Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Alureon.fe nasty Trojan [Unsolved] [Closed]


  • This topic is locked This topic is locked

#31
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
All processes killed
========== OTL ==========
C:\Users\Vicky\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Vicky\AppData\Roaming\LimeWire folder moved successfully.
C:\Users\Vicky\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Vicky\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Vicky\AppData\Roaming\uTorrent folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Alex Huang
->Temp folder emptied: 76893829 bytes
->Temporary Internet Files folder emptied: 24429440 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 333391901 bytes
->Flash cache emptied: 1565 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 3278582 bytes
->Temporary Internet Files folder emptied: 33519493 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-MINJUN-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 253827 bytes
->Flash cache emptied: 0 bytes

User: Minjun
->Temp folder emptied: 208383653 bytes
->Temporary Internet Files folder emptied: 78514514 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21564833 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Vicky
->Temp folder emptied: 2111913370 bytes
->Temporary Internet Files folder emptied: 77346049 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97969141 bytes
->Google Chrome cache emptied: 369081325 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1975243 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,279.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02032012_155245

Files\Folders moved on Reboot...
C:\Users\Alex Huang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements


#32
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Farbar Service Scanner Version: 02-02-2012
Ran by Alex Huang (administrator) on 03-02-2012 at 16:54:13
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-02-09 17:41] - [2010-12-21 01:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#33
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
in tdskiller when i skip the skptd suspicious threat I do not get any logs for it.
  • 0

#34
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
sorry this is the correct fss txt

Farbar Service Scanner Version: 02-02-2012
Ran by Alex Huang (administrator) on 03-02-2012 at 16:58:34
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-02-09 17:41] - [2010-12-21 01:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#35
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
also I can't sync time on the computer it says access denied when i try net start w32time
  • 0

#36
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please continue with remaining logs OTL fix, TDSSKiller log, and FSS.txt :thumbsup:
  • 0

#37
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
i've already posted them previously
  • 0

#38
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

also I can't sync time on the computer it says access denied when i try net start w32time


This is not unexpected given the issues with your internet related services.


I will prepare a fix and should have the next step for you tomorrow.

CompCav
  • 0

#39
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Now we need to focus on repairing your internet issues and security center issues.

Step 1.

Windows Repair Tool No Internet

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image


Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items ticked (remove the ticks from the rest ) and tick restart system when finished
Posted Image


Step 2. (Only do this step if your firewall, internet, or time update are not working)

If still no internet or wondows firewall then do the following checks:

Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again and verify Windows Firewall is working.


Step 3.(Only if Windows Firewall and Security Center are not fixed)

Please re run Farbar Services scanner:

Please download Farbar Service Scanner and run it on the computer with the issue.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4.

Please post:

FSS.txt

Please update me on any issues with your machine
  • 0

#40
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I cant find the download link for the windows repair tool
  • 0

Advertisements


#41
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Click on the this link at Major Geeks to download it
  • 0

#42
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
tried step 1 and 2, firewall is still not able to use recommended settings






Farbar Service Scanner Version: 02-02-2012
Ran by Alex Huang (administrator) on 04-02-2012 at 18:08:21
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-02-09 17:41] - [2010-12-21 01:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#43
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
sfc did not find some non corrupt files we need to make this work right. This scan will hunt for good ones.


Step 1.

Re-run OTL

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    mpssvc.*
    bfe.*
    SDRSVC.*
    vssvc.*
    wscsvc.*
    wuaueng.*
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will openone notepad window. OTL.Txt. It is saved in the same location as OTL.
  • Post this log

  • 0

#44
Insau Tybo

Insau Tybo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL logfile created on: 2/4/2012 11:35:50 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex Huang\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 68.67% Memory free
6.87 Gb Paging File | 5.23 Gb Available in Paging File | 76.07% Paging File free
Paging file location(s): C:\pagefile.sys 4222 4222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 74.99 Gb Free Space | 26.46% Space Free | Partition Type: NTFS

Computer Name: MINJUN-PC | User Name: Alex Huang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 16:10:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex Huang\Downloads\OTL.exe
PRC - [2012/02/02 05:01:28 | 000,495,104 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012/01/10 00:38:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/01/13 13:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 13:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 13:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/27 12:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/04/27 12:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe
PRC - [2005/10/28 10:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/02 05:01:26 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2012/02/02 03:09:46 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Compression.dll
MOD - [2012/01/12 03:36:14 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9a29ccc783b1305deb24c667ad79d287\System.ServiceModel.Web.ni.dll
MOD - [2012/01/12 03:35:26 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5107d5be0963a2026d7c8be0796a5b1b\System.ServiceModel.ni.dll
MOD - [2012/01/12 03:30:08 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\82ca215f115529e1372218a8ca377ddb\System.Web.Services.ni.dll
MOD - [2012/01/12 03:29:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2012/01/10 00:38:36 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:45:23 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/13 02:45:19 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/13 02:44:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll
MOD - [2011/10/13 02:44:42 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9123843fd33a30164ceb951c98b7ca2a\SMDiagnostics.ni.dll
MOD - [2011/10/13 02:36:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 02:36:04 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 02:35:51 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:35:51 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa42950143908bea4f88f3b9fd693e94\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2011/10/13 02:35:45 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 02:35:42 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 02:35:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 02:35:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 02:35:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 02:35:22 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 02:35:13 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/07/22 17:49:42 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/01/27 18:29:51 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2011/01/13 13:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 13:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/01/13 13:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 13:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 13:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 13:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 13:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 13:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 13:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 13:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/09/16 15:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/07/07 11:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 11:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 11:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 11:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/07 11:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/04/27 12:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
MOD - [2009/04/27 12:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
MOD - [2008/05/16 11:35:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2008/05/16 11:35:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2008/05/16 11:34:18 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll
MOD - [2007/11/02 14:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPUsageTracking.dll
MOD - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe
MOD - [2007/11/02 14:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPToolkit.dll
MOD - [2007/11/02 14:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\Enumeration.dll
MOD - [2007/11/02 14:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPTools.dll
MOD - [2007/11/02 14:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPStreamsInterface.dll
MOD - [2007/04/30 07:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 07:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 07:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 07:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 16:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/06/14 19:12:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/05/25 08:42:22 | 000,034,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/05/25 08:42:12 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe -- (SftService)
SRV - [2010/10/02 21:19:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/20 09:57:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/25 08:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/25 15:53:05 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/16 14:20:51 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/14 19:48:02 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/26 19:13:24 | 001,206,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1147797363-89902876-126264869-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1147797363-89902876-126264869-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fut11info.nl/
IE - HKU\S-1-5-21-1147797363-89902876-126264869-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex Huang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alex Huang\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Alex Huang\AppData\Roaming\5005
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/30 00:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/30 00:28:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Alex Huang\AppData\Roaming\5005

[2010/08/28 17:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Extensions
[2010/08/28 17:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/02/01 17:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Firefox\Profiles\nu88bg46.default\extensions
[2012/01/30 00:39:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex Huang\AppData\Roaming\Mozilla\Firefox\Profiles\nu88bg46.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/19 16:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/14 15:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
() (No name found) -- C:\USERS\ALEX HUANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NU88BG46.DEFAULT\EXTENSIONS\[email protected]
[2012/01/10 00:38:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/13 09:42:41 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 17:03:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/03 15:52:50 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3:64bit: - HKU\S-1-5-21-1147797363-89902876-126264869-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1147797363-89902876-126264869-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1147797363-89902876-126264869-1004\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [HPUsageTracking] "\HP UT\bin\hppusg.exe" "\HP UT" File not found
O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1147797363-89902876-126264869-1004..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1147797363-89902876-126264869-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1147797363-89902876-126264869-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1147797363-89902876-126264869-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1147797363-89902876-126264869-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: 将链接目标转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: 将链接目标追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: 转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: 追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: 将链接目标转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 将链接目标追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 转换为 Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 追加到现有的 PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfish...Web.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94BC0005-4FBA-4B56-961E-6F29181CF2AA}: DhcpNameServer = 192.168.200.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (UserInit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 17:49:32 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/02/04 17:03:28 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/02/04 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/02/04 15:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/02/03 16:42:35 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\AppData\Roaming\Malwarebytes
[2012/02/03 16:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/03 16:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/03 16:42:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/03 16:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/02 18:41:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/02 17:28:55 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\Desktop\RK_Quarantine
[2012/01/29 23:19:35 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/29 21:19:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/28 22:27:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\INCA Shared
[2012/01/28 21:48:09 | 000,000,000 | ---D | C] -- C:\ijji
[2012/01/28 21:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji
[2012/01/28 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\AppData\Roaming\ijjigame
[2012/01/28 18:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REACTOR
[2012/01/24 23:17:49 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\Tracing
[2012/01/24 22:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012/01/24 22:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012/01/24 22:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2012/01/21 21:11:37 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\AppData\Local\Chromium
[2012/01/21 17:05:39 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2012/01/21 17:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2012/01/21 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Alex Huang\Documents\Heroes of Newerth
[2012/01/21 17:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2010/08/28 15:18:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2010/08/28 15:18:32 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2010/08/28 15:18:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2010/08/28 15:18:31 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2010/08/28 15:18:30 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2010/08/28 15:18:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2010/08/28 15:18:30 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe
[2010/08/28 15:18:30 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe
[2010/08/28 15:18:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2010/08/28 15:18:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
[2010/08/28 15:18:29 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2010/08/28 15:18:29 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe
[2010/08/28 15:18:29 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2010/08/28 15:18:28 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2010/08/28 15:18:28 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe
[2 C:\Users\Alex Huang\AppData\Roaming\*.tmp files -> C:\Users\Alex Huang\AppData\Roaming\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,668,672 | ---- | M] (FragSoft) -- C:\Windows\SysNative\ISDone.dll
[2012/02/04 23:26:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 22:49:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1147797363-89902876-126264869-1003UA.job
[2012/02/04 22:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1147797363-89902876-126264869-1003Core.job
[2012/02/04 21:33:03 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2012/02/04 18:02:13 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 18:02:13 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 17:55:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 17:54:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 17:54:20 | 000,410,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/04 17:54:03 | 2213,896,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 17:50:40 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/02/04 15:05:14 | 000,002,225 | ---- | M] () -- C:\Users\Alex Huang\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/02/03 16:42:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 15:52:50 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/02 18:59:42 | 483,298,470 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/02 18:52:37 | 000,000,512 | ---- | M] () -- C:\Users\Alex Huang\Desktop\MBR.dat
[2012/02/02 16:17:04 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/02/02 16:17:04 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/02/01 16:37:36 | 000,000,402 | ---- | M] () -- C:\Users\Alex Huang\Desktop\repair.bat
[2012/01/29 23:21:10 | 000,006,672 | ---- | M] () -- C:\bootsqm.dat
[2012/01/24 22:24:34 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/01/24 20:18:22 | 000,001,356 | ---- | M] () -- C:\Users\Alex Huang\Desktop\Free YouTube to MP3 Converter.lnk
[2012/01/21 17:05:42 | 000,001,907 | ---- | M] () -- C:\Users\Alex Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2012/01/21 17:05:42 | 000,001,883 | ---- | M] () -- C:\Users\Alex Huang\Desktop\Heroes of Newerth.lnk
[2012/01/20 00:56:44 | 000,058,291 | ---- | M] () -- C:\Users\Alex Huang\Desktop\Walmart-Gift-Card.jpg
[2012/01/12 03:07:17 | 000,780,450 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/12 03:07:17 | 000,665,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 03:07:17 | 000,123,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 03:07:09 | 000,780,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/10 00:38:49 | 000,002,050 | ---- | M] () -- C:\Users\Alex Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\Users\Alex Huang\AppData\Roaming\*.tmp files -> C:\Users\Alex Huang\AppData\Roaming\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 15:05:14 | 000,002,225 | ---- | C] () -- C:\Users\Alex Huang\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/02/03 16:42:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 18:59:42 | 483,298,470 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/02 18:52:37 | 000,000,512 | ---- | C] () -- C:\Users\Alex Huang\Desktop\MBR.dat
[2012/02/01 16:37:35 | 000,000,402 | ---- | C] () -- C:\Users\Alex Huang\Desktop\repair.bat
[2012/01/30 07:20:30 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2012/01/29 23:21:10 | 000,006,672 | ---- | C] () -- C:\bootsqm.dat
[2012/01/24 22:24:34 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/01/22 20:10:45 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/01/22 20:10:45 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/01/22 20:10:45 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/01/21 17:05:42 | 000,001,907 | ---- | C] () -- C:\Users\Alex Huang\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2012/01/21 17:05:42 | 000,001,883 | ---- | C] () -- C:\Users\Alex Huang\Desktop\Heroes of Newerth.lnk
[2012/01/20 00:56:35 | 000,058,291 | ---- | C] () -- C:\Users\Alex Huang\Desktop\Walmart-Gift-Card.jpg
[2011/09/24 10:47:50 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/25 13:55:16 | 000,181,632 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/14 23:48:59 | 000,001,456 | ---- | C] () -- C:\Users\Alex Huang\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/14 23:23:39 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/23 16:31:04 | 000,780,450 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 07:35:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/07 16:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\Game (2).INI
[2011/01/07 16:56:58 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2010/09/26 21:03:35 | 000,000,178 | ---- | C] () -- C:\Users\Alex Huang\AppData\Roaming\wklnhst.dat
[2010/08/28 20:15:21 | 000,003,584 | ---- | C] () -- C:\Users\Alex Huang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 18:25:48 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/28 15:18:33 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2010/08/28 15:18:33 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2009/12/18 20:13:39 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/18 20:13:39 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
[2009/12/18 20:09:01 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/12/18 20:09:01 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/12/18 20:09:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2009/12/18 20:08:57 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2009/12/18 20:07:18 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/11/20 11:48:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/16 01:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/16 01:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

========== LOP Check ==========

[2011/02/16 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\.minecraft
[2012/01/30 00:39:20 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Audacity
[2012/01/30 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Catalina Marketing Corp
[2010/09/25 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\[bleep]
[2011/06/14 22:47:41 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/30 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\DAEMON Tools Pro
[2012/01/24 20:18:33 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoft
[2011/07/22 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/29 23:54:07 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Electronic Arts
[2011/03/06 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\GameTuts
[2010/12/30 01:03:03 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\GetRightToGo
[2012/01/30 00:39:21 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\gtk-2.0
[2012/01/30 00:12:47 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\ijjigame
[2011/06/14 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Leawo
[2011/06/14 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Leawo Video2PC
[2010/09/26 22:13:07 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Lexmark Productivity Studio
[2011/07/24 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\LolClient
[2011/12/21 21:46:40 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Marvell
[2011/06/14 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Moyea
[2011/10/27 12:52:55 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\PC Suite
[2010/11/30 20:33:24 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Red Kawa
[2010/11/30 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Regensoft
[2011/10/27 12:53:00 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Samsung
[2012/01/30 00:39:53 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\SystemRequirementsLab
[2010/09/26 21:03:35 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Template
[2010/11/30 20:31:14 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\Video Wallpaper
[2011/05/19 14:11:36 | 000,000,000 | ---D | M] -- C:\Users\Alex Huang\AppData\Roaming\xmldm
[2011/02/07 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\Minjun\AppData\Roaming\xmldm
[2009/12/19 16:55:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\acccore
[2012/01/30 00:46:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Facebook
[2012/01/30 00:47:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\NoteTab Light
[2011/01/06 00:46:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PlayFirst
[2010/02/15 14:39:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WildTangent
[2011/05/18 06:25:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\xmldm
[2011/05/11 02:21:19 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/05/08 00:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 18:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe


< MD5 for: BFE.DLL >
[2009/07/13 20:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) MD5=4992C609A6315671463E30F6512BC022 -- C:\Temp1234\Windows\System32\BFE.DLL
[2009/07/13 20:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) MD5=4992C609A6315671463E30F6512BC022 -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7600.16385_none_29196190443bdeb0\BFE.DLL
[2009/07/13 20:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) MD5=4992C609A6315671463E30F6512BC022 -- C:\Windows\SysNative\BFE.DLL
[2009/07/13 20:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) MD5=4992C609A6315671463E30F6512BC022 -- C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7600.16385_none_29196190443bdeb0\BFE.DLL
[2010/11/20 08:25:45 | 000,705,024 | -H-- | M] (Microsoft Corporation) MD5=82974D6A2FD19445CC5171FC378668A4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a\BFE.DLL

< MD5 for: BFE.DLL.MUI >
[2009/07/13 21:09:10 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=21778F8BB06CFB04D81D24CBAC57981C -- C:\Windows\SysWOW64\drivers\en-US\bfe.dll.mui
[2009/07/13 21:09:10 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=21778F8BB06CFB04D81D24CBAC57981C -- C:\Windows\SysWOW64\en-US\bfe.dll.mui
[2009/07/13 21:09:10 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=21778F8BB06CFB04D81D24CBAC57981C -- C:\Windows\winsxs\x86_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4e0c2004a5e71cbd\bfe.dll.mui
[2009/07/13 21:09:10 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=21778F8BB06CFB04D81D24CBAC57981C -- C:\Windows\winsxs\x86_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bf58a6bff93197e2\bfe.dll.mui
[2009/07/13 22:03:03 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Temp1234\Windows\System32\drivers\en-US\bfe.dll.mui
[2009/07/13 22:03:02 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Temp1234\Windows\System32\en-US\bfe.dll.mui
[2009/07/13 22:03:02 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aa2abb885e448df3\bfe.dll.mui
[2009/07/13 22:03:03 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1b774243b18f0918\bfe.dll.mui
[2009/07/13 21:30:00 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Windows\SysNative\drivers\en-US\bfe.dll.mui
[2009/07/13 21:30:00 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Windows\SysNative\en-US\bfe.dll.mui
[2009/07/13 21:30:00 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Windows\winsxs\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aa2abb885e448df3\bfe.dll.mui
[2009/07/13 21:30:00 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=D33E31F95C553085F8F008269716AE3C -- C:\Windows\winsxs\amd64_microsoft-windows-w..edtracing.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1b774243b18f0918\bfe.dll.mui

< MD5 for: MPSSVC.DLL >
[2010/11/20 08:26:59 | 000,828,416 | -H-- | M] (Microsoft Corporation) MD5=54FFC9C8898113ACE189D4AA7199D2C1 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll
[2009/07/13 20:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=AECAB449567D1846DAD63ECE49E893E3 -- C:\Temp1234\Windows\System32\MPSSVC.dll
[2009/07/13 20:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=AECAB449567D1846DAD63ECE49E893E3 -- C:\Temp1234\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll
[2009/07/13 20:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=AECAB449567D1846DAD63ECE49E893E3 -- C:\Windows\SysNative\MPSSVC.dll
[2009/07/13 20:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=AECAB449567D1846DAD63ECE49E893E3 -- C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll

< MD5 for: MPSSVC.DLL.MUI >
[2009/07/13 21:03:40 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=14E8D715B1F4033EE11C5BAF264473FA -- C:\Windows\SysWOW64\en-US\mpssvc.dll.mui
[2009/07/13 21:03:40 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=14E8D715B1F4033EE11C5BAF264473FA -- C:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_873f0a55efcbc111\mpssvc.dll.mui
[2009/07/13 21:03:40 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=14E8D715B1F4033EE11C5BAF264473FA -- C:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_89701e1decba44ab\mpssvc.dll.mui
[2009/07/13 22:03:03 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=E931D244429925E9B01F8F1873DD5017 -- C:\Temp1234\Windows\System32\en-US\mpssvc.dll.mui
[2009/07/13 22:03:03 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=E931D244429925E9B01F8F1873DD5017 -- C:\Temp1234\Windows\winsxs\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e35da5d9a8293247\mpssvc.dll.mui
[2009/07/13 21:28:22 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=E931D244429925E9B01F8F1873DD5017 -- C:\Windows\SysNative\en-US\mpssvc.dll.mui
[2009/07/13 21:28:22 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=E931D244429925E9B01F8F1873DD5017 -- C:\Windows\winsxs\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e35da5d9a8293247\mpssvc.dll.mui
[2009/07/13 21:28:22 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=E931D244429925E9B01F8F1873DD5017 -- C:\Windows\winsxs\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e58eb9a1a517b5e1\mpssvc.dll.mui

< MD5 for: MPSSVC.MOF >
[2009/06/10 15:47:41 | 000,001,900 | ---- | M] () MD5=8F23C36F426B630AA8081D87862F56E0 -- C:\Temp1234\Windows\System32\wbem\mpssvc.mof
[2009/06/10 15:47:41 | 000,001,900 | ---- | M] () MD5=8F23C36F426B630AA8081D87862F56E0 -- C:\Temp1234\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\mpssvc.mof
[2009/06/10 15:47:41 | 000,001,900 | ---- | M] () MD5=8F23C36F426B630AA8081D87862F56E0 -- C:\Windows\SysNative\wbem\mpssvc.mof
[2009/06/10 16:29:09 | 000,001,900 | ---- | M] () MD5=8F23C36F426B630AA8081D87862F56E0 -- C:\Windows\SysWOW64\wbem\mpssvc.mof
[2009/06/10 15:47:41 | 000,001,900 | ---- | M] () MD5=8F23C36F426B630AA8081D87862F56E0 -- C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\mpssvc.mof
[2009/06/10 15:47:41 | 000,001,900 | ---- | M] () MD5=8F23C36F426B630AA8081D87862F56E0 -- C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\mpssvc.mof
[2009/06/10 16:29:09 | 000,001,900 | ---- | M] () MD5=8F23C36F426B630AA8081D87862F56E0 -- C:\Windows\winsxs\wow64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_005dd77215ee863b\mpssvc.mof

< MD5 for: SDRSVC.DLL >
[2010/11/20 08:27:25 | 000,170,496 | -H-- | M] (Microsoft Corporation) MD5=6EA4234DC55346E0709560FE7C2C1972 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll
[2009/07/13 20:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=765A27C3279CE11D14CB9E4F5869FCA5 -- C:\Windows\SysNative\sdrsvc.dll
[2009/07/13 20:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=765A27C3279CE11D14CB9E4F5869FCA5 -- C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll

< MD5 for: SDRSVC.DLL.MUI >
[2009/07/13 21:26:56 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=7EDD3765E9DA8D01CB571F0436BF5501 -- C:\Windows\SysNative\en-US\sdrsvc.dll.mui
[2009/07/13 21:26:56 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=7EDD3765E9DA8D01CB571F0436BF5501 -- C:\Windows\winsxs\amd64_microsoft-windows-s..docs-main.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bfbdb0da78c56e60\sdrsvc.dll.mui

< MD5 for: VSSVC.EXE >
[2009/07/13 22:13:38 | 001,598,976 | ---- | M] (Microsoft Corporation) MD5=787898BF9FB6D7BD87A36E2D95C899BA -- C:\Temp1234\Windows\System32\VSSVC.exe
[2009/07/13 22:13:38 | 001,598,976 | ---- | M] (Microsoft Corporation) MD5=787898BF9FB6D7BD87A36E2D95C899BA -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe
[2009/07/13 20:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) MD5=787898BF9FB6D7BD87A36E2D95C899BA -- C:\Windows\SysNative\VSSVC.exe
[2009/07/13 20:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) MD5=787898BF9FB6D7BD87A36E2D95C899BA -- C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe
[2010/11/20 08:25:27 | 001,600,512 | -H-- | M] (Microsoft Corporation) MD5=B60BA0BC31B0CB414593E169F6F21CC2 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe

< MD5 for: VSSVC.EXE.MUI >
[2009/07/13 22:13:47 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=510E37BB2CFD92018F07A737752A26DB -- C:\Temp1234\Windows\System32\en-US\VSSVC.exe.mui
[2009/07/13 22:13:47 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=510E37BB2CFD92018F07A737752A26DB -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2931afae849f3457\VSSVC.exe.mui
[2009/07/13 21:28:08 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=510E37BB2CFD92018F07A737752A26DB -- C:\Windows\SysNative\en-US\VSSVC.exe.mui
[2009/07/13 21:28:08 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=510E37BB2CFD92018F07A737752A26DB -- C:\Windows\winsxs\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2931afae849f3457\VSSVC.exe.mui

< MD5 for: VSSVC.EXE-6C8F0C66.PF >
[2012/02/04 18:08:35 | 000,034,808 | ---- | M] () MD5=E4BD6431A49CF37F88CBAECED50DC7A0 -- C:\Windows\Prefetch\VSSVC.EXE-6C8F0C66.pf

< MD5 for: WSCSVC.DLL >
[2010/12/21 01:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/21 01:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\SysNative\wscsvc.dll
[2010/12/21 01:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

< MD5 for: WSCSVC.DLL.MUI >
[2009/07/13 21:27:36 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=B8013EC8CBFC87BDF584265D98DC1001 -- C:\Windows\SysNative\en-US\wscsvc.dll.mui
[2009/07/13 21:27:36 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=B8013EC8CBFC87BDF584265D98DC1001 -- C:\Windows\winsxs\amd64_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d469656a7d6eff9d\wscsvc.dll.mui
[2009/07/13 21:08:50 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=F0A1FE51E846E5E76F75D7F40298C96D -- C:\Windows\SysWOW64\en-US\wscsvc.dll.mui
[2009/07/13 21:08:50 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=F0A1FE51E846E5E76F75D7F40298C96D -- C:\Windows\winsxs\x86_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_784ac9e6c5118e67\wscsvc.dll.mui

< MD5 for: WUAUENG.DLL >
[2009/07/13 20:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) MD5=38340204A2D0228F1E87740FC5E554A7 -- C:\Windows\SysNative\wuaueng.dll
[2009/07/13 20:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) MD5=38340204A2D0228F1E87740FC5E554A7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll
[2010/11/20 08:27:32 | 002,420,736 | -H-- | M] (Microsoft Corporation) MD5=9DF12EDBC698B0BC353B3EF84861E430 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll

< MD5 for: WUAUENG.DLL.MUI >
[2010/11/20 08:10:58 | 000,011,264 | -H-- | M] (Microsoft Corporation) MD5=1ED7F54F41B7646407169A7ECF1149D6 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.5.7601.17514_en-us_74a88136fae6c08c\wuaueng.dll.mui
[2009/07/13 21:24:16 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=5132FCB3061565DFF426A67AACC83E7D -- C:\Windows\SysNative\en-US\wuaueng.dll.mui
[2009/07/13 21:24:16 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=5132FCB3061565DFF426A67AACC83E7D -- C:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.3.7600.16385_en-us_e219d2e5c0618ab0\wuaueng.dll.mui

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NetBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{23B94BD3-A87C-4C98-B010-82ADFE39508E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{94BC0005-4FBA-4B56-961E-6F29181CF2AA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9A0E8B60-FB9A-4B49-A4D4-80C33D9D60DE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9DDF972B-2BFA-4DE2-9F42-6902217FC5B4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C0CBB058-CB57-4AFF-AEAF-51250DCD9F7F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FCB2A001-C3AC-4943-86F7-3F71F8EEB9E4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0E 01 0C 01 09 01 07 01 05 01 01 01 0B 01 00 01 0F 01 0D 01 04 01 0A 01 08 01 06 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:3790BACD

< End of report >
  • 0

#45
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download the zipped registry files (Inso.zip) and save them on your desktop:



Unzip the file on your desktop. A folder named Inso will appear. Open it up and you will see three registry fix files:

bfe.reg
firewall.reg
wscsvc.reg


Right click Bfe.reg select Merge and OK the merge.

Right click Firewall.reg select Merge and OK the merge.

Right click wscsvc.reg select Merge and OK the merge.


Restart your PC


Step 2.


Set Permissions

Now click Start then type run and at the top of the menu will appear Run just click on it and the Run dialog box will appear.

Type regedit and click OK

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it and select Permissions...

Click on ADD and type Everyone and click OK

Now Click on Everyone

Below you have permission for users

Select full control and click OK

Close the registry and reboot the computer.


Step 2.

Set and Start Services

BFE

Now,open RUN again (windows Key + R) and type services.msc in the dialog box and click OK

Right Click on base filtering engine service

Make sure it is set to Startup type: Automatic If it is not select Automatic

Now look at Service status: Started If it is not select Start

Then click OK

Windows Firewall

Next look in the services for Windows Firewall

Make sure it is set to Startup type: Automatic If it is not select Automatic

Now look at Service status: Started If it is not select Start

Then click OK

Security Center

Right Click on Security Center

Make sure it is set to Startup type: Automatic (Delayed Start) If it is not select Automatic (Delayed Start)

Now look at Service status: Started If it is not select Start

Then click OK

Close the Services Window and verify that the security center and windows firewall are working.


Step 4.

Re run Farbar Security Scanner

Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Then post FSS.txt and tell me what is not working.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP