/2013 1:01:01 PM (9 hours ago)
    .
    Motherboard: ASRock | | Z68 Extreme4 Gen3
    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPUSocket | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1397 GiB total, 1205.606 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP211: 1/8/2013 12:56:55 PM - Scheduled Checkpoint
    RP212: 1/8/2013 9:33:39 PM - Windows Update
    RP213: 1/9/2013 12:54:11 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Ace of Spades
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.6
    Amazon Kindle
    applicationupdater
    ASRock App Charger v1.0.4
    Auslogics Disk Defrag
    avast! Free Antivirus
    Batman: Arkham City™
    Battlefield 3™
    Battlelog Web Plugins
    Broadcom Gigabit NetLink Controller
    Call of Duty: Modern Warfare 3
    Call of Duty: Modern Warfare 3 - Dedicated Server
    Call of Duty: Modern Warfare 3 - Multiplayer
    Chivalry: Medieval Warfare
    CyberLink BD Advisor 2.0
    CyberLink Blu-ray Disc Suite
    CyberLink LG Burning Tool
    CyberLink PowerDVD 9
    CyberLink PowerProducer
    DivX Setup
    Dual-Core Optimizer
    ESN Sonar
    Etron USB3.0 Host Controller
    Far Cry 3
    FileHippo.com Update Checker
    gamelauncher-code4344-beta
    Garry's Mod
    Go PDF Reader
    Google Chrome
    Google Update Helper
    Guild Wars 2
    Hi-Rez Studios Authenticate and Update Service
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Itibiti RTC
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 7 (64-bit)
    LG Tool Kit
    Magic: The Gathering - Duels of the Planeswalkers 2013
    Malwarebytes Anti-Malware version 1.70.0.1100
    marvell 91xx driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    NCsoft Launcher
    Nexus Mod Manager
    Notepad++
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OpenAL
    Origin
    Pando Media Booster
    PlanetSide 2 Beta
    PunkBuster Services
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Source SDK Base 2007
    Star Wars: Knights of the Old Republic II
    Steam
    swMSM
    TeamSpeak 3 Client
    The Binding of Isaac
    The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0
    Ubisoft Game Launcher
    UltraISO Premium V9.52
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Manager for SweetPacks 1.0
    Uplay
    VC80CRTRedist - 8.0.50727.6195
    VIRTU 1.2.103
    Visual Studio 2008 x64 Redistributables
    Windows Driver Package - Etron Technology Inc. (EtronXHCI) USB (08/04/2011 1.00.0000.0105)
    Windows Live ID Sign-in Assistant
    WinRAR 4.11 (64-bit)
    Yahoo! Software Update
    Yahoo! Toolbar
    Zombie Driver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/7/2013 8:41:53 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    1/12/2013 1:03:30 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/12/2013 1:03:30 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================

    I did not include the Ark.txt file log as I went over the character limit and gmer said it did not find anything but i did not want to post half a log as it could complicate things it is currrently saved so i will be able to show the log to anyone needing it.
    Thank you for reading this and I hope this can be resolved as efficiently and painless for you guys as possible.
    Sincerely, Thorandai
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  3. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    here is the log
    ComboFix 13-01-13.01 - thorandai 01/13/2013 12:11:20.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16297.13204 [GMT -6:00]
    Running from: c:\users\thorandai\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    C:\STF3ED6.tmp
    C:\STF5D57.tmp
    C:\STF8542.tmp
    C:\STFC135.tmp
    C:\STFFBDE.tmp
    c:\users\thorandai\AppData\Local\assembly\tmp
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-13 18:15 . 2013-01-13 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-13 18:15 . 2013-01-13 18:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-01-13 17:46 . 2013-01-13 17:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\offreg.dll
    2013-01-11 17:50 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\mpengine.dll
    2013-01-09 03:47 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 03:47 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 03:46 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 03:46 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 03:46 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 03:46 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 03:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 03:42 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-07 15:00 . 2013-01-07 15:00 -------- d-----w- c:\users\thorandai\AppData\Local\Fallout3
    2012-12-31 18:35 . 2012-12-31 18:35 -------- d-----w- c:\users\thorandai\AppData\Local\SvchostViewer
    2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\ParetoLogic
    2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\DriverCure
    2012-12-31 18:29 . 2013-01-05 04:42 -------- d-----w- c:\programdata\ParetoLogic
    2012-12-31 01:53 . 2012-12-31 01:53 -------- d-----w- c:\users\thorandai\AppData\Local\Programs
    2012-12-30 07:41 . 2012-12-30 13:32 -------- d-----w- c:\users\thorandai\Assassins Creed III-SKIDROW
    2012-12-30 00:56 . 2013-01-13 04:10 -------- d-----w- c:\users\thorandai\AppData\Local\Black_Tree_Gaming
    2012-12-27 01:37 . 2012-12-27 01:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-27 01:37 . 2012-12-27 01:37 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-27 01:36 . 2012-12-27 01:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-12-27 01:36 . 2012-12-27 01:36 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-12-26 18:36 . 2012-12-26 18:54 -------- d-----w- c:\users\thorandai\AppData\Roaming\ZombieDriver
    2012-12-26 18:36 . 2012-12-26 18:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-12-26 18:36 . 2012-12-26 18:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-12-26 18:36 . 2012-12-26 18:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-12-26 18:36 . 2012-12-26 18:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-12-26 18:36 . 2012-12-26 18:36 -------- d-----w- c:\program files (x86)\OpenAL
    2012-12-21 17:59 . 2012-12-21 17:59 -------- d-----w- c:\users\thorandai\AppData\Local\DDMSettings
    2012-12-21 17:48 . 2012-12-21 17:49 -------- d-----w- c:\users\thorandai\AppData\Roaming\DivX
    2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files\DivX
    2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2012-12-21 17:46 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\DivX
    2012-12-21 17:45 . 2012-12-21 17:59 -------- d-----w- c:\programdata\DivX
    2012-12-21 06:57 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 06:57 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 06:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 06:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-19 15:26 . 2013-01-06 02:18 -------- d-----w- c:\users\thorandai\AppData\Local\Skyrim
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-10 19:44 . 2012-03-10 19:50 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-01-10 19:44 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-01-09 15:53 . 2012-04-07 22:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 15:53 . 2012-03-09 02:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 06:57 . 2012-03-09 00:35 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-07 01:50 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-12-14 22:49 . 2012-11-04 19:52 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:45 . 2013-01-09 03:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-14 07:06 . 2012-12-13 02:12 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 02:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 02:12 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 02:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 02:12 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 02:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 02:12 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 02:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 02:12 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 02:12 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 02:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 02:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 02:12 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 02:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 02:12 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 02:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 02:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 02:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 02:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 02:12 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
    2012-11-09 05:45 . 2012-12-12 23:50 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 23:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-09 01:48 . 2012-11-09 01:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-09 01:48 . 2012-10-01 18:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-11-09 01:48 . 2012-03-24 00:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-02 05:59 . 2012-12-12 23:48 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 23:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-10-30 22:51 . 2012-06-25 06:30 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2012-06-25 06:30 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2012-06-25 06:30 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2012-06-25 06:30 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51 . 2012-06-25 06:30 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2012-06-25 06:29 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 22:50 . 2012-06-25 06:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-10-30 22:50 . 2012-06-25 06:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-27 17:34 . 2012-10-27 17:34 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-10-16 08:38 . 2012-11-28 16:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 16:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 16:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-05 1354736]
    "NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-10-12 38744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-08-03 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-19 27760]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-23 222504]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    "Adobe"="c:\programdata\Adobe\1901D86.vbe" [2012-12-13 7642]
    .
    c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Uninstall Webroot RunOnce.lnk - c:\users\UpdatusUser\AppData\Roaming\wruninstall.exe [2012-9-30 7021336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/09 16:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-24 240112]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
    S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-08-17 57088]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-08-17 80384]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-15 412712]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2000-01-01 32344]
    S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-06-20 65632]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_9EC60124
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-10 20:00 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:53]
    .
    2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
    .
    2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12459112]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKLM-Run-ExpressFiles - c:\program files (x86)\ExpressFiles\ExpressFiles.exe
    Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    AddRemove-The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0 - c:\program files (x86)\The Elder Scrolls V Skyrim\Uninstall.exe
    AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
    9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
    2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
    93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:0b,67,f4,19,5d,26,cd,01
    .
    [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\SecuROM\License information*]
    "datasecu"=hex:d0,f3,c5,61,27,70,1e,a1,86,ce,95,d3,84,af,cf,7e,b0,8c,e6,ac,8b,
    f4,db,27,16,c7,9b,37,9d,24,dd,f1,d5,4a,2a,88,01,57,b7,09,b9,79,0c,42,ba,d5,\
    "rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-13 12:16:18
    ComboFix-quarantined-files.txt 2013-01-13 18:16
    .
    Pre-Run: 1,302,431,125,504 bytes free
    Post-Run: 1,302,310,289,408 bytes free
    .
    - - End Of File - - A6AF6582A86366E434EFD708B8A531A9
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38
     

    Attached Files:

  5. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    here is the combo fix log and i uploaded the zip file to the forum
    ComboFix 13-01-13.01 - thorandai 01/13/2013 15:06:55.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16297.12628 [GMT -6:00]
    Running from: c:\users\thorandai\Desktop\ComboFix.exe
    Command switches used :: c:\users\thorandai\Desktop\CFScript (1).txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk"
    "c:\users\UpdatusUser\AppData\Roaming\wruninstall.exe"
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Adobe\1901D86.vbe
    c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    c:\users\UpdatusUser\AppData\Roaming\wruninstall.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-13 21:10 . 2013-01-13 21:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-01-13 21:10 . 2013-01-13 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-11 17:50 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58656E77-B2A2-4ECE-A20A-86BD19135092}\mpengine.dll
    2013-01-09 03:47 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 03:47 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 03:46 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 03:46 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 03:46 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 03:46 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 03:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 03:42 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-07 15:00 . 2013-01-07 15:00 -------- d-----w- c:\users\thorandai\AppData\Local\Fallout3
    2012-12-31 18:35 . 2012-12-31 18:35 -------- d-----w- c:\users\thorandai\AppData\Local\SvchostViewer
    2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\ParetoLogic
    2012-12-31 18:29 . 2012-12-31 18:29 -------- d-----w- c:\users\thorandai\AppData\Roaming\DriverCure
    2012-12-31 18:29 . 2013-01-05 04:42 -------- d-----w- c:\programdata\ParetoLogic
    2012-12-31 01:53 . 2012-12-31 01:53 -------- d-----w- c:\users\thorandai\AppData\Local\Programs
    2012-12-30 07:41 . 2012-12-30 13:32 -------- d-----w- c:\users\thorandai\Assassins Creed III-SKIDROW
    2012-12-30 00:56 . 2013-01-13 04:10 -------- d-----w- c:\users\thorandai\AppData\Local\Black_Tree_Gaming
    2012-12-27 01:37 . 2012-12-27 01:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-27 01:37 . 2012-12-27 01:37 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-27 01:36 . 2012-12-27 01:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-12-27 01:36 . 2012-12-27 01:36 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-12-26 18:36 . 2012-12-26 18:54 -------- d-----w- c:\users\thorandai\AppData\Roaming\ZombieDriver
    2012-12-26 18:36 . 2012-12-26 18:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-12-26 18:36 . 2012-12-26 18:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-12-26 18:36 . 2012-12-26 18:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-12-26 18:36 . 2012-12-26 18:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-12-26 18:36 . 2012-12-26 18:36 -------- d-----w- c:\program files (x86)\OpenAL
    2012-12-21 17:59 . 2012-12-21 17:59 -------- d-----w- c:\users\thorandai\AppData\Local\DDMSettings
    2012-12-21 17:48 . 2012-12-21 17:49 -------- d-----w- c:\users\thorandai\AppData\Roaming\DivX
    2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files\DivX
    2012-12-21 17:48 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2012-12-21 17:46 . 2012-12-21 17:58 -------- d-----w- c:\program files (x86)\DivX
    2012-12-21 17:45 . 2012-12-21 17:59 -------- d-----w- c:\programdata\DivX
    2012-12-21 06:57 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 06:57 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 06:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 06:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-19 15:26 . 2013-01-06 02:18 -------- d-----w- c:\users\thorandai\AppData\Local\Skyrim
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-10 19:44 . 2012-03-10 19:50 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-01-10 19:44 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-01-09 15:53 . 2012-04-07 22:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 15:53 . 2012-03-09 02:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 06:57 . 2012-03-09 00:35 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-07 01:50 . 2012-03-10 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-12-14 22:49 . 2012-11-04 19:52 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:45 . 2013-01-09 03:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-14 07:06 . 2012-12-13 02:12 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 02:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 02:12 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 02:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 02:12 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 02:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 02:12 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 02:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 02:12 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 02:12 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 02:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 02:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 02:12 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 02:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 02:12 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 02:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 02:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 02:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 02:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 02:12 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 02:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
    2012-11-09 05:45 . 2012-12-12 23:50 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 23:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-09 01:48 . 2012-11-09 01:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-09 01:48 . 2012-10-01 18:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-11-09 01:48 . 2012-03-24 00:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-02 05:59 . 2012-12-12 23:48 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 23:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-10-30 22:51 . 2012-06-25 06:30 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2012-06-25 06:30 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2012-06-25 06:30 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2012-06-25 06:30 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51 . 2012-06-25 06:30 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2012-06-25 06:29 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 22:50 . 2012-06-25 06:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-10-30 22:50 . 2012-06-25 06:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-27 17:34 . 2012-10-27 17:34 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-10-16 08:38 . 2012-11-28 16:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 16:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 16:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-05 1354736]
    "NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-10-12 38744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-08-03 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-19 27760]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-23 222504]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/09 16:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-24 240112]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
    S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-08-17 57088]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-08-17 80384]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-15 412712]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2000-01-01 32344]
    S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-06-20 65632]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - CLKMDRV10_9EC60124
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-10 20:00 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:53]
    .
    2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
    .
    2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 02:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12459112]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0 - c:\program files (x86)\The Elder Scrolls V Skyrim\Uninstall.exe
    AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
    9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
    2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
    93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:0b,67,f4,19,5d,26,cd,01
    .
    [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\SecuROM\License information*]
    "datasecu"=hex:d0,f3,c5,61,27,70,1e,a1,86,ce,95,d3,84,af,cf,7e,b0,8c,e6,ac,8b,
    f4,db,27,16,c7,9b,37,9d,24,dd,f1,d5,4a,2a,88,01,57,b7,09,b9,79,0c,42,ba,d5,\
    "rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-13 15:14:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-13 21:14
    ComboFix2.txt 2013-01-13 18:16
    .
    Pre-Run: 1,301,457,825,792 bytes free
    Post-Run: 1,300,896,489,472 bytes free
    .
    - - End Of File - - 1E8B37AE172CEB717CB0E7CC7009788B
    Upload was successful
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    are you still getting any alerts or warnings from your antivirus?
    are you having any problems now?
     
  7. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    now avast is saying the virus description has a win-32 PUP-gen
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    where is Avast saying the infected file is
     
  9. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    its saying it is in the virus chest and the original location is C:\Users\THORAN~1\Appdata\Local\temp
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    lets see what this shows us

    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • In the Files Age drop down box click 90
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  11. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    here is the log
    Code:
    OTS logfile created on: 1/14/2013 12:13:41 PM - Run 1
    OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\thorandai\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 85.00% Memory free
    32.00 Gb Paging File | 29.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1397.26 Gb Total Space | 1210.41 Gb Free Space | 86.63% Space Free | Partition Type: NTFS
    Drive D: | 4.38 Gb Total Space | 4.37 Gb Free Space | 99.88% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: THORANDAI-PC
    Current User Name: thorandai
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 90 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Users\thorandai\Desktop\OTS.exe -> [2013/01/14 12:11:54 | 000,646,656 | ---- | M] (OldTimer Tools)
    steamservice.exe -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2012/12/20 10:26:39 | 000,541,760 | ---- | M] (Valve Corporation)
    steam.exe -> C:\Program Files (x86)\Steam\Steam.exe -> [2012/12/04 22:27:21 | 001,354,736 | ---- | M] (Valve Corporation)
    divxupdate.exe -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe -> [2012/11/29 20:06:58 | 001,263,512 | ---- | M] ()
    avastui.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe -> [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software)
    avastsvc.exe -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software)
    nclauncher.exe -> C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe -> [2012/10/11 22:49:15 | 000,038,744 | ---- | M] (NCSoft)
    nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
    pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/09/06 11:10:52 | 000,076,888 | ---- | M] ()
    fwupdate.exe -> C:\Program Files (x86)\lg_fwupdate\fwupdate.exe -> [2012/07/18 20:44:16 | 000,871,536 | ---- | M] (BitLeader)
    uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation)
    lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation)
    brs.exe -> C:\Program Files (x86)\CyberLink\Shared files\brs.exe -> [2010/11/23 02:33:20 | 000,075,048 | ---- | M] (cyberlink)
    pdvd9serv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe -> [2010/08/02 21:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.)
    clmlsvc.exe -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe -> [2009/12/15 14:47:00 | 000,103,720 | ---- | M] (CyberLink)
    yahooauservice.exe -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
     
    [Modules - No Company Name]
    sdl.dll -> C:\Program Files (x86)\Steam\sdl.dll -> [2012/12/20 10:27:51 | 000,647,168 | ---- | M] ()
    libcef.dll -> C:\Program Files (x86)\Steam\bin\libcef.dll -> [2012/12/20 10:26:38 | 020,320,240 | ---- | M] ()
    avcodec-53.dll -> C:\Program Files (x86)\Steam\bin\avcodec-53.dll -> [2012/12/20 10:26:34 | 001,100,800 | ---- | M] ()
    chromehtml.dll -> C:\Program Files (x86)\Steam\bin\chromehtml.dll -> [2012/12/20 10:26:34 | 000,969,280 | ---- | M] ()
    avformat-53.dll -> C:\Program Files (x86)\Steam\bin\avformat-53.dll -> [2012/12/20 10:26:34 | 000,192,000 | ---- | M] ()
    avutil-51.dll -> C:\Program Files (x86)\Steam\bin\avutil-51.dll -> [2012/12/20 10:26:34 | 000,124,416 | ---- | M] ()
    divxupdatecheck.dll -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll -> [2012/11/29 20:07:48 | 000,100,248 | ---- | M] ()
    divxupdate.exe -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe -> [2012/11/29 20:06:58 | 001,263,512 | ---- | M] ()
    unrar.net.dll -> C:\Program Files (x86)\NCSoft\Launcher\UnRar.Net.dll -> [2012/10/11 22:49:15 | 000,217,088 | ---- | M] ()
    nc.logging.dll -> C:\Program Files (x86)\NCSoft\Launcher\NC.Logging.dll -> [2012/10/11 22:49:15 | 000,024,576 | ---- | M] ()
    system.windows.forms.dll -> C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll -> [2012/10/05 04:53:24 | 005,025,792 | ---- | M] ()
    system.dll -> C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll -> [2012/10/05 04:53:24 | 003,198,976 | ---- | M] ()
    system.drawing.dll -> C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll -> [2012/10/05 04:53:24 | 000,630,784 | ---- | M] ()
    system.security.dll -> C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll -> [2012/10/05 04:53:24 | 000,258,048 | ---- | M] ()
    system.design.dll -> C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll -> [2012/10/05 04:53:23 | 004,927,488 | ---- | M] ()
    mscorlib.dll -> C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll -> [2012/08/31 04:59:19 | 004,550,656 | ---- | M] ()
    system.configuration.dll -> C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll -> [2010/11/20 21:24:32 | 000,425,984 | ---- | M] ()
    system.xml.dll -> C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll -> [2010/11/20 21:23:48 | 002,048,000 | ---- | M] ()
    system.runtime.remoting.dll -> C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll -> [2010/11/20 21:23:48 | 000,303,104 | ---- | M] ()
    clmlsvcps.dll -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll -> [2009/12/15 14:49:20 | 000,013,096 | ---- | M] ()
    clmedialibrary.dll -> C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll -> [2009/12/15 14:46:38 | 000,619,816 | ---- | M] ()
    accessibility.dll -> C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll -> [2009/06/10 15:22:40 | 000,010,752 | ---- | M] ()
     
    [Win32 Services - Safe List]
    64bit-(avast! Antivirus)  [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software)
    64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
    (AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/01/09 09:53:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated)
    (Steam Client Service) Steam Client Service [On_Demand | Running] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2012/12/20 10:26:39 | 000,541,760 | ---- | M] (Valve Corporation)
    (cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\IntelCpHeciSvc.exe -> [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation)
    (nvUpdatusService) NVIDIA Update Service Daemon [Auto | Stopped] -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -> [2012/10/02 16:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation)
    (Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation)
    (PnkBstrA) PnkBstrA [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/09/06 11:10:52 | 000,076,888 | ---- | M] ()
    (HiPatchService) Hi-Rez Studios Authenticate and Update Service [Auto | Paused] -> C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -> [2012/06/26 16:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios)
    (UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation)
    (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation)
    (CLKMSVC10_9EC60124) CyberLink Product - 2012/03/09 16:22:12 [Auto | Stopped] -> C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -> [2010/11/23 18:33:22 | 000,240,112 | ---- | M] (CyberLink)
    (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
    (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
    (YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
     
    [Driver Services - Safe List]
    64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2012/10/30 16:51:56 | 000,059,728 | ---- | M] (AVAST Software)
    64bit-(aswSnx) aswSnx [File_System | System | Running] -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2012/10/30 16:51:55 | 000,984,144 | ---- | M] (AVAST Software)
    64bit-(aswSP) aswSP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2012/10/30 16:51:55 | 000,370,288 | ---- | M] (AVAST Software)
    64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2012/10/30 16:51:55 | 000,071,600 | ---- | M] (AVAST Software)
    64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2012/10/30 16:51:53 | 000,025,232 | ---- | M] (AVAST Software)
    64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr2.sys -> [2012/10/15 09:59:28 | 000,054,072 | ---- | M] (AVAST Software)
    64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation)
    64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation)
    64bit-(EtronXHCI) Etron USB 3.0 Extensible Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\EtronXHCI.sys -> [2011/08/17 12:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc)
    64bit-(EtronHub3) Etron USB 3.0 Extensible Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\EtronHub3.sys -> [2011/08/17 12:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc)
    64bit-(VirtuWDDM) VirtuWDDM [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VirtuWDDM.sys -> [2011/06/19 19:53:30 | 000,065,632 | ---- | M] (Lucidlogix Inc.)
    64bit-(mvs91xx) mvs91xx [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\mvs91xx.sys -> [2011/04/08 05:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.)
    64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
    64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
    64bit-(k57nd60a) Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2011/02/14 20:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation)
    64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
    64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
    64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
    64bit-(MEIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation)
    64bit-(AsrAppCharger) AsrAppCharger [Kernel | System | Running] -> C:\Windows\SysNative\drivers\AsrAppCharger.sys -> [2010/06/11 15:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider)
    64bit-(xusb21) Xbox 360 Wireless Receiver Driver Service 21 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\xusb21.sys -> [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation)
    64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
    64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
    64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology)
    64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
    64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
    64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
    64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
    64bit-(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.)
    64bit-(MBfilt) MBfilt [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\MBfilt64.sys -> [1999/12/31 18:00:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.)
    (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
     
    [Registry - Safe List]
    < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [YTNavAssistPlugin Class] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [YTNavAssistPlugin Class] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> -> 
    HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page" -> http://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817 -> 
    HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
    HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA 47 E1 12 50 FE CC 01  [binary data] -> 
    HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: "ProxyEnable" -> 0 -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2012/11/03 17:08:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5] -> [2012/12/21 11:58:54 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
    < HOSTS File > ([2013/01/13 15:11:31 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1       localhost
    < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Webroot Browser Helper Object] -> File not found
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/07/26 22:08:13 | 000,075,656 | ---- | M] (Oracle Corporation)
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
    {2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] ->  [Babylon toolbar helper] -> File not found
    {326E768D-4182-46FD-9C16-1449A49795F4} [HKLM] -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX Plus Web Player HTML5 <video>] -> [2011/12/12 07:13:22 | 000,194,432 | ---- | M] (DivX, LLC)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/11/08 19:48:04 | 000,449,512 | ---- | M] (Oracle Corporation)
    {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Webroot Browser Helper Object] -> File not found
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/11/08 19:48:04 | 000,155,384 | ---- | M] (Oracle Corporation)
    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2011/11/01 22:13:14 | 000,156,984 | ---- | M] (Yahoo! Inc)
    < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] ->  [Webroot Toolbar] -> File not found
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] ->  [Webroot Toolbar] -> File not found
    "{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] ->  [Babylon Toolbar] -> File not found
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2011/11/01 22:13:14 | 002,015,544 | ---- | M] (Yahoo! Inc.)
    < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2012/10/10 02:22:28 | 000,399,392 | ---- | M] (Intel Corporation)
    "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2012/10/10 02:22:24 | 000,171,040 | ---- | M] (Intel Corporation)
    "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2012/10/10 02:22:30 | 000,441,888 | ---- | M] (Intel Corporation)
    "RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] -> [1999/12/31 18:00:00 | 012,459,112 | ---- | M] (Realtek Semiconductor)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "amd_dc_opt" -> C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe] -> [2008/07/22 14:53:10 | 000,077,824 | ---- | M] (AMD)
    "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software)
    "BDRegion" -> C:\Program Files (x86)\CyberLink\Shared files\brs.exe [C:\Program Files (x86)\Cyberlink\Shared files\brs.exe] -> [2010/11/23 02:33:20 | 000,075,048 | ---- | M] (cyberlink)
    "CLMLServer" -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ["C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"] -> [2009/12/15 14:47:00 | 000,103,720 | ---- | M] (CyberLink)
    "DivXMediaServer" -> C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe] -> [2012/11/13 12:13:34 | 000,450,560 | ---- | M] ()
    "DivXUpdate" -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ["C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW] -> [2012/11/29 20:06:58 | 001,263,512 | ---- | M] ()
    "LGODDFU" -> C:\Program Files (x86)\lg_fwupdate\lgfw.exe ["C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun] -> [2012/07/18 20:44:26 | 000,027,760 | ---- | M] (Bitleader)
    "RemoteControl9" -> C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe ["C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"] -> [2010/08/02 21:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.)
    "UpdateP2GoShortCut" -> C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2009/05/19 23:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.)
    "UpdatePPShortCut" -> C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"] -> [2009/05/19 23:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.)
    "UpdatePSTShortCut" -> C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2010/12/23 15:19:50 | 000,222,504 | ---- | M] (CyberLink Corp.)
    < Run [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "NCsoft Launcher" -> C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe [C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized] -> [2012/10/11 22:49:15 | 000,038,744 | ---- | M] (NCSoft)
    "Steam" -> C:\Program Files (x86)\Steam\steam.exe ["C:\Program Files (x86)\Steam\steam.exe" -silent] -> [2012/12/04 22:27:21 | 001,354,736 | ---- | M] (Valve Corporation)
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < Software Policy Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HideSCAHealth" ->  [1] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
    \\"ConsentPromptBehaviorUser" ->  [3] -> File not found
    \\"PromptOnSecureDesktop" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel ->  [res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000] -> File not found
    Se&nd to OneNote ->  [res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105] -> File not found
    < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Button: Webroot] -> File not found
    {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Menu: Webroot] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Button: Webroot] -> File not found
    {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] ->  [Menu: Webroot] -> File not found
    < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7767 domain(s) found. -> 
    < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7768 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7772 domain(s) found. -> 
    clonewarsadventures.com .[*] -> Trusted sites -> 
    freerealms.com .[*] -> Trusted sites -> 
    soe.com .[*] -> Trusted sites -> 
    sony.com .[*] -> Trusted sites -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7772 domain(s) found. -> 
    clonewarsadventures.com .[*] -> Trusted sites -> 
    freerealms.com .[*] -> Trusted sites -> 
    soe.com .[*] -> Trusted sites -> 
    sony.com .[*] -> Trusted sites -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
    clonewarsadventures.com .[*] ->  -> 
    freerealms.com .[*] ->  -> 
    soe.com .[*] ->  -> 
    sony.com .[*] ->  -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> 
    clonewarsadventures.com .[*] ->  -> 
    freerealms.com .[*] ->  -> 
    soe.com .[*] ->  -> 
    sony.com .[*] ->  -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7770 domain(s) found. -> 
    clonewarsadventures.com .[*] -> Trusted sites -> 
    freerealms.com .[*] -> Trusted sites -> 
    soe.com .[*] -> Trusted sites -> 
    sony.com .[*] -> Trusted sites -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab [Java Plug-in 1.7.0] -> 
    {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab [Java Plug-in 1.7.0] -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 205.171.3.25 205.171.2.25 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {AEE0C666-CFF4-4C50-9705-6CDF8D73FFA1}\\DhcpNameServer -> 205.171.3.25 205.171.2.25   (Broadcom NetLink (TM) Gigabit Ethernet) -> 
    < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
    64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
    C:\Windows\System32\nvinitx.dll -> C:\Windows\SysNative\nvinitx.dll -> [2012/10/02 16:21:00 | 000,247,144 | ---- | M] (NVIDIA Corporation)
    C:\PROGRA~1\LUCIDL~1\VIRTU\appinit_dll.dll -> C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll -> [2011/06/19 19:53:20 | 000,187,488 | ---- | M] (Lucidlogix Inc.)
    *MultiFile Done* -> -> 
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
    c:\Windows\SysWOW64\nvinit.dll -> c:\Windows\SysWOW64\nvinit.dll -> [2012/10/02 16:21:00 | 000,202,600 | ---- | M] (NVIDIA Corporation)
    c:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll -> c:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll -> [2011/06/19 19:53:40 | 000,157,792 | ---- | M] (Lucidlogix Inc.)
    *MultiFile Done* -> -> 
    < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 19:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
    /pagefile ->  -> File not found
    *MultiFile Done* -> -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    /pagefile ->  -> File not found
    *MultiFile Done* -> -> 
    < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2012/10/10 02:22:28 | 000,441,856 | ---- | M] (Intel Corporation)
    < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
    < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
    < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {1D65B2E9-3EEF-4349-A64F-BE46991E93E7} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {1F5E7AFA-5D77-4E9C-9772-671981DF8105} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 
    {2C03FACB-8BD3-48F6-8427-44D8D494A3A4} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {32F91ADB-6509-43F7-8D18-B2D40530282B} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
    {39CC372C-FA2A-44B8-A3C0-9401EE15B9CB} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {464520FC-5CE8-47C8-9CF4-9DEAAAE82B54} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
    {4F124FFF-D3E4-4654-849A-CF71CC6325CC} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 
    {5C6EFBF0-8595-4D44-AB93-5106032CBCD2} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 
    {5DF5816C-8DBC-45CD-A512-06659B365377} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office\office14\outlook.exe | 
    {5F8DC228-6044-466E-83F6-100FC02DDFE6} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 
    {5FE2836D-C438-4F49-814B-8C00F0C3F332} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 
    {6FF047B8-C95C-477B-A531-4283528D70F5} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
    {6FFE7088-997E-4156-83C9-579BE0B1BEAE} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 
    {701D6A92-2119-450A-9AD3-7FCB8DB49FAC} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
    {83436519-AE57-4D53-A207-0B59880275AE} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 
    {86ECC8C0-9FEC-4CDA-B427-104EEE54EA39} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {9B9272E9-D806-4386-8DD6-D98FAA23B872} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
    {A04E5EBA-52D0-4059-9D25-2F39F99CD150} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {A3DA18BA-7E51-4987-A456-FF0BA04F4CB8} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
    {A6AF9586-4413-462B-BF45-E15BF7FC6837} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {A8A4B393-DBFD-4026-A205-8CAD22DD350A} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {B54686B6-4BCF-4EC7-A613-04B8C96CC054} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {B9C1DEC4-687A-47FD-916C-8F5B482200B9} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
    {C145A09D-2C1C-443C-BEBF-4BC4EEC649F7} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
    {C781220B-E56E-4A8C-A96F-E73B769A3658} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {D0AB3AE6-2C4E-41EA-9CBE-C93FD1C9B664} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
    {DB9BAB17-82BC-4051-947A-0229AA82EE05} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {EC97624C-15D2-4694-9546-142B33D679A1} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {ECD810F2-B31E-456C-8A63-1F2F109FE062} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
    {F4786318-097C-4691-8409-58697EBF57E0} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | n[email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
    {FA677326-74AB-482F-819D-E6FA080AAAC5} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 
    {FC53F915-1AF4-4384-ADF3-4FA0855B1055} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {00C34C57-33C2-41E3-A0F9-BFB3135C66CA} -> profile=public | protocol=17 | dir=in | action=block | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
    {018D80F3-FF79-464E-9647-D7E3DF5DC469} -> profile=private | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
    {08A84810-FFB4-4A49-A77D-B3888BA1794D} -> profile=private | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
    {08F7B712-9A15-4C52-B303-D7DA22842199} -> profile=private | protocol=17 | dir=in | action=allow | name=mass effect&#8482; 3 | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
    {0B4ADB32-39D7-4E9D-80B3-B5731BC51484} -> profile=public | protocol=6 | dir=in | action=allow | name=crysis | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
    {0B90D037-CB32-45B2-B7C9-982BD832BBF9} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
    {0D8700A7-0BC6-4788-99A0-93220E024817} -> profile=private | protocol=17 | dir=in | action=allow | name=ubisoft game launcher | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    {0E30CD7C-E82D-4974-8738-43D48EC331A6} -> profile=private | protocol=17 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
    {0ED57B95-F793-41AB-A34F-69F322B732F2} -> profile=private | protocol=6 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
    {117484B4-C1EC-4715-A54F-9D4BCBD5E597} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
    {138364DD-0276-4408-9E97-F20FF23ED53B} -> profile=public | protocol=17 | dir=in | action=allow | name=crysis | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
    {13BFC1CD-2785-42FC-A3C2-E36E630A855C} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
    {15C54360-48CE-4921-8748-038C690383CA} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
    {15E029C1-D036-46C1-9391-EB218AC6129C} -> profile=private | protocol=6 | dir=in | action=allow | name=sweetpacksupdatemanager | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
    {170AEC91-28E5-42C8-B7C8-3041E1ED826F} -> profile=private | protocol=6 | dir=in | action=allow | name=the witcher 2: enhanced edition | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
    {1B737978-73F6-4992-89BD-F9E49157CAB5} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
    {202E6CB8-BD2F-4AED-9333-31DFD75E3BEA} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
    {20D698E6-C139-4948-A984-9E8074DBCB53} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 
    {214F9B83-2089-4861-AE51-9A48579A1C86} -> profile=private | protocol=6 | dir=in | action=allow | [email protected]llapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    {21E7C2F0-F4E2-4942-8B1E-397DE9B903D9} -> profile=public | protocol=6 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
    {2398252F-6B04-4DD3-8252-7BC66A5A9B2A} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
    {25E600E9-D5C1-4301-BF26-BCA315553F83} -> profile=private | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
    {26BBE2F6-CF3D-489E-9C78-1D97BB9B70DC} -> profile=private | protocol=17 | dir=in | action=allow | name=sweetpacksupdatemanager | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
    {2714CF67-218E-437B-9883-4F12A74E69A2} -> profile=public | protocol=6 | dir=in | action=block | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
    {27A65776-737E-4F57-92DD-5AF968B63F5D} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
    {2832C953-E4E4-453D-9354-9D2F506C0537} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
    {2884AC44-D73A-4C39-B492-807910A770E5} -> profile=private | protocol=6 | dir=in | action=allow | name=expressfilesinstaller | app=c:\users\thorandai\appdata\local\microsoft\windows\temporary internet files\content.ie5\ofaama2o\mbs-series.horsing.around_fullversion_downloader_98838b.exe | 
    {299CE4A3-3CAE-47D1-841D-D511306C36F1} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
    {2C3F0BA6-CEFB-4228-B039-46452713B4CB} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    {2D1A0B24-07B7-4A41-A03A-2C2E29D1924F} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {30C2242F-C667-4EBD-A68E-8BF428BFB2FB} -> profile=public | protocol=17 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
    {30E9FE0C-E41C-48D7-AB23-0EBBB473DC49} -> profile=public | protocol=6 | dir=in | action=block | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
    {3239E65A-D8D4-44C1-89CB-2BE1F863ECD5} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
    {3277054A-9170-4154-89A0-829521E685D0} -> profile=public | protocol=6 | dir=in | action=block | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
    {337F628B-F6F0-4AE1-9CD8-1100D52929D2} -> protocol=58 | dir=in | action=allow | [email protected],-502 | app=system | 
    {33C5397C-8757-4650-BC40-02B615BB11B6} -> profile=private | protocol=17 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
    {33E5CAA1-DBBC-4B4B-8092-4CAB63CAA414} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
    {356B482F-ACA7-471D-8B6C-8C8BCAB6A575} -> profile=public | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    {35827908-2DE5-4EB3-BAF0-E2880B734408} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
    {37B9198A-592F-447A-940B-81543F5A37EF} -> profile=public | protocol=17 | dir=in | action=block | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
    {37C76EDB-D4A8-4C71-B21E-E15F71DCDBB7} -> profile=public | protocol=6 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
    {3B094302-3C29-4445-8216-F323DD3FCED9} -> profile=public | protocol=17 | dir=in | action=allow | name=diablo iii | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
    {3DCD4F0F-E584-4FBB-A814-B373F8DF3E72} -> profile=private | protocol=17 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
    {3E73BA94-A9A9-4CC3-BCE3-51705BEA1A9A} -> profile=private | protocol=6 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
    {3EC33378-9256-4ECE-B5C9-468012462DDD} -> profile=public | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
    {3FA49998-64A3-48F1-884E-043D11AE023D} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 
    {42B27883-EA01-484E-949C-3F11B4B1B01B} -> profile=public | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
    {44EE2D7B-E9DC-4089-ADE2-2F4B1EDA056D} -> profile=public | protocol=17 | dir=in | action=block | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
    {46DD3801-F39F-4F45-9E1F-821E7B6A7F19} -> profile=private | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    {47E76501-1CCC-4325-B502-D3BDF5E3CEB7} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
    {4B568A16-CB29-4854-A6B3-D6517D071C85} -> profile=public | protocol=6 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
    {4D20D8D2-E5DA-424E-9E25-A7ACB7095071} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
    {4E71F6A7-23B8-4C71-B7A3-30B292440CFD} -> profile=public | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
    {4FA34BD4-574F-4F66-8DB4-9BDD7E9DABF8} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
    {512F06AF-31DF-475B-923E-E7BE80871D72} -> profile=public | protocol=6 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
    {52F38889-BA4E-42C7-8E57-D6172AB5E3CC} -> profile=private | protocol=6 | dir=in | action=allow | name=arma 2 free | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
    {53351E82-7D61-4D7C-9C7F-61F5AEE31479} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
    {54835DF1-F330-4F4D-A3F1-546AF3A37424} -> profile=private | protocol=17 | dir=in | action=allow | name=the witcher 2: bonus content | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
    {55EFB667-D2F4-437D-81D3-194D8CE6CFCD} -> profile=public | protocol=17 | dir=in | action=block | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
    {560F1F08-67F3-46FA-8B7B-539491D625D4} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    {5781A001-45F4-4095-8863-19D3A833F56E} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
    {5AA87217-47F7-4E8D-979B-DD4CB0D49081} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
    {5F7DA13B-00FC-4C4A-A2D8-3DD52E3C1668} -> profile=public | protocol=6 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    {6081F4E4-B857-4F22-9956-61F669662DCB} -> profile=private | protocol=6 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
    {62D4169A-99CF-4CE1-AB7E-8810FA293A96} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
    {63AD6DCB-40F1-4AE2-AA8F-8E28902D8EA6} -> profile=private | protocol=6 | dir=in | action=allow | name=ubisoft game launcher | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    {64224D49-9DA6-474E-83D0-5519A1A97DC9} -> profile=private | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
    {66602103-5C7F-4AA2-9620-38A748FACDAB} -> profile=public | protocol=17 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
    {67874877-6E6F-43FD-B778-0D36820EAED8} -> profile=public | protocol=17 | dir=in | action=block | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
    {6AE747B2-C6A0-4143-B1D1-5C3584E07DFB} -> profile=public | protocol=17 | dir=in | action=allow | name=natural selection 2 | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | 
    {6E158DF7-E7E3-4071-8181-B59820B3CEF5} -> profile=private | protocol=6 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
    {703588AA-C3FE-467D-A97A-56CBB077F0D5} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
    {71315C34-E6A2-4970-B8D8-D19D469CA9C3} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
    {716D2B33-0536-4DAE-BC36-CAB3820D4740} -> profile=private | protocol=17 | dir=in | action=allow | name=updatemanagersetup | app=c:\windows\syswow64\msiexec.exe | 
    {723D3F0A-6A3E-4E99-AEA4-BC52CB1FDFCB} -> profile=private | protocol=17 | dir=in | action=allow | name=magic: the gathering â&#8364;&#8221; duels of the planeswalkers 2012 | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
    {72F967B3-C26A-491C-821D-EBBAE1D8084C} -> profile=private | protocol=17 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
    {7612F85A-D7CA-43AD-8DB5-122FF55C44EC} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
    {77034824-689C-44F9-A441-0DE6DB362945} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 
    {7F03C3F3-4D96-4060-8ABF-CF11582FE86F} -> profile=public | protocol=17 | dir=in | action=block | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
    {800F19DC-460C-40E7-AB07-0FB4A22FE234} -> profile=public | protocol=17 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
    {817B44D8-D3D0-4208-9968-C22549BB72C7} -> profile=public | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
    {81EDC20D-3433-4187-A849-CC25DE7565CF} -> profile=private | protocol=6 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
    {82CE33DD-A95A-430B-A49A-A9C54094CB3B} -> dir=in | action=allow | name=cyberlink powerdvd 9.0 | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
    {83DCB3E4-765F-4CBD-8314-945384E65605} -> profile=private | protocol=6 | dir=in | action=allow | name=puzzle pirates | app=c:\program files (x86)\steam\steamapps\common\puzzle pirates\java_vm\bin\javaw.exe | 
    {83F130BE-DDCF-4EBE-9557-C6C27C83859A} -> profile=public | protocol=17 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    {863638F2-BDC5-4B6B-95D1-299F847484E9} -> profile=private | protocol=6 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
    {89451B7C-8648-430B-8C54-DEDF75AB3755} -> profile=private | protocol=17 | dir=in | action=allow | name=arma 2 free | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
    {89B3D3F6-B09E-4071-B354-31176B84B507} -> profile=public | protocol=6 | dir=in | action=allow | name=diablo iii | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
    {8E4A11FB-C936-415C-A89D-4B2008D73E59} -> dir=out | action=block | name=uplay block | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\uplay.exe | 
    {91982D62-A276-4ED2-A791-B4D18DAE0F34} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {99D727E6-A102-468E-9E00-B52ABC65D7C5} -> profile=private | protocol=17 | dir=in | action=allow | name=the binding of isaac | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
    {9A89A69D-F738-4B59-AC28-6243AC5877E7} -> profile=private | protocol=17 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
    {9C67E0C0-6A41-444A-91B5-4A7E0AD40BC4} -> profile=public | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    {A0091EFF-043B-4ECE-8AD7-104F97BD206A} -> profile=public | protocol=6 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
    {A4751365-C022-4EB1-BB49-D3AC00AFABC7} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {A5CCE79D-C2C9-4946-8DBA-1F84BEDE88F5} -> profile=public | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
    {A68D85A5-95A5-4119-A174-00DD7BC3A030} -> profile=private | protocol=6 | dir=in | action=allow | name=expressfiles | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
    {A8080DEE-5C57-47DD-9044-546445DD276A} -> profile=public | protocol=17 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
    {AA0EAC26-49FB-48A5-B6CB-99E873E3AE4C} -> profile=private | protocol=17 | dir=in | action=allow | name=puzzle pirates | app=c:\program files (x86)\steam\steamapps\common\puzzle pirates\java_vm\bin\javaw.exe | 
    {AAB6C9B5-8F6F-4901-A4EB-6985DD9579A4} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    {ABF7014C-FB05-48FD-9D5B-D0B0E950BCDE} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
    {AD0B1612-49BE-4882-BFDC-53D34159A441} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
    {AD84A164-0562-4475-A768-5C2073EAD13A} -> profile=private | protocol=6 | dir=in | action=allow | name=expressfilesdl | app=c:\program files (x86)\expressfiles\expressdl.exe | 
    {AF755AC0-E56D-4B3A-B986-7EC263C413F5} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
    {B06594E8-5D4E-42AC-BA38-09E8C71A95E1} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    {B1634526-2E64-44C8-9769-02BF35BE5A2C} -> profile=public | protocol=17 | dir=in | action=block | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
    {B1BBFF69-680B-4E4E-B625-E9B0380A1366} -> profile=public | protocol=6 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
    {B207B03F-521E-4606-B56A-D2027CEBAB48} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    {B25EBD5F-B705-4438-89D9-203D25232C8F} -> profile=private | protocol=17 | dir=in | action=allow | name=the witcher 2: enhanced edition | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
    {B40FA29A-E6D9-4A4C-86B9-B8D0CE33702C} -> profile=public | protocol=6 | dir=out | action=allow | [email protected],-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
    {B42A042E-C5FC-4FE2-ADCA-2A7F97A2C0B5} -> profile=private | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
    {B4562B2B-9FB1-4E5A-9C3E-220831B99D68} -> profile=private | protocol=6 | dir=in | action=allow | name=nuclear dawn | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe | 
    {B4A0175B-D54C-4B58-ABB7-999961D00A6F} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
    {B6420DE1-6725-453D-ACCF-16CB2B6288E4} -> profile=public | protocol=17 | dir=in | action=allow | name=magic: the gathering - duels of the planeswalkers 2013 | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
    {B71FBA1D-D384-4821-87EE-801493854728} -> profile=public | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
    {B9D68B96-55D7-45B5-89D7-C80EF6A24786} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
    {BA017598-15F0-4330-80A8-F741C4558C7F} -> profile=private | protocol=6 | dir=in | action=allow | name=the witcher 2: bonus content | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
    {BFAE20B3-C8BC-4686-A35C-B3CA222E7EB0} -> profile=private | protocol=6 | dir=in | action=allow | name=star wars: knights of the old republic ii | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe | 
    {BFFFB3EE-E962-4B88-8A50-A0FD31C34D52} -> profile=private | protocol=6 | dir=in | action=allow | name=mass effect&#8482; 3 | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
    {C0485E14-9403-421C-A09C-6A65DB13C3BC} -> profile=public | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
    {C0B9748E-721E-4731-9D42-4E473B32789C} -> profile=public | protocol=6 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
    {C0DE06D3-D767-4892-9E65-A9325C6B458A} -> profile=public | protocol=6 | dir=in | action=block | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
    {C1BEBA4F-7869-4A13-9CF0-AF9B00F7B909} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
    {C212986C-065D-4E83-B48B-383BC4508E19} -> profile=private | protocol=6 | dir=in | action=allow | name=magic: the gathering â&#8364;&#8221; duels of the planeswalkers 2012 | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
    {C2B72AD0-EA5F-4B6E-884B-C119A8F6BE09} -> dir=in | action=allow | name=cyberlink powerdvd 9.0 | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
    {C58CFAD4-1ECF-4D17-87E7-8751805E2F40} -> profile=private | protocol=6 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
    {C6CB037C-3984-41D4-97BB-8FD8BD4F8E57} -> profile=public | protocol=6 | dir=in | action=block | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
    {CC80BFB4-BC9A-4493-BD2A-8F097464DA68} -> profile=private | protocol=17 | dir=in | action=allow | name=chivalry: medieval warfare | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
    {CEF692FF-6BD4-4AF8-B22A-2A0CA6694BBA} -> profile=private | protocol=6 | dir=in | action=allow | name=batman: arkham city&#8482; | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe | 
    {CFAEC99A-376D-49E6-A27F-E0B9D625B293} -> profile=public | protocol=6 | dir=in | action=block | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
    {D1823496-4DE1-4D1A-AABC-6483E11C2F19} -> profile=private | protocol=17 | dir=in | action=allow | name=expressfilesdl | app=c:\program files (x86)\expressfiles\expressdl.exe | 
    {D249A610-7AD1-452C-8919-28C90189F3B6} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    {D2EB2260-2B26-4B83-B722-9D9D6D161465} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
    {D5587CFB-A822-466D-9C6D-2B79AD4A9525} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {D5D93789-37D0-4F4D-814E-B3207CB0343E} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
    {D761D2FD-4F98-4F09-8533-80BC721E80B6} -> profile=private | protocol=6 | dir=in | action=allow | name=updatemanagersetup | app=c:\windows\syswow64\msiexec.exe | 
    {D76D3E47-14E8-44F7-8A49-541F5B47AD3C} -> profile=public | protocol=6 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressdl.exe | 
    {D9EB42B3-A932-4AEB-94E6-E58991C27497} -> profile=public | protocol=17 | dir=in | action=allow | name=ace of spades | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
    {DB6A0DFF-4889-45A3-BC53-4EF8F496606C} -> profile=public | protocol=6 | dir=in | action=allow | name=call of duty: modern warfare 3 - multiplayer | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
    {DC34BF1C-5C08-44BE-9B75-E5F3793185F4} -> profile=private | protocol=17 | dir=in | action=allow | name=nuclear dawn | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe | 
    {DCBFE24E-03FA-4285-BBBF-07DB4CA8F20B} -> profile=private | protocol=17 | dir=in | action=allow | name=expressfiles | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
    {E3157D46-3330-4172-9FAD-CA2F106FC328} -> profile=public | protocol=17 | dir=in | action=allow | name=zombie driver | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
    {E59C358F-F5FA-4584-AB5C-BE6182E05536} -> profile=public | protocol=17 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
    {E7493F7E-B37F-4AFB-A8F4-802E5BAC6835} -> profile=private | protocol=17 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
    {E9133660-D3E5-450E-B882-60644B904FEB} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 
    {E9307B69-06F2-4F35-B982-877E352D543E} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {EAEC59E7-8222-4FA8-B309-651FBAE6F886} -> profile=public | protocol=17 | dir=in | action=allow | name=call of duty: modern warfare 3 - dedicated server | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
    {EE1CBA59-6C49-4905-8841-99FC3EAFCF81} -> profile=public | protocol=6 | dir=in | action=block | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
    {EED10039-13FA-447A-AEF0-CCEAF41343AC} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard agent | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
    {EF095095-52BC-4CD6-8E9F-CC4E2543CD6D} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
    {EF48A6B3-1924-4A34-8846-E0C5158793F8} -> profile=public | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
    {F0F5C266-DE55-4FE8-9BD7-4A994B3022FE} -> protocol=58 | dir=out | action=allow | [email protected],-503 | 
    {F1DD9C8E-3BCA-459B-8B3F-CC41963AD029} -> profile=private | protocol=17 | dir=in | action=allow | name=batman: arkham city&#8482; | app=c:\program files (x86)\wb games\batman arkham city\binaries\win32\batmanac.exe | 
    {F6E8DDE6-E36D-4312-A6EE-739AEDF691FD} -> profile=private | protocol=17 | dir=in | action=allow | name=expressfilesinstaller | app=c:\users\thorandai\appdata\local\microsoft\windows\temporary internet files\content.ie5\ofaama2o\mbs-series.horsing.around_fullversion_downloader_98838b.exe | 
    {F8CCE578-F5F2-47E6-AD96-27DC4ED9F847} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 3&#8482; | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
    {FAF8CEAC-CF2C-4A82-BC59-DB04A9B18E09} -> profile=public | protocol=6 | dir=in | action=allow | name=shank 2 | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe | 
    {FBF8DE14-A7F4-461D-9A7A-290C37006278} -> profile=public | protocol=17 | dir=in | action=allow | name=express files | app=c:\program files (x86)\expressfiles\expressdl.exe | 
    {FE955E2A-853D-436D-BEE9-06C37B8B3A02} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
    {FEA23817-0FFD-4A7E-8191-71F0ADEB4AC9} -> profile=public | protocol=6 | dir=in | action=allow | name=natural selection 2 | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | 
    TCP Query User{0D111A51-5762-453E-B25D-1B8CD4820842}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=the witcher 2 | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
    TCP Query User{1D3003A5-FF44-4E9D-ACED-2BF655F61A8A}C:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe -> profile=private | protocol=6 | dir=in | action=allow | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
    TCP Query User{269E325B-E9A8-47BA-86BC-593964BBB0D8}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe -> profile=private | protocol=6 | dir=in | action=allow | name=crimecraft | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | 
    TCP Query User{39539004-6592-4F16-A1C9-B912972BF941}C:\programdata\electronic arts\need for speed world\data\nfsw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=need for speed world | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
    TCP Query User{4318227D-1929-46D9-BDF6-1C7EE89AFF6F}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe -> profile=private | protocol=6 | dir=in | action=allow | name=acrpr | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe | 
    TCP Query User{48A816C2-CE9E-43D4-B2D1-5F7554DA1AE2}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe -> profile=private | protocol=6 | dir=in | action=allow | name=gameclient | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
    TCP Query User{54BCF9E2-0653-4F9F-9A31-F0C6A1D6F909}C:\windows\syswow64\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\java.exe | 
    TCP Query User{596E1BA1-F041-4B79-8BF7-0783841318E3}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
    TCP Query User{73BF304B-2C0C-40DB-9A07-E53BFD5395F1}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe -> profile=private | protocol=6 | dir=in | action=allow | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
    TCP Query User{7B1D0CDC-A10D-4748-BE20-8D74F82563F0}C:\program files (x86)\guild wars 2\gw2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
    TCP Query User{8B3CB950-9159-4101-86FF-8C8A0C2CC81D}C:\program files (x86)\steam\steam.exe -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
    TCP Query User{8F78BE18-B434-4D3B-B054-430A18A2344C}C:\program files\java\jre7\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
    TCP Query User{9CEFD467-E281-40C8-A5F5-5468DF7FFDCD}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
    TCP Query User{9E123E02-9957-40A6-A95A-0910B5E43529}C:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
    TCP Query User{AE3CA4DD-1CC3-4BF1-B3EA-729E7FADFAAD}C:\program files (x86)\ccp\eve\bin\exefile.exe -> profile=private | protocol=6 | dir=in | action=block | name=ccp exefile | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
    TCP Query User{B072CBCC-19F5-49FF-A36F-99607FB598FF}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=6 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
    TCP Query User{B9A0AA50-33E7-41D6-8A69-3B9D7C9622BC}C:\program files\java\jre7\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\javaw.exe | 
    TCP Query User{C6074BD9-511B-4589-B9AA-A8424EAE2C61}C:\windows\system32\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
    TCP Query User{DD2F429D-9DB6-4F6C-A5CC-FD4B556EBF2A}C:\users\public\games\cryptic studios\champions online\live\gameclient.exe -> profile=private | protocol=6 | dir=in | action=allow | name=gameclient | app=c:\users\public\games\cryptic studios\champions online\live\gameclient.exe | 
    TCP Query User{DFAB1278-345D-472C-9FC0-A445EB91FF32}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=public | protocol=6 | dir=in | action=block | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
    TCP Query User{E51BE3FD-4E97-4A3D-A0B5-CC5320B8410E}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=private | protocol=6 | dir=in | action=allow | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
    TCP Query User{E537A36A-AB76-4207-9B32-751F33E35DCC}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe -> profile=public | protocol=6 | dir=in | action=allow | name=tribesascend | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
    TCP Query User{EAB530A1-80C6-4F12-9486-C87811BA5737}C:\program files\java\jre6\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | 
    TCP Query User{F24DAD95-9391-4A23-8954-6DF899DB6BF1}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
    TCP Query User{FB9E48CB-D8E0-44FF-BE30-5CD2174A5DCA}C:\program files (x86)\assassins creed iii\ac3sp.exe -> profile=private | protocol=6 | dir=in | action=block | name=ac3sp | app=c:\program files (x86)\assassins creed iii\ac3sp.exe | 
    TCP Query User{FCC68C24-1770-4A20-81AA-6DDB9787BEF3}C:\program files (x86)\secondlifeviewer\slvoice.exe -> profile=private | protocol=6 | dir=in | action=block | name=slvoice | app=c:\program files (x86)\secondlifeviewer\slvoice.exe | 
    UDP Query User{20665ACE-DE2F-4681-B297-2F620A9FE7AB}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe -> profile=private | protocol=17 | dir=in | action=allow | name=dishonored | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | 
    UDP Query User{348229C7-DBDC-4D61-96C6-26AFD788C25F}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe -> profile=private | protocol=17 | dir=in | action=allow | name=gameclient | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
    UDP Query User{36D85F5E-B9DD-42AB-9B13-40827ABA124F}C:\program files\java\jre6\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre6\bin\javaw.exe | 
    UDP Query User{38A582C7-9D0C-465E-9961-0137D6CD47C3}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe -> profile=public | protocol=17 | dir=in | action=allow | name=tribesascend | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
    UDP Query User{3B331040-C891-4784-B8BC-144252206E04}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=17 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
    UDP Query User{3CF8AA8A-35FD-4ADE-9F9B-C3E437E719F5}C:\program files\java\jre7\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\javaw.exe | 
    UDP Query User{3EDDD5A1-FB65-4C6E-85A2-5C1D798D7385}C:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\thorandai\garrysmod\hl2.exe | 
    UDP Query User{4098D7B4-A5BF-4257-BCF9-660DFFE79FA1}C:\program files\java\jre7\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files\java\jre7\bin\java.exe | 
    UDP Query User{42C029E1-7B07-428E-98B5-8AC8EA5ADA3A}C:\windows\syswow64\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\java.exe | 
    UDP Query User{5409C73D-7C2D-4413-B733-6F3394C3A53F}C:\program files (x86)\secondlifeviewer\slvoice.exe -> profile=private | protocol=17 | dir=in | action=block | name=slvoice | app=c:\program files (x86)\secondlifeviewer\slvoice.exe | 
    UDP Query User{586D66F3-74C1-4FED-9C0F-AF24BA3CBF73}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=the witcher 2 | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
    UDP Query User{58AAF8A2-5CF6-45BA-B109-E1F3C6396733}C:\program files (x86)\steam\steam.exe -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
    UDP Query User{638DD2EB-320B-4EC5-88AE-6042596F7B1D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=need for speed world | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
    UDP Query User{67D5AC43-8ACD-4502-AEBA-6141A31AAC7B}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=public | protocol=17 | dir=in | action=block | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
    UDP Query User{74E98411-5A63-4961-9B63-0BF5B0080058}C:\program files (x86)\assassins creed iii\ac3sp.exe -> profile=private | protocol=17 | dir=in | action=block | name=ac3sp | app=c:\program files (x86)\assassins creed iii\ac3sp.exe | 
    UDP Query User{903A431A-35BE-4654-8B58-77773A191B1B}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=borderlands 2 | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
    UDP Query User{9479DF4E-E773-434F-9FDE-DA8D60064AFA}C:\program files (x86)\ccp\eve\bin\exefile.exe -> profile=private | protocol=17 | dir=in | action=block | name=ccp exefile | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
    UDP Query User{9A150F9A-0CD9-4A11-9F3C-D5ED0FC08AEB}C:\users\public\games\cryptic studios\champions online\live\gameclient.exe -> profile=private | protocol=17 | dir=in | action=allow | name=gameclient | app=c:\users\public\games\cryptic studios\champions online\live\gameclient.exe | 
    UDP Query User{9C317EED-ABC1-43E4-A925-C73E2EE663F2}C:\program files (x86)\farcry 3\bin\farcry3.exe -> profile=private | protocol=17 | dir=in | action=allow | name=far cry 3 | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
    UDP Query User{B32F96BC-3FCB-4BF3-97DF-E2EDC3DECFA9}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe -> profile=private | protocol=17 | dir=in | action=allow | name=crimecraft | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe | 
    UDP Query User{BD2F7DB6-95E4-4D89-94F0-BF3C4A615940}C:\windows\system32\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\system32\java.exe | 
    UDP Query User{CE953562-0DA4-4AFA-A4D4-242187C7F85A}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
    UDP Query User{DB9FD0FB-1B2C-4C69-B696-4FD9E2D3B231}C:\program files (x86)\guild wars 2\gw2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=guild wars 2 game client | app=c:\program files (x86)\guild wars 2\gw2.exe | 
    UDP Query User{E77F772D-8AED-4428-BC4D-BC1F2CB30E7B}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=planetside2 | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | 
    UDP Query User{F4A74F1D-DE41-49AA-95AA-3E794DDDDC3E}C:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe -> profile=private | protocol=17 | dir=in | action=allow | name=terrariaserver.exe | app=c:\users\thorandai\desktop\terraria\terraria\terrariaserver.exe | 
    UDP Query User{FF735732-2E4D-4A01-8D7B-097BEBDF12C7}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe -> profile=private | protocol=17 | dir=in | action=allow | name=acrpr | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe | 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 21:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    64bit-comfile [open] -> "%1" %*
    64bit-exefile [open] -> "%1" %*
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
     
    [Files/Folders - Created Within 90 Days]
     OTS.exe -> C:\Users\thorandai\Desktop\OTS.exe -> [2013/01/14 12:11:52 | 000,646,656 | ---- | C] (OldTimer Tools)
     $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2013/01/13 15:11:35 | 000,000,000 | ---D | C]
     temp -> C:\Windows\temp -> [2013/01/13 15:10:07 | 000,000,000 | ---D | C]
     SWREG.exe -> C:\Windows\SWREG.exe -> [2013/01/13 12:10:05 | 000,518,144 | ---- | C] (SteelWerX)
     SWSC.exe -> C:\Windows\SWSC.exe -> [2013/01/13 12:10:05 | 000,406,528 | ---- | C] (SteelWerX)
     NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2013/01/13 12:10:05 | 000,060,416 | ---- | C] (NirSoft)
     ComboFix.exe -> C:\Users\thorandai\Desktop\ComboFix.exe -> [2013/01/13 11:44:41 | 005,021,655 | R--- | C] (Swearware)
     Qoobox -> C:\Qoobox -> [2013/01/13 11:38:08 | 000,000,000 | ---D | C]
     erdnt -> C:\Windows\erdnt -> [2013/01/13 11:37:58 | 000,000,000 | ---D | C]
     dds.scr -> C:\Users\thorandai\Desktop\dds.scr -> [2013/01/12 21:32:29 | 000,688,992 | R--- | C] (Swearware)
     HijackThis.exe -> C:\Users\thorandai\Desktop\HijackThis.exe -> [2013/01/12 21:30:58 | 000,388,608 | ---- | C] (Trend Micro Inc.)
     win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2013/01/08 21:47:26 | 000,750,592 | ---- | C] (Microsoft Corporation)
     win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2013/01/08 21:47:26 | 000,492,032 | ---- | C] (Microsoft Corporation)
     ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2013/01/08 21:45:55 | 000,307,200 | ---- | C] (Microsoft Corporation)
     usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2013/01/08 21:45:27 | 000,800,768 | ---- | C] (Microsoft Corporation)
     Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2013/01/08 21:45:02 | 000,441,856 | ---- | C] (Microsoft Corporation)
     fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2013/01/08 21:45:02 | 000,046,592 | ---- | C] (Microsoft)
     fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2013/01/08 21:45:02 | 000,046,592 | ---- | C] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2013/01/08 21:45:02 | 000,045,568 | ---- | C] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2013/01/08 21:45:02 | 000,045,568 | ---- | C] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2013/01/08 21:45:02 | 000,044,544 | ---- | C] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2013/01/08 21:45:02 | 000,044,544 | ---- | C] (Microsoft)
     csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2013/01/08 21:45:02 | 000,043,520 | ---- | C] (Microsoft)
     csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2013/01/08 21:45:02 | 000,043,520 | ---- | C] (Microsoft)
     cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2013/01/08 21:45:02 | 000,040,960 | ---- | C] (Microsoft)
     cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2013/01/08 21:45:02 | 000,040,960 | ---- | C] (Microsoft)
     usk.rs -> C:\Windows\SysWow64\usk.rs -> [2013/01/08 21:45:02 | 000,030,720 | ---- | C] (Microsoft)
     usk.rs -> C:\Windows\SysNative\usk.rs -> [2013/01/08 21:45:02 | 000,030,720 | ---- | C] (Microsoft)
     grb.rs -> C:\Windows\SysWow64\grb.rs -> [2013/01/08 21:45:02 | 000,021,504 | ---- | C] (Microsoft)
     grb.rs -> C:\Windows\SysNative\grb.rs -> [2013/01/08 21:45:02 | 000,021,504 | ---- | C] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
     pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
     pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2013/01/08 21:45:02 | 000,020,480 | ---- | C] (Microsoft)
     djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2013/01/08 21:45:02 | 000,015,360 | ---- | C] (Microsoft)
     djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2013/01/08 21:45:02 | 000,015,360 | ---- | C] (Microsoft)
     gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2013/01/08 21:45:01 | 002,746,368 | ---- | C] (Microsoft Corporation)
     gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2013/01/08 21:45:01 | 002,576,384 | ---- | C] (Microsoft Corporation)
     Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2013/01/08 21:45:01 | 000,308,736 | ---- | C] (Microsoft Corporation)
     cero.rs -> C:\Windows\SysWow64\cero.rs -> [2013/01/08 21:45:01 | 000,055,296 | ---- | C] (Microsoft)
     cero.rs -> C:\Windows\SysNative\cero.rs -> [2013/01/08 21:45:01 | 000,055,296 | ---- | C] (Microsoft)
     esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2013/01/08 21:45:01 | 000,051,712 | ---- | C] (Microsoft)
     esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2013/01/08 21:45:01 | 000,051,712 | ---- | C] (Microsoft)
     oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2013/01/08 21:45:01 | 000,023,552 | ---- | C] (Microsoft)
     oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2013/01/08 21:45:01 | 000,023,552 | ---- | C] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2013/01/08 21:45:01 | 000,020,480 | ---- | C] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2013/01/08 21:45:01 | 000,020,480 | ---- | C] (Microsoft)
     kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2013/01/08 21:43:55 | 001,161,216 | ---- | C] (Microsoft Corporation)
     KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2013/01/08 21:43:55 | 000,424,448 | ---- | C] (Microsoft Corporation)
     wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2013/01/08 21:43:54 | 000,362,496 | ---- | C] (Microsoft Corporation)
     conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2013/01/08 21:43:54 | 000,338,432 | ---- | C] (Microsoft Corporation)
     wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2013/01/08 21:43:54 | 000,243,200 | ---- | C] (Microsoft Corporation)
     winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2013/01/08 21:43:54 | 000,215,040 | ---- | C] (Microsoft Corporation)
     setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2013/01/08 21:43:54 | 000,025,600 | ---- | C] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2013/01/08 21:43:54 | 000,016,384 | ---- | C] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2013/01/08 21:43:54 | 000,014,336 | ---- | C] (Microsoft Corporation)
     wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2013/01/08 21:43:54 | 000,013,312 | ---- | C] (Microsoft Corporation)
     instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2013/01/08 21:43:54 | 000,007,680 | ---- | C] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,006,144 | -H-- | C] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,006,144 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,005,120 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,005,120 | -H-- | C] (Microsoft Corporation)
     wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2013/01/08 21:43:54 | 000,005,120 | ---- | C] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 21:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation)
     user.exe -> C:\Windows\SysWow64\user.exe -> [2013/01/08 21:43:54 | 000,002,048 | ---- | C] (Microsoft Corporation)
     taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2013/01/08 21:43:18 | 000,068,608 | ---- | C] (Microsoft Corporation)
     Fallout3 -> C:\Users\thorandai\AppData\Local\Fallout3 -> [2013/01/07 09:00:15 | 000,000,000 | ---D | C]
     SvchostViewer -> C:\Users\thorandai\AppData\Local\SvchostViewer -> [2012/12/31 12:35:13 | 000,000,000 | ---D | C]
     ParetoLogic -> C:\Users\thorandai\AppData\Roaming\ParetoLogic -> [2012/12/31 12:29:52 | 000,000,000 | ---D | C]
     DriverCure -> C:\Users\thorandai\AppData\Roaming\DriverCure -> [2012/12/31 12:29:52 | 000,000,000 | ---D | C]
     ParetoLogic -> C:\ProgramData\ParetoLogic -> [2012/12/31 12:29:42 | 000,000,000 | ---D | C]
     Programs -> C:\Users\thorandai\AppData\Local\Programs -> [2012/12/30 19:53:10 | 000,000,000 | ---D | C]
     Assassins Creed III-SKIDROW -> C:\Users\thorandai\Assassins Creed III-SKIDROW -> [2012/12/30 01:41:43 | 000,000,000 | ---D | C]
     Black_Tree_Gaming -> C:\Users\thorandai\AppData\Local\Black_Tree_Gaming -> [2012/12/29 18:56:18 | 000,000,000 | ---D | C]
     ZombieDriver -> C:\Users\thorandai\AppData\Roaming\ZombieDriver -> [2012/12/26 12:36:15 | 000,000,000 | ---D | C]
     wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,466,456 | ---- | C] (Creative Labs)
     wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,444,952 | ---- | C] (Creative Labs)
     OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
     OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
     OpenAL -> C:\Program Files (x86)\OpenAL -> [2012/12/26 12:36:10 | 000,000,000 | ---D | C]
     DDMSettings -> C:\Users\thorandai\AppData\Local\DDMSettings -> [2012/12/21 11:59:42 | 000,000,000 | ---D | C]
     DivX -> C:\Users\thorandai\AppData\Roaming\DivX -> [2012/12/21 11:48:58 | 000,000,000 | ---D | C]
     DivX Plus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus -> [2012/12/21 11:48:45 | 000,000,000 | ---D | C]
     DivX -> C:\Program Files\DivX -> [2012/12/21 11:48:41 | 000,000,000 | ---D | C]
     DivX Shared -> C:\Program Files (x86)\Common Files\DivX Shared -> [2012/12/21 11:48:22 | 000,000,000 | ---D | C]
     DivX -> C:\Program Files (x86)\DivX -> [2012/12/21 11:46:18 | 000,000,000 | ---D | C]
     DivX -> C:\ProgramData\DivX -> [2012/12/21 11:45:04 | 000,000,000 | ---D | C]
     atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/21 00:57:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated)
     atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/21 00:57:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated)
     atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/21 00:57:07 | 000,046,080 | ---- | C] (Adobe Systems)
     atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/21 00:57:07 | 000,034,304 | ---- | C] (Adobe Systems)
     Skyrim -> C:\Users\thorandai\AppData\Local\Skyrim -> [2012/12/19 09:26:23 | 000,000,000 | ---D | C]
     adventure map server -> C:\Users\thorandai\Desktop\adventure map server -> [2012/12/16 10:16:06 | 000,000,000 | ---D | C]
     mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/12/12 20:12:25 | 000,096,768 | ---- | C] (Microsoft Corporation)
     mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/12/12 20:12:25 | 000,073,216 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/12/12 20:12:24 | 000,248,320 | ---- | C] (Microsoft Corporation)
     url.dll -> C:\Windows\SysNative\url.dll -> [2012/12/12 20:12:24 | 000,237,056 | ---- | C] (Microsoft Corporation)
     url.dll -> C:\Windows\SysWow64\url.dll -> [2012/12/12 20:12:24 | 000,231,936 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/12/12 20:12:24 | 000,176,640 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/12/12 20:12:24 | 000,173,056 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/12/12 20:12:24 | 000,142,848 | ---- | C] (Microsoft Corporation)
     jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/12/12 20:12:23 | 002,312,704 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/12/12 20:12:23 | 001,494,528 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/12/12 20:12:23 | 001,427,968 | ---- | C] (Microsoft Corporation)
     msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/12/12 20:12:23 | 000,729,088 | ---- | C] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/12/12 20:12:22 | 000,717,824 | ---- | C] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/12/12 20:12:21 | 000,816,640 | ---- | C] (Microsoft Corporation)
     vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/12/12 20:12:21 | 000,599,040 | ---- | C] (Microsoft Corporation)
     %Installer_PublisherName% -> C:\ProgramData\%Installer_PublisherName% -> [2012/12/12 20:01:45 | 000,000,000 | ---D | C]
     VaudiX -> C:\Program Files (x86)\VaudiX -> [2012/12/12 20:01:42 | 000,000,000 | ---D | C]
     SwvUpdater -> C:\Users\thorandai\AppData\Local\SwvUpdater -> [2012/12/12 20:01:13 | 000,000,000 | ---D | C]
     CRE -> C:\Users\thorandai\AppData\Local\CRE -> [2012/12/12 20:01:04 | 000,000,000 | ---D | C]
     InstallMate -> C:\ProgramData\InstallMate -> [2012/12/12 19:59:24 | 000,000,000 | ---D | C]
     dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/12/12 17:48:39 | 000,478,208 | ---- | C] (Microsoft Corporation)
     dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/12/12 17:48:39 | 000,376,832 | ---- | C] (Microsoft Corporation)
     Dishonored-SKIDROW -> C:\Users\thorandai\Dishonored-SKIDROW -> [2012/12/10 23:43:21 | 000,000,000 | ---D | C]
     Natural Selection 2 -> C:\Users\thorandai\AppData\Roaming\Natural Selection 2 -> [2012/12/09 13:14:26 | 000,000,000 | ---D | C]
     Orbit -> C:\ProgramData\Orbit -> [2012/12/04 09:37:31 | 000,000,000 | ---D | C]
     .minecraft -> C:\Users\thorandai\AppData\Roaming\.minecraft -> [2012/12/03 11:35:04 | 000,000,000 | ---D | C]
     Notes -> C:\Users\thorandai\Documents\Notes -> [2012/11/29 00:15:19 | 000,000,000 | R--D | C]
     FTB -> C:\FTB -> [2012/11/27 10:32:22 | 000,000,000 | ---D | C]
     Microsoft Games -> C:\Users\thorandai\AppData\Local\Microsoft Games -> [2012/11/26 23:05:50 | 000,000,000 | ---D | C]
     ftblauncher -> C:\Users\thorandai\AppData\Roaming\ftblauncher -> [2012/11/26 22:15:53 | 000,000,000 | ---D | C]
     Sony Online Entertainment -> C:\Users\thorandai\AppData\Local\Sony Online Entertainment -> [2012/11/16 17:48:08 | 000,000,000 | ---D | C]
     WdfLdr.sys -> C:\Windows\SysNative\drivers\WdfLdr.sys -> [2012/11/16 03:05:16 | 000,054,376 | ---- | C] (Microsoft Corporation)
     Wdfres.dll -> C:\Windows\SysNative\Wdfres.dll -> [2012/11/16 03:05:16 | 000,009,728 | ---- | C] (Microsoft Corporation)
     WUDFPlatform.dll -> C:\Windows\SysNative\WUDFPlatform.dll -> [2012/11/16 03:00:33 | 000,194,048 | ---- | C] (Microsoft Corporation)
     WUDFx.dll -> C:\Windows\SysNative\WUDFx.dll -> [2012/11/16 03:00:30 | 000,744,448 | ---- | C] (Microsoft Corporation)
     WUDFHost.exe -> C:\Windows\SysNative\WUDFHost.exe -> [2012/11/16 03:00:30 | 000,229,888 | ---- | C] (Microsoft Corporation)
     WUDFCoinstaller.dll -> C:\Windows\SysNative\WUDFCoinstaller.dll -> [2012/11/16 03:00:30 | 000,045,056 | ---- | C] (Microsoft Corporation)
     dhcpcore6.dll -> C:\Windows\SysNative\dhcpcore6.dll -> [2012/11/16 01:11:49 | 000,226,816 | ---- | C] (Microsoft Corporation)
     dhcpcore6.dll -> C:\Windows\SysWow64\dhcpcore6.dll -> [2012/11/16 01:11:49 | 000,193,536 | ---- | C] (Microsoft Corporation)
     dhcpcsvc6.dll -> C:\Windows\SysNative\dhcpcsvc6.dll -> [2012/11/16 01:11:49 | 000,055,296 | ---- | C] (Microsoft Corporation)
     netcorehc.dll -> C:\Windows\SysNative\netcorehc.dll -> [2012/11/16 01:10:54 | 000,246,272 | ---- | C] (Microsoft Corporation)
     ncsi.dll -> C:\Windows\SysNative\ncsi.dll -> [2012/11/16 01:10:54 | 000,216,576 | ---- | C] (Microsoft Corporation)
     netcorehc.dll -> C:\Windows\SysWow64\netcorehc.dll -> [2012/11/16 01:10:54 | 000,175,104 | ---- | C] (Microsoft Corporation)
     ncsi.dll -> C:\Windows\SysWow64\ncsi.dll -> [2012/11/16 01:10:54 | 000,156,672 | ---- | C] (Microsoft Corporation)
     netevent.dll -> C:\Windows\SysWow64\netevent.dll -> [2012/11/16 01:10:53 | 000,018,944 | ---- | C] (Microsoft Corporation)
     netevent.dll -> C:\Windows\SysNative\netevent.dll -> [2012/11/16 01:10:53 | 000,018,944 | ---- | C] (Microsoft Corporation)
     synceng.dll -> C:\Windows\SysNative\synceng.dll -> [2012/11/16 01:09:42 | 000,095,744 | ---- | C] (Microsoft Corporation)
     synceng.dll -> C:\Windows\SysWow64\synceng.dll -> [2012/11/16 01:09:42 | 000,078,336 | ---- | C] (Microsoft Corporation)
     DivXControlPanelApplet.cpl -> C:\Windows\SysWow64\DivXControlPanelApplet.cpl -> [2012/11/13 14:29:04 | 000,354,216 | ---- | C] (DivX, Inc.)
     LolClient -> C:\Users\thorandai\AppData\Roaming\LolClient -> [2012/11/12 19:09:02 | 000,000,000 | ---D | C]
     D3DCompiler_39.dll -> C:\Windows\SysWow64\D3DCompiler_39.dll -> [2012/11/12 17:03:08 | 001,493,528 | ---- | C] (Microsoft Corporation)
     d3dx10_39.dll -> C:\Windows\SysWow64\d3dx10_39.dll -> [2012/11/12 17:03:08 | 000,467,984 | ---- | C] (Microsoft Corporation)
     D3DX9_39.dll -> C:\Windows\SysWow64\D3DX9_39.dll -> [2012/11/12 17:03:07 | 003,851,784 | ---- | C] (Microsoft Corporation)
     Macromedia -> C:\Users\thorandai\AppData\Local\Macromedia -> [2012/11/11 14:00:08 | 000,000,000 | ---D | C]
     Mozilla -> C:\Users\thorandai\AppData\Local\Mozilla -> [2012/11/11 13:59:35 | 000,000,000 | ---D | C]
     Mozilla -> C:\ProgramData\Mozilla -> [2012/11/11 13:59:32 | 000,000,000 | ---D | C]
     nvoglv32.dll -> C:\Windows\SysWow64\nvoglv32.dll -> [2012/11/08 21:21:17 | 019,906,920 | ---- | C] (NVIDIA Corporation)
     nvwgf2um.dll -> C:\Windows\SysWow64\nvwgf2um.dll -> [2012/11/08 21:21:17 | 012,501,352 | ---- | C] (NVIDIA Corporation)
     nvopencl.dll -> C:\Windows\SysNative\nvopencl.dll -> [2012/11/08 21:21:17 | 007,414,632 | ---- | C] (NVIDIA Corporation)
     nvcuvid.dll -> C:\Windows\SysWow64\nvcuvid.dll -> [2012/11/08 21:21:17 | 002,574,696 | ---- | C] (NVIDIA Corporation)
     nvhda64v.sys -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2012/11/08 21:21:17 | 000,189,288 | ---- | C] (NVIDIA Corporation)
     nvhdap64.dll -> C:\Windows\SysNative\nvhdap64.dll -> [2012/11/08 21:21:17 | 000,031,080 | ---- | C] (NVIDIA Corporation)
     nvcuda.dll -> C:\Windows\SysWow64\nvcuda.dll -> [2012/11/08 21:21:16 | 007,697,768 | ---- | C] (NVIDIA Corporation)
     nvopencl.dll -> C:\Windows\SysWow64\nvopencl.dll -> [2012/11/08 21:21:16 | 006,127,464 | ---- | C] (NVIDIA Corporation)
     nvcuvid.dll -> C:\Windows\SysNative\nvcuvid.dll -> [2012/11/08 21:21:16 | 002,747,240 | ---- | C] (NVIDIA Corporation)
     nvcuvenc.dll -> C:\Windows\SysNative\nvcuvenc.dll -> [2012/11/08 21:21:16 | 002,218,344 | ---- | C] (NVIDIA Corporation)
     nvcuvenc.dll -> C:\Windows\SysWow64\nvcuvenc.dll -> [2012/11/08 21:21:16 | 001,867,112 | ---- | C] (NVIDIA Corporation)
     nvdispgenco64.dll -> C:\Windows\SysNative\nvdispgenco64.dll -> [2012/11/08 21:21:16 | 001,482,600 | ---- | C] (NVIDIA Corporation)
     nvcompiler.dll -> C:\Windows\SysNative\nvcompiler.dll -> [2012/11/08 21:21:15 | 025,256,296 | ---- | C] (NVIDIA Corporation)
     nvcompiler.dll -> C:\Windows\SysWow64\nvcompiler.dll -> [2012/11/08 21:21:15 | 017,559,912 | ---- | C] (NVIDIA Corporation)
     nvcuda.dll -> C:\Windows\SysNative\nvcuda.dll -> [2012/11/08 21:21:15 | 009,146,728 | ---- | C] (NVIDIA Corporation)
     nvapi.dll -> C:\Windows\SysWow64\nvapi.dll -> [2012/11/08 21:21:15 | 002,428,776 | ---- | C] (NVIDIA Corporation)
     nvumdshim.dll -> C:\Windows\SysWow64\nvumdshim.dll -> [2012/11/08 21:21:15 | 000,831,848 | ---- | C] (NVIDIA Corporation)
     Guild Wars 2 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 -> [2012/11/08 21:03:37 | 000,000,000 | ---D | C]
     Guild Wars 2 -> C:\Program Files (x86)\Guild Wars 2 -> [2012/11/08 21:03:37 | 000,000,000 | ---D | C]
     Guild Wars 2 -> C:\Users\thorandai\Documents\Guild Wars 2 -> [2012/11/08 20:57:47 | 000,000,000 | ---D | C]
     Java -> C:\Program Files (x86)\Common Files\Java -> [2012/11/08 19:48:40 | 000,000,000 | ---D | C]
     javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2012/11/08 19:48:29 | 000,246,760 | ---- | C] (Oracle Corporation)
     javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2012/11/08 19:48:16 | 000,174,056 | ---- | C] (Oracle Corporation)
     java.exe -> C:\Windows\SysWow64\java.exe -> [2012/11/08 19:48:16 | 000,174,056 | ---- | C] (Oracle Corporation)
     WindowsAccessBridge-32.dll -> C:\Windows\SysWow64\WindowsAccessBridge-32.dll -> [2012/11/08 19:48:16 | 000,095,208 | ---- | C] (Oracle Corporation)
     Java -> C:\Program Files (x86)\Java -> [2012/11/08 19:48:02 | 000,000,000 | ---D | C]
     Malwarebytes -> C:\Users\thorandai\AppData\Roaming\Malwarebytes -> [2012/11/04 14:00:26 | 000,000,000 | ---D | C]
     Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/11/04 13:52:34 | 000,000,000 | ---D | C]
     mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/11/04 13:52:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation)
     Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2012/11/04 13:52:33 | 000,000,000 | ---D | C]
     Malwarebytes -> C:\ProgramData\Malwarebytes -> [2012/11/04 13:52:33 | 000,000,000 | ---D | C]
     PAYDAY -> C:\Users\thorandai\AppData\Local\PAYDAY -> [2012/10/20 18:58:06 | 000,000,000 | ---D | C]
     Pando_Temp -> C:\Users\thorandai\AppData\Local\Pando_Temp -> [2012/10/17 16:58:21 | 000,000,000 | ---D | C]
     2 C:\*.tmp files -> C:\*.tmp -> 
     1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
     
    [Files/Folders - Modified Within 90 Days]
     7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/01/14 12:13:43 | 000,022,080 | -H-- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/01/14 12:13:43 | 000,022,080 | -H-- | M] ()
     OTS.exe -> C:\Users\thorandai\Desktop\OTS.exe -> [2013/01/14 12:11:54 | 000,646,656 | ---- | M] (OldTimer Tools)
     lgfwup.ini -> C:\Windows\lgfwup.ini -> [2013/01/14 12:07:05 | 000,000,344 | ---- | M] ()
     GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/01/14 12:06:38 | 000,000,900 | ---- | M] ()
     bootstat.dat -> C:\Windows\bootstat.dat -> [2013/01/14 12:06:24 | 000,067,584 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2013/01/14 12:06:22 | 4226,211,838 | -HS- | M] ()
     GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/01/14 00:59:00 | 000,000,904 | ---- | M] ()
     Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/01/14 00:53:00 | 000,000,830 | ---- | M] ()
     hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2013/01/13 15:11:31 | 000,000,027 | ---- | M] ()
     ComboFix.exe -> C:\Users\thorandai\Desktop\ComboFix.exe -> [2013/01/13 11:44:47 | 005,021,655 | R--- | M] (Swearware)
     0bjwx32o.exe -> C:\Users\thorandai\Desktop\0bjwx32o.exe -> [2013/01/12 21:48:24 | 000,365,568 | ---- | M] ()
     dds.scr -> C:\Users\thorandai\Desktop\dds.scr -> [2013/01/12 21:32:31 | 000,688,992 | R--- | M] (Swearware)
     HijackThis.exe -> C:\Users\thorandai\Desktop\HijackThis.exe -> [2013/01/12 21:30:55 | 000,388,608 | ---- | M] (Trend Micro Inc.)
     bootsqm.dat -> C:\bootsqm.dat -> [2013/01/12 13:00:44 | 000,003,304 | ---- | M] ()
     Google Chrome.lnk -> C:\Users\thorandai\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/01/11 11:46:21 | 000,002,283 | ---- | M] ()
     Google Chrome.lnk -> C:\Users\thorandai\Desktop\Google Chrome.lnk -> [2013/01/11 11:46:21 | 000,002,259 | ---- | M] ()
     PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2013/01/10 13:44:06 | 000,281,688 | ---- | M] ()
     PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2013/01/10 13:44:06 | 000,281,688 | ---- | M] ()
     FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/01/09 09:53:39 | 000,697,864 | ---- | M] (Adobe Systems Incorporated)
     FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/01/09 09:53:39 | 000,074,248 | ---- | M] (Adobe Systems Incorporated)
     FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/01/09 09:42:53 | 000,352,312 | ---- | M] ()
     PnkBstrB.ex0 -> C:\Windows\SysWow64\PnkBstrB.ex0 -> [2013/01/06 19:50:04 | 000,281,688 | ---- | M] ()
     Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/12/30 19:53:25 | 000,001,113 | ---- | M] ()
     wrap_oal.dll -> C:\Windows\SysNative\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,466,456 | ---- | M] (Creative Labs)
     wrap_oal.dll -> C:\Windows\SysWow64\wrap_oal.dll -> [2012/12/26 12:36:10 | 000,444,952 | ---- | M] (Creative Labs)
     OpenAL32.dll -> C:\Windows\SysNative\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
     OpenAL32.dll -> C:\Windows\SysWow64\OpenAL32.dll -> [2012/12/26 12:36:10 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
     PortalGun.rtf -> C:\Users\thorandai\Documents\PortalGun.rtf -> [2012/12/25 02:12:51 | 000,006,150 | ---- | M] ()
     atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems)
     atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated)
     atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated)
     atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems)
     mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation)
     END -> C:\END -> [2012/12/12 20:01:08 | 000,000,009 | ---- | M] ()
     Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2012/12/07 07:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation)
     gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2012/12/07 07:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation)
     Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2012/12/07 06:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation)
     gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2012/12/07 06:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation)
     usk.rs -> C:\Windows\SysNative\usk.rs -> [2012/12/07 05:20:04 | 000,030,720 | ---- | M] (Microsoft)
     csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2012/12/07 05:20:03 | 000,043,520 | ---- | M] (Microsoft)
     oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2012/12/07 05:20:03 | 000,023,552 | ---- | M] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2012/12/07 05:20:01 | 000,045,568 | ---- | M] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2012/12/07 05:20:01 | 000,044,544 | ---- | M] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2012/12/07 05:20:01 | 000,020,480 | ---- | M] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2012/12/07 05:20:00 | 000,020,480 | ---- | M] (Microsoft)
     pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2012/12/07 05:19:59 | 000,020,480 | ---- | M] (Microsoft)
     fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2012/12/07 05:19:58 | 000,046,592 | ---- | M] (Microsoft)
     cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2012/12/07 05:19:57 | 000,040,960 | ---- | M] (Microsoft)
     grb.rs -> C:\Windows\SysNative\grb.rs -> [2012/12/07 05:19:57 | 000,021,504 | ---- | M] (Microsoft)
     djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2012/12/07 05:19:57 | 000,015,360 | ---- | M] (Microsoft)
     cero.rs -> C:\Windows\SysNative\cero.rs -> [2012/12/07 05:19:56 | 000,055,296 | ---- | M] (Microsoft)
     esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2012/12/07 05:19:55 | 000,051,712 | ---- | M] (Microsoft)
     csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2012/12/07 04:46:42 | 000,043,520 | ---- | M] (Microsoft)
     usk.rs -> C:\Windows\SysWow64\usk.rs -> [2012/12/07 04:46:42 | 000,030,720 | ---- | M] (Microsoft)
     oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2012/12/07 04:46:41 | 000,045,568 | ---- | M] (Microsoft)
     pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2012/12/07 04:46:41 | 000,044,544 | ---- | M] (Microsoft)
     oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2012/12/07 04:46:41 | 000,023,552 | ---- | M] (Microsoft)
     pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2012/12/07 04:46:41 | 000,020,480 | ---- | M] (Microsoft)
     pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2012/12/07 04:46:40 | 000,020,480 | ---- | M] (Microsoft)
     fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2012/12/07 04:46:39 | 000,046,592 | ---- | M] (Microsoft)
     pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2012/12/07 04:46:39 | 000,020,480 | ---- | M] (Microsoft)
     grb.rs -> C:\Windows\SysWow64\grb.rs -> [2012/12/07 04:46:38 | 000,021,504 | ---- | M] (Microsoft)
     cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2012/12/07 04:46:37 | 000,040,960 | ---- | M] (Microsoft)
     djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2012/12/07 04:46:37 | 000,015,360 | ---- | M] (Microsoft)
     cero.rs -> C:\Windows\SysWow64\cero.rs -> [2012/12/07 04:46:36 | 000,055,296 | ---- | M] (Microsoft)
     esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2012/12/07 04:46:36 | 000,051,712 | ---- | M] (Microsoft)
     wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2012/11/29 23:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation)
     wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2012/11/29 23:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation)
     wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2012/11/29 23:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation)
     winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2012/11/29 23:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2012/11/29 23:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation)
     kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2012/11/29 23:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation)
     KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2012/11/29 23:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 23:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 23:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2012/11/29 22:54:00 | 000,005,120 | ---- | M] (Microsoft Corporation)
     api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2012/11/29 21:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation)
     setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2012/11/29 20:44:06 | 000,025,600 | ---- | M] (Microsoft Corporation)
     ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2012/11/29 20:44:04 | 000,014,336 | ---- | M] (Microsoft Corporation)
     instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2012/11/29 20:44:04 | 000,007,680 | ---- | M] (Microsoft Corporation)
     user.exe -> C:\Windows\SysWow64\user.exe -> [2012/11/29 20:44:03 | 000,002,048 | ---- | M] (Microsoft Corporation)
     api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation)
     api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2012/11/29 20:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation)
     taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2012/11/22 21:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation)
     usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2012/11/21 23:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation)
     ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2012/11/19 23:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation)
     jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/11/14 00:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/11/14 00:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation)
     url.dll -> C:\Windows\SysNative\url.dll -> [2012/11/14 00:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/11/13 23:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation)
     vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/11/13 23:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/11/13 23:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation)
     msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/11/13 23:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation)
     mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/11/13 23:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/11/13 23:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/11/13 19:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation)
     url.dll -> C:\Windows\SysWow64\url.dll -> [2012/11/13 19:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/11/13 19:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation)
     jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/11/13 19:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation)
     mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/11/13 19:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation)
     ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/11/13 19:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation)
     DivXControlPanelApplet.cpl -> C:\Windows\SysWow64\DivXControlPanelApplet.cpl -> [2012/11/13 14:29:04 | 000,354,216 | ---- | M] (DivX, Inc.)
     Resmon.ResmonCfg -> C:\Users\thorandai\AppData\Local\Resmon.ResmonCfg -> [2012/11/11 13:38:37 | 000,007,600 | ---- | M] ()
     win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2012/11/08 23:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation)
     win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2012/11/08 22:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation)
     Guild Wars 2.lnk -> C:\Users\Public\Desktop\Guild Wars 2.lnk -> [2012/11/08 21:03:37 | 000,000,936 | ---- | M] ()
     npDeployJava1.dll -> C:\Windows\SysWow64\npDeployJava1.dll -> [2012/11/08 19:48:04 | 000,821,736 | ---- | M] (Oracle Corporation)
     deployJava1.dll -> C:\Windows\SysWow64\deployJava1.dll -> [2012/11/08 19:48:04 | 000,746,984 | ---- | M] (Oracle Corporation)
     javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2012/11/08 19:48:04 | 000,246,760 | ---- | M] (Oracle Corporation)
     javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2012/11/08 19:48:04 | 000,174,056 | ---- | M] (Oracle Corporation)
     java.exe -> C:\Windows\SysWow64\java.exe -> [2012/11/08 19:48:04 | 000,174,056 | ---- | M] (Oracle Corporation)
     WindowsAccessBridge-32.dll -> C:\Windows\SysWow64\WindowsAccessBridge-32.dll -> [2012/11/08 19:48:04 | 000,095,208 | ---- | M] (Oracle Corporation)
     config.nt -> C:\Windows\SysWow64\config.nt -> [2012/11/03 17:08:48 | 000,000,000 | ---- | M] ()
     dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2012/11/01 23:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation)
     dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2012/11/01 23:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation)
     extensions.sqlite -> C:\extensions.sqlite -> [2012/11/01 20:58:25 | 000,000,000 | ---- | M] ()
     aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2012/10/30 16:51:56 | 000,059,728 | ---- | M] (AVAST Software)
     aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2012/10/30 16:51:55 | 000,984,144 | ---- | M] (AVAST Software)
     aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2012/10/30 16:51:55 | 000,370,288 | ---- | M] (AVAST Software)
     aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2012/10/30 16:51:55 | 000,071,600 | ---- | M] (AVAST Software)
     aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2012/10/30 16:51:53 | 000,025,232 | ---- | M] (AVAST Software)
     avastSS.scr -> C:\Windows\avastSS.scr -> [2012/10/30 16:51:07 | 000,041,224 | ---- | M] (AVAST Software)
     aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2012/10/30 16:50:59 | 000,227,648 | ---- | M] (AVAST Software)
     aswBoot.exe -> C:\Windows\SysNative\aswBoot.exe -> [2012/10/30 16:50:30 | 000,285,328 | ---- | M] (AVAST Software)
     3 C:\Users\thorandai\AppData\Local\Temp\*.tmp files -> C:\Users\thorandai\AppData\Local\Temp\*.tmp -> 
     2 C:\*.tmp files -> C:\*.tmp -> 
     1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
     
    [Files - No Company Name]
     PEV.exe -> C:\Windows\PEV.exe -> [2013/01/13 12:10:05 | 000,256,000 | ---- | C] ()
     MBR.exe -> C:\Windows\MBR.exe -> [2013/01/13 12:10:05 | 000,208,896 | ---- | C] ()
     sed.exe -> C:\Windows\sed.exe -> [2013/01/13 12:10:05 | 000,098,816 | ---- | C] ()
     grep.exe -> C:\Windows\grep.exe -> [2013/01/13 12:10:05 | 000,080,412 | ---- | C] ()
     zip.exe -> C:\Windows\zip.exe -> [2013/01/13 12:10:05 | 000,068,096 | ---- | C] ()
     0bjwx32o.exe -> C:\Users\thorandai\Desktop\0bjwx32o.exe -> [2013/01/12 21:48:38 | 000,365,568 | ---- | C] ()
     bootsqm.dat -> C:\bootsqm.dat -> [2013/01/12 13:00:44 | 000,003,304 | ---- | C] ()
     PortalGun.rtf -> C:\Users\thorandai\Documents\PortalGun.rtf -> [2012/12/25 02:12:51 | 000,006,150 | ---- | C] ()
     END -> C:\END -> [2012/12/12 20:00:56 | 000,000,009 | ---- | C] ()
     MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> [2012/11/16 03:05:17 | 000,000,003 | ---- | C] ()
     MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> [2012/11/16 03:00:30 | 000,000,003 | ---- | C] ()
     Guild Wars 2.lnk -> C:\Users\Public\Desktop\Guild Wars 2.lnk -> [2012/11/08 21:03:37 | 000,000,936 | ---- | C] ()
     Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/11/04 13:52:34 | 000,001,113 | ---- | C] ()
     extensions.sqlite -> C:\extensions.sqlite -> [2012/11/01 20:58:25 | 000,000,000 | ---- | C] ()
     igdde32.dll -> C:\Windows\SysWow64\igdde32.dll -> [2012/10/10 02:22:34 | 000,064,512 | ---- | C] ()
     igvpkrng600.bin -> C:\Windows\SysWow64\igvpkrng600.bin -> [2012/10/10 02:22:28 | 000,272,928 | ---- | C] ()
     igcodeckrng600.bin -> C:\Windows\SysWow64\igcodeckrng600.bin -> [2012/10/10 02:22:20 | 000,963,452 | ---- | C] ()
     fusioncache.dat -> C:\Users\thorandai\AppData\Local\fusioncache.dat -> [2012/08/03 19:04:32 | 000,000,097 | ---- | C] ()
     pbsvc.exe -> C:\Windows\SysWow64\pbsvc.exe -> [2012/08/03 18:58:15 | 000,669,184 | ---- | C] ()
     Resmon.ResmonCfg -> C:\Users\thorandai\AppData\Local\Resmon.ResmonCfg -> [2012/06/30 16:54:18 | 000,007,600 | ---- | C] ()
     PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012/04/21 15:48:12 | 000,772,558 | ---- | C] ()
     GPlrLanc.dat -> C:\Windows\GPlrLanc.dat -> [2012/03/28 04:25:14 | 000,000,064 | ---- | C] ()
     icarus-dxdiag.xml -> C:\Users\thorandai\AppData\Roaming\icarus-dxdiag.xml -> [2012/03/21 23:42:04 | 000,093,282 | ---- | C] ()
     hash.dat -> C:\ProgramData\hash.dat -> [2012/03/14 20:35:01 | 000,000,032 | R--- | C] ()
     PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/03/10 13:49:46 | 000,281,688 | ---- | C] ()
     PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2012/03/10 13:49:46 | 000,076,888 | ---- | C] ()
     pbsvc_bc2.exe -> C:\Windows\SysWow64\pbsvc_bc2.exe -> [2012/03/10 13:49:45 | 002,434,856 | ---- | C] ()
     igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2012/03/09 18:16:59 | 000,145,804 | ---- | C] ()
     lgfwup.ini -> C:\Windows\lgfwup.ini -> [2012/03/08 19:44:15 | 000,000,344 | ---- | C] ()
     igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2012/02/14 19:47:06 | 000,963,912 | ---- | C] ()
     igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2012/02/14 19:47:06 | 000,261,208 | ---- | C] ()
     xlive.dll.cat -> C:\Windows\SysWow64\xlive.dll.cat -> [2011/09/28 18:44:14 | 000,179,271 | ---- | C] ()
    < End of report >
    
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    sorry can you attach the ots log as a reply please. it is just too long to copy & paste so I can work with it
     
  13. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    sorry for the long log here it is again
     

    Attached Files:

    • OTS.Txt
      File size:
      292.8 KB
      Views:
      1
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


    Code:
    [Unregister Dlls]
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\] > -> 
    YN -> HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\: Main\\"Start Page" -> http://search.babylon.com/?affID=114733&tt=5112_3&babsrc=HP_ss&mntrId=bc1d934a00000000000000ffb8210817
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] -> [Babylon toolbar helper]
    YN -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Webroot Browser Helper Object]
    < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YN -> "{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] -> [Webroot Toolbar]
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YN -> "{97ab88ef-346b-4179-a0b1-7445896547a5}" [HKLM] -> [Webroot Toolbar]
    YN -> "{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] -> [Babylon Toolbar]
    < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Button: Webroot]
    YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Menu: Webroot]
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Button: Webroot]
    YN -> {43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} [HKLM] -> [Menu: Webroot]
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
    YN -> TCP Query User{B072CBCC-19F5-49FF-A36F-99607FB598FF}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=6 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
    YN -> TCP Query User{F24DAD95-9391-4A23-8954-6DF899DB6BF1}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
    YN -> UDP Query User{3B331040-C891-4784-B8BC-144252206E04}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe -> profile=public | protocol=17 | dir=in | action=block | name=mcforge.exe | app=c:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe | 
    YN -> UDP Query User{CE953562-0DA4-4AFA-A4D4-242187C7F85A}C:\users\thorandai\appdata\local\temp\gw2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=guild wars 2 game client | app=c:\users\thorandai\appdata\local\temp\gw2.exe | 
    [Files/Folders - Created Within 90 Days]
    NY ->  2 C:\*.tmp files -> C:\*.tmp
    NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
    [Files/Folders - Modified Within 90 Days]
    NY ->  3 C:\Users\thorandai\AppData\Local\Temp\*.tmp files -> C:\Users\thorandai\AppData\Local\Temp\*.tmp
    NY ->  2 C:\*.tmp files -> C:\*.tmp
    NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
    [Empty Temp Folders]
    [EmptyFlash]
    [EmptyJava]
    [ZipFiles]
    [Reboot]
    

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
     
  15. thorandai

    thorandai Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    9
    heres the log

    All Processes Killed
    [Registry - Safe List]
    Registry value HKEY_USERS\S-1-5-21-2850117937-4287599766-3733225953-1000\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}:{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B072CBCC-19F5-49FF-A36F-99607FB598FF}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F24DAD95-9391-4A23-8954-6DF899DB6BF1}C:\users\thorandai\appdata\local\temp\gw2.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3B331040-C891-4784-B8BC-144252206E04}C:\users\thorandai\appdata\local\temp\rar$exa0.782\mcforge.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CE953562-0DA4-4AFA-A4D4-242187C7F85A}C:\users\thorandai\appdata\local\temp\gw2.exe deleted successfully.
    [Files/Folders - Created Within 90 Days]
    C:\STF1AB0.tmp deleted successfully.
    C:\STFEAFB.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    [Files/Folders - Modified Within 90 Days]
    C:\Users\thorandai\AppData\Local\Temp\div848A.tmp folder deleted successfully.
    C:\Users\thorandai\AppData\Local\Temp\div8F34.tmp folder deleted successfully.
    C:\Users\thorandai\AppData\Local\Temp\div93E5.tmp folder deleted successfully.
    C:\Users\thorandai\AppData\Local\Temp\divA063.tmp folder deleted successfully.
    C:\Users\thorandai\AppData\Local\Temp\~DF0D7F837311E101E6.TMP deleted successfully.
    C:\Users\thorandai\AppData\Local\Temp\~DF5DA01E513C5F08E7.TMP deleted successfully.
    C:\Users\thorandai\AppData\Local\Temp\~DF774F215EFCBAF3E8.TMP deleted successfully.
    [Empty Temp Folders]


    User: All Users

    User: Borderlands.2-SKIDROW
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: thorandai
    ->Temp folder emptied: 436480 bytes
    ->Temporary Internet Files folder emptied: 14738092 bytes
    ->Java cache emptied: 490333 bytes
    ->Google Chrome cache emptied: 349639559 bytes
    ->Flash cache emptied: 2750 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4026 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 7640097958 bytes

    Total Files Cleaned = 7,635.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Borderlands.2-SKIDROW

    User: Default

    User: Default User

    User: Public

    User: thorandai
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Borderlands.2-SKIDROW

    User: Default

    User: Default User

    User: Public

    User: thorandai
    ->Java cache emptied: 0 bytes

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.47.2 fix logfile created on 01152013_160444

    Files\Folders moved on Reboot...
    C:\Users\thorandai\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    and also i dont know if it is connected but every once in a while my intenet unconnects due to a bad gateway so i have to do a fix on that if it happens again ill get a more detailed explanation
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084949

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice