Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! i got infected with system32.exe but i cant find it anywhere


  • This topic is locked This topic is locked

#1
stingray93

stingray93

    New Member

  • Member
  • Pip
  • 6 posts
Im really new to removing viruses and i am running avast! free anti virus software
ive tried running a whole computer scan 2 times but still no luck... please help!
sometimes system32.exe randomly runs and takes up 99% of my cpu power
any noob friendly suggestions will appreciated! thanks!
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I would like to see in your reply:
  • aswMBR log
  • OTL.txt and Extras.txt

  • 0

#3
stingray93

stingray93

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thanks for helping me

OTL.txt


OTL logfile created on: 8/21/2012 7:51:16 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = F:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 78.20% Memory free
15.92 Gb Paging File | 14.12 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 196.76 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 589.75 Gb Free Space | 84.41% Space Free | Partition Type: NTFS

Computer Name: STINGRAY-PC | User Name: Jason Kang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 07:50:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL (2).exe
PRC - [2012/08/20 21:37:53 | 001,456,705 | RHS- | M] (ic#code) -- C:\Program Files (x86)\LOLReplay\svcchost.exe
PRC - [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/07/24 15:20:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/23 23:46:34 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/24 22:49:06 | 002,544,304 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2012/05/15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/05/15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/03/27 04:14:27 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2010/11/10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2009/10/22 09:43:58 | 002,548,056 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 00:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll
MOD - [2012/08/14 00:30:58 | 012,235,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
MOD - [2012/08/14 00:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
MOD - [2012/08/14 00:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avutil-51.dll
MOD - [2012/08/14 00:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avformat-54.dll
MOD - [2012/08/14 00:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll
MOD - [2012/07/23 23:46:34 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2012/07/21 02:44:58 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2012/07/21 02:44:54 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2012/07/21 02:44:38 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2012/07/21 02:44:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2012/07/21 02:44:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2011/04/30 11:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010/11/10 19:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 19:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 19:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 19:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 19:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 19:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2009/12/17 00:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 22:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 21:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 21:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/04 07:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/07/28 11:37:16 | 000,009,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/15 12:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/24 15:20:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/19 20:38:34 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/05/15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 15:42:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/05/04 07:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/27 04:13:18 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/27 04:13:18 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/27 04:13:17 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/06 04:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/01/06 04:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/11 18:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV - [2012/07/23 23:46:34 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012/07/17 20:48:39 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/07/17 20:48:21 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/07/17 17:14:21 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-377425601-1505729782-3739113628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...&ocid=iehp&tc=1
IE - HKU\S-1-5-21-377425601-1505729782-3739113628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-377425601-1505729782-3739113628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 86 55 25 C3 63 CD 01 [binary data]
IE - HKU\S-1-5-21-377425601-1505729782-3739113628-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-377425601-1505729782-3739113628-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-377425601-1505729782-3739113628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: AirMech = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\11103_0\
CHR - Extension: avast! WebRep = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Bayonetta = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodndeanggehkmjpcojknjghdninnhfm\3_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/18 17:08:11 | 000,001,063 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Microsoft Windows Service Host!] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-377425601-1505729782-3739113628-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-377425601-1505729782-3739113628-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-377425601-1505729782-3739113628-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWMonitor.exe - Shortcut.lnk = C:\Users\Jason Kang\Downloads\HWMonitor.exe (CPUID)
O4 - Startup: C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-377425601-1505729782-3739113628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C918B38-3C3D-4616-8AFC-B3F458CFF5CB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - AppInit_DLLs: (prio32.dll) - C:\Program Files\Prio\prio32.dll (O&K Software)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 23:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/20 23:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/18 22:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black_Box
[2012/08/18 17:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Skype
[2012/08/18 17:24:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/18 17:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/18 17:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/18 17:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/08/18 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\TS3Client
[2012/08/18 15:33:03 | 000,000,000 | RH-D | C] -- C:\Users\Jason Kang\AppData\Roaming\SecuROM
[2012/08/18 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\TecmoKoei
[2012/08/18 15:13:02 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\SETTEC
[2012/08/18 15:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ASign
[2012/08/18 14:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TecmoKoei
[2012/08/18 12:48:39 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/08/18 12:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/08/18 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/08/18 00:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/08/17 23:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2012/08/15 09:45:23 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Darksiders2
[2012/08/15 08:28:37 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Battlefield 3
[2012/08/14 20:07:25 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4B761B9D-D433-4612-8971-641D42C68E90}
[2012/08/14 20:07:14 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{5248E746-5B2D-4369-8F8D-97849A7E691B}
[2012/08/14 10:07:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\3DMark 11
[2012/08/14 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\IsolatedStorage
[2012/08/14 10:06:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Futuremark_Corporation
[2012/08/14 10:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012/08/14 10:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012/08/14 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{D9334F2A-D5E6-43F7-B0C2-128FC5479E7F}
[2012/08/14 08:06:35 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{B9D4C290-269D-43D6-852A-011B160AC6FA}
[2012/08/13 20:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2012/08/13 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{7806EA74-5C8F-4CF7-AB5F-14E4485CAA0D}
[2012/08/13 19:48:55 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4DC52C67-95BC-4D95-A709-ABC5F25988D2}
[2012/08/13 09:44:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/08/13 07:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Lionhead Studios
[2012/08/13 07:48:25 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4221E4EA-2C22-471F-A3AD-26D9C77CCE36}
[2012/08/13 07:48:08 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{3018B941-9575-4C76-94F9-2B0B5AD699CE}
[2012/08/12 17:07:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Rockstar Games
[2012/08/12 17:07:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012/08/12 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{8E1364E3-BAC9-4A11-8FBE-386E1D4FFF91}
[2012/08/12 17:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4CD6BB89-5188-4DD9-AE9D-42121D0D4770}
[2012/08/12 08:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/08/11 23:39:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012/08/11 23:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012/08/11 23:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012/08/11 23:15:33 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012/08/11 23:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012/08/11 23:15:31 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/11 23:15:31 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/11 23:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/08/11 21:59:27 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\DarknessII
[2012/08/11 21:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012/08/11 21:18:28 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{A399B8A7-1932-4B5B-B899-A9D73D1B3836}
[2012/08/11 21:18:17 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{ACB67A21-46BE-4649-A317-616FF1632A3B}
[2012/08/11 15:49:10 | 000,000,000 | -HSD | C] -- C:\Users\Jason Kang\Documents\i68Backups
[2012/08/11 15:49:10 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\i68Fifa12
[2012/08/11 09:17:52 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{F6F0BF3C-E551-4E3D-9741-330F019BB3DB}
[2012/08/11 09:17:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{9F3E3614-BE7A-4763-B9C0-EA77B42FC839}
[2012/08/10 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{722ADC41-3937-4D14-950B-01A00E8343EC}
[2012/08/10 21:17:04 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{00D5F1B1-9F59-4397-8B3C-B5C3933A6C01}
[2012/08/10 09:16:52 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{CE51C170-F5A5-434E-8AB2-CFF107E1A815}
[2012/08/10 09:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{885EC966-4DE5-4A9F-B21B-16599F2E4088}
[2012/08/09 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{F314AD86-78D6-46E2-8130-4D935B2590C6}
[2012/08/09 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{0417A9FD-3B61-4B62-9DDE-CAAA62C4E06D}
[2012/08/09 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{DF31FFAD-DAF7-4050-ACF8-CC90BB1F35F0}
[2012/08/09 09:15:29 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{79258763-C526-4FFF-902A-AD71D5A2A161}
[2012/08/08 21:15:04 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C6107D4D-CFB6-43DD-BB44-A194AE976BA6}
[2012/08/08 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{9180651A-47D0-4C80-A368-9969F1CB075C}
[2012/08/08 09:14:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C2ECC0D5-6732-4081-83AB-2B9CE453A6C9}
[2012/08/08 09:14:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{CB3C237B-3A91-48F4-A771-E578300D1AD6}
[2012/08/07 21:14:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{FE15EDA3-51FA-4EB7-8325-CA0CDF1FC960}
[2012/08/07 21:13:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{98112E1A-9DB5-4D16-800C-5849780290EF}
[2012/08/07 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{1CFDD4B5-E967-4AEC-96ED-293A62B1D434}
[2012/08/07 09:13:02 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{D30A4E0B-6527-4C57-8771-3820C4C7F058}
[2012/08/06 16:02:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{DB23126E-015C-403A-B2AA-E574EEE9DF97}
[2012/08/06 16:01:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{BC430BA0-7189-4DAA-B96A-B99C369A5586}
[2012/08/06 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\LOLReplay
[2012/08/06 14:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2012/08/06 13:50:14 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/08/06 08:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/08/06 08:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/08/06 07:31:10 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/08/06 07:29:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2012/08/06 07:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/08/06 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Downloaded Installations
[2012/08/06 04:01:42 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{F78469F8-A195-43AF-9022-3DC508F14988}
[2012/08/06 04:01:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{63BF146B-B4D0-416A-91B3-F9EE236E9B24}
[2012/08/06 04:01:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{374CA449-F47F-46B8-981A-70D78B6FD589}
[2012/08/05 20:45:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\.explorer.local
[2012/08/05 20:45:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\.explorer.cache
[2012/08/05 16:01:00 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{6A90ECE6-8ABB-4EED-A8F8-6C7A359B2ECA}
[2012/08/05 16:00:47 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C595B129-2BB6-47F5-9C5C-8C6C157B2586}
[2012/08/04 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{3FD9445D-8E47-4AE3-A89B-6AA215DF940C}
[2012/08/04 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C6784847-0F60-4231-B38F-9165A1CA5333}
[2012/08/04 12:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total.War.Shogun.2.Fall.Of.The.Samurai-KaOs
[2012/08/04 11:18:27 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\The Creative Assembly
[2012/08/04 10:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Creative Assembly
[2012/08/04 09:45:33 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{D0CE5DB4-799B-4A6E-BC16-D346C03B5060}
[2012/08/04 09:45:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{9F995E93-17D1-4B47-8F52-835F725F38E8}
[2012/08/03 22:29:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\GTA San Andreas User Files
[2012/08/03 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/03 21:44:56 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{0475B9BD-CC5C-4C17-91B0-39F6B9FD658D}
[2012/08/03 20:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/08/03 20:31:36 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\fltk.org
[2012/08/03 20:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/08/03 20:31:31 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Amnesia
[2012/08/03 20:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012/08/03 20:28:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Vindictus
[2012/08/03 20:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2012/08/03 20:13:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/03 20:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/08/03 20:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2012/08/03 20:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/08/03 16:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/08/03 16:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/08/03 09:44:15 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{8689DB35-29A9-4B90-A60A-34C4A340C126}
[2012/08/03 09:44:04 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{82E6BD17-CD8D-4F4F-83BD-0030D04F9BDA}
[2012/08/03 09:43:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Tracing
[2012/08/03 09:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/08/03 09:13:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/03 09:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/08/03 09:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/08/03 09:10:50 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Windows Live
[2012/08/03 09:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/08/02 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Day 1 Studios
[2012/08/02 14:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F.3.A.R
[2012/08/02 12:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver San Francisco
[2012/08/01 11:52:44 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Remedy
[2012/08/01 10:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V - Skyrim
[2012/08/01 09:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V - Skyrim
[2012/07/31 21:13:37 | 000,000,000 | -HSD | C] -- C:\Users\Jason Kang\wc
[2012/07/31 21:13:35 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Universe Sandbox
[2012/07/31 21:13:35 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Universe Sandbox
[2012/07/31 21:13:33 | 000,000,000 | -HSD | C] -- C:\Users\Jason Kang\AppData\Roaming\wyUpdate AU
[2012/07/31 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universe Sandbox
[2012/07/31 10:51:37 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/07/31 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\PMB Files
[2012/07/31 10:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/07/31 10:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/07/31 10:48:32 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Pando_Temp
[2012/07/31 10:47:43 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\assembly
[2012/07/31 10:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/07/31 10:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2012/07/30 20:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scroll V - Skyrim
[2012/07/30 16:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/07/30 16:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/07/30 15:29:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Nexus Mod Manager
[2012/07/30 15:29:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Black_Tree_Gaming
[2012/07/30 15:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/07/30 15:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012/07/30 01:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/07/30 01:34:50 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/07/30 01:34:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/07/30 01:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/30 01:33:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/07/28 21:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Activision
[2012/07/28 19:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PROTOTYPE 2
[2012/07/25 12:50:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Ubisoft
[2012/07/25 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Ubisoft
[2012/07/25 07:47:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\EA Games
[2012/07/25 07:45:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\EA Games
[2012/07/25 07:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dead.Space.2-KaOs
[2012/07/24 19:15:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/07/24 18:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/07/24 18:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/07/24 18:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/07/24 18:28:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\vlc
[2012/07/24 17:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/24 17:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/07/24 15:18:40 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\PunkBuster
[2012/07/23 22:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/23 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\.minecraft
[2012/07/23 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\WinRAR
[2012/07/23 17:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Island
[2012/07/23 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Criterion Games
[2012/07/23 17:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need for Speed™ Hot Pursuit
[2012/07/23 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\FreeArc
[2012/07/23 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeArc
[2012/07/23 17:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc
[2012/07/23 17:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeArc
[2012/07/23 07:42:33 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Heaven
[2012/07/23 07:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2012/07/23 07:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Unigine
[2012/07/23 07:36:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012/07/23 07:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012/07/22 15:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Faction
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/21 07:55:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 07:23:41 | 000,012,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 07:23:41 | 000,012,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 07:15:29 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 07:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 06:37:00 | 2117,791,743 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/20 23:46:39 | 000,007,599 | ---- | M] () -- C:\Users\Jason Kang\AppData\Local\Resmon.ResmonCfg
[2012/08/20 23:39:27 | 000,097,924 | ---- | M] () -- C:\Users\Jason Kang\Documents\cc_20120820_233916.reg
[2012/08/20 23:34:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | M] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\EFLC.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | M] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\EFLC.lnk
[2012/08/18 17:24:58 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/18 12:48:39 | 000,000,710 | ---- | M] () -- C:\Users\Jason Kang\Desktop\SopCast.lnk
[2012/08/18 10:52:33 | 000,001,184 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWMonitor.exe - Shortcut.lnk
[2012/08/18 00:25:49 | 000,000,722 | ---- | M] () -- C:\Users\Jason Kang\Desktop\SpeedFan.lnk
[2012/08/18 00:25:49 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/08/17 23:40:43 | 000,000,902 | ---- | M] () -- C:\Users\Jason Kang\Desktop\AIDA64 Extreme Edition.lnk
[2012/08/17 10:03:42 | 000,123,860 | ---- | M] () -- C:\Users\Jason Kang\Documents\oc.png
[2012/08/16 10:46:15 | 000,000,352 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\Network Meter_Settings.ini
[2012/08/16 10:46:04 | 000,000,533 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\All CPU MeterV2_Settings.ini
[2012/08/15 17:17:37 | 001,315,496 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 17:17:37 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/15 17:17:37 | 000,426,608 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012/08/15 17:17:37 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/15 17:17:37 | 000,118,796 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012/08/15 09:51:29 | 000,000,747 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Darksiders2.exe - Shortcut.lnk
[2012/08/15 08:40:32 | 000,000,550 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\prio.ini
[2012/08/14 20:06:26 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/08/14 18:57:58 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/14 10:06:02 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/08/13 21:29:03 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012/08/13 20:50:41 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012/08/13 10:03:33 | 000,001,375 | ---- | M] () -- C:\Users\Jason Kang\Desktop\LANoire.exe - Shortcut.lnk
[2012/08/13 07:56:50 | 000,001,248 | ---- | M] () -- C:\Users\Jason Kang\Desktop\FableLauncher.exe - Shortcut.lnk
[2012/08/11 23:57:21 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/08/11 23:57:21 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/08/11 23:43:26 | 000,001,272 | ---- | M] () -- C:\Users\Jason Kang\Desktop\dirt3.exe - Shortcut.lnk
[2012/08/11 23:15:31 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/11 23:15:31 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/11 21:58:43 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\The Darkness II.lnk
[2012/08/09 16:06:02 | 000,743,729 | ---- | M] () -- C:\Users\Jason Kang\Documents\overdone.jpg
[2012/08/07 10:17:48 | 000,002,805 | ---- | M] () -- C:\Users\Jason Kang\Desktop\skse_loader.exe - Shortcut.lnk
[2012/08/06 23:08:01 | 000,777,775 | ---- | M] () -- C:\Users\Jason Kang\Documents\smite revive.jpg
[2012/08/06 14:46:14 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/08/06 13:50:15 | 000,000,572 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Fraps.lnk
[2012/08/06 11:43:37 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/06 11:43:37 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/06 09:25:13 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/06 08:05:51 | 000,001,855 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Crysis.exe - Shortcut.lnk
[2012/08/06 07:31:10 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/08/06 07:25:23 | 000,000,662 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2012/08/04 17:24:23 | 000,001,670 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Shogun2.exe - Shortcut.lnk
[2012/08/03 16:36:40 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/08/02 14:18:58 | 000,001,525 | ---- | M] () -- C:\Users\Jason Kang\Desktop\F.E.A.R. 3.exe - Shortcut.lnk
[2012/08/02 13:40:08 | 000,001,101 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Driver.exe - Shortcut.lnk
[2012/07/31 20:47:06 | 000,002,013 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Universe Sandbox.lnk
[2012/07/31 12:45:00 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/07/31 10:51:37 | 000,002,102 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Aion.lnk
[2012/07/31 10:47:25 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/07/30 16:37:59 | 000,001,553 | ---- | M] () -- C:\Users\Jason Kang\Desktop\WORDVIEW.EXE - Shortcut.lnk
[2012/07/30 15:29:48 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/07/30 15:01:23 | 000,001,820 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\EliseProfile0.dat
[2012/07/30 08:15:14 | 000,001,086 | ---- | M] () -- C:\Users\Jason Kang\Desktop\MSI Afterburner.lnk
[2012/07/29 21:41:32 | 000,001,608 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Rayman Origins.exe - Shortcut.lnk
[2012/07/28 21:26:48 | 000,000,960 | ---- | M] () -- C:\Users\Jason Kang\Desktop\prototype2.exe - Shortcut.lnk
[2012/07/26 20:02:59 | 001,310,932 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/25 08:05:18 | 000,001,465 | ---- | M] () -- C:\Users\Jason Kang\Desktop\deadspace2.exe - Shortcut.lnk
[2012/07/24 18:47:58 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk
[2012/07/24 17:58:40 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/24 15:20:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/24 15:15:18 | 000,001,259 | ---- | M] () -- C:\Users\Jason Kang\Desktop\iw3mp.exe - Shortcut.lnk
[2012/07/24 09:50:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/24 07:40:03 | 000,001,553 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSIAfterburner.exe - Shortcut.lnk
[2012/07/23 17:38:37 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Dead Island.lnk
[2012/07/23 17:25:22 | 000,001,525 | ---- | M] () -- C:\Users\Jason Kang\Desktop\NFS11.exe - Shortcut.lnk
[2012/07/23 17:17:51 | 000,001,097 | ---- | M] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeArc.lnk
[2012/07/23 17:17:51 | 000,001,073 | ---- | M] () -- C:\Users\Jason Kang\Desktop\FreeArc.lnk
[2012/07/23 07:42:17 | 000,003,072 | ---- | M] () -- C:\Users\Jason Kang\AppData\Local\file__0.localstorage
[2012/07/23 07:42:11 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/07/22 15:23:23 | 000,001,682 | ---- | M] () -- C:\Users\Jason Kang\Desktop\rf4_launcher.exe - Shortcut.lnk
[2012/07/22 15:18:33 | 000,000,219 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Left 4 Dead 2.url
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/20 23:39:20 | 000,097,924 | ---- | C] () -- C:\Users\Jason Kang\Documents\cc_20120820_233916.reg
[2012/08/20 23:34:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | C] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\EFLC.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | C] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\EFLC.lnk
[2012/08/18 17:24:58 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/18 12:48:39 | 000,000,710 | ---- | C] () -- C:\Users\Jason Kang\Desktop\SopCast.lnk
[2012/08/18 10:52:33 | 000,001,184 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWMonitor.exe - Shortcut.lnk
[2012/08/18 00:25:49 | 000,000,722 | ---- | C] () -- C:\Users\Jason Kang\Desktop\SpeedFan.lnk
[2012/08/18 00:25:47 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/08/17 23:40:43 | 000,000,902 | ---- | C] () -- C:\Users\Jason Kang\Desktop\AIDA64 Extreme Edition.lnk
[2012/08/17 10:03:42 | 000,123,860 | ---- | C] () -- C:\Users\Jason Kang\Documents\oc.png
[2012/08/16 10:46:15 | 000,000,352 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\Network Meter_Settings.ini
[2012/08/16 09:54:39 | 000,000,533 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\All CPU MeterV2_Settings.ini
[2012/08/15 09:51:32 | 000,000,747 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Darksiders2.exe - Shortcut.lnk
[2012/08/14 20:06:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/08/14 10:06:02 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/08/13 21:29:03 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012/08/13 20:50:41 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012/08/13 10:03:55 | 000,001,375 | ---- | C] () -- C:\Users\Jason Kang\Desktop\LANoire.exe - Shortcut.lnk
[2012/08/13 07:56:53 | 000,001,248 | ---- | C] () -- C:\Users\Jason Kang\Desktop\FableLauncher.exe - Shortcut.lnk
[2012/08/12 08:11:42 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/08/12 08:11:42 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/11 23:57:21 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/08/11 23:43:31 | 000,001,272 | ---- | C] () -- C:\Users\Jason Kang\Desktop\dirt3.exe - Shortcut.lnk
[2012/08/11 21:58:43 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\The Darkness II.lnk
[2012/08/09 16:06:01 | 000,743,729 | ---- | C] () -- C:\Users\Jason Kang\Documents\overdone.jpg
[2012/08/07 10:17:19 | 000,002,805 | ---- | C] () -- C:\Users\Jason Kang\Desktop\skse_loader.exe - Shortcut.lnk
[2012/08/06 23:08:01 | 000,777,775 | ---- | C] () -- C:\Users\Jason Kang\Documents\smite revive.jpg
[2012/08/06 14:46:14 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/08/06 14:46:14 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/08/06 13:50:15 | 000,000,572 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Fraps.lnk
[2012/08/06 08:05:51 | 000,001,855 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Crysis.exe - Shortcut.lnk
[2012/08/06 07:25:23 | 000,000,662 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2012/08/04 17:24:23 | 000,001,670 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Shogun2.exe - Shortcut.lnk
[2012/08/03 16:36:40 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/08/03 09:15:11 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/08/02 14:18:58 | 000,001,525 | ---- | C] () -- C:\Users\Jason Kang\Desktop\F.E.A.R. 3.exe - Shortcut.lnk
[2012/08/02 13:40:08 | 000,001,101 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Driver.exe - Shortcut.lnk
[2012/07/31 20:47:06 | 000,002,043 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universe Sandbox.lnk
[2012/07/31 20:47:06 | 000,002,013 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Universe Sandbox.lnk
[2012/07/31 12:45:00 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012/07/31 12:45:00 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/07/31 10:51:37 | 000,002,102 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Aion.lnk
[2012/07/31 10:47:25 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/07/30 16:37:59 | 000,001,553 | ---- | C] () -- C:\Users\Jason Kang\Desktop\WORDVIEW.EXE - Shortcut.lnk
[2012/07/30 16:28:30 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2012/07/30 15:29:48 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/07/30 01:35:14 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/07/30 01:34:11 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/07/29 21:41:32 | 000,001,608 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Rayman Origins.exe - Shortcut.lnk
[2012/07/28 21:26:48 | 000,000,960 | ---- | C] () -- C:\Users\Jason Kang\Desktop\prototype2.exe - Shortcut.lnk
[2012/07/26 20:02:58 | 001,310,932 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/25 08:05:18 | 000,001,465 | ---- | C] () -- C:\Users\Jason Kang\Desktop\deadspace2.exe - Shortcut.lnk
[2012/07/24 18:47:59 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/07/24 18:47:58 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk
[2012/07/24 17:58:40 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/24 15:20:03 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/24 15:15:18 | 000,001,259 | ---- | C] () -- C:\Users\Jason Kang\Desktop\iw3mp.exe - Shortcut.lnk
[2012/07/24 09:50:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/24 07:40:03 | 000,001,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSIAfterburner.exe - Shortcut.lnk
[2012/07/23 17:38:37 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Dead Island.lnk
[2012/07/23 17:25:22 | 000,001,525 | ---- | C] () -- C:\Users\Jason Kang\Desktop\NFS11.exe - Shortcut.lnk
[2012/07/23 17:17:51 | 000,001,097 | ---- | C] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeArc.lnk
[2012/07/23 17:17:51 | 000,001,073 | ---- | C] () -- C:\Users\Jason Kang\Desktop\FreeArc.lnk
[2012/07/23 07:42:17 | 000,003,072 | ---- | C] () -- C:\Users\Jason Kang\AppData\Local\file__0.localstorage
[2012/07/23 07:42:11 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/07/23 07:36:54 | 000,001,086 | ---- | C] () -- C:\Users\Jason Kang\Desktop\MSI Afterburner.lnk
[2012/07/22 15:23:23 | 000,001,682 | ---- | C] () -- C:\Users\Jason Kang\Desktop\rf4_launcher.exe - Shortcut.lnk
[2012/07/22 15:18:33 | 000,000,219 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Left 4 Dead 2.url
[2012/07/19 09:57:38 | 000,000,550 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\prio.ini
[2012/07/17 16:02:22 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/17 16:02:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/17 13:47:24 | 000,007,599 | ---- | C] () -- C:\Users\Jason Kang\AppData\Local\Resmon.ResmonCfg
[2012/07/16 22:26:02 | 000,001,820 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\EliseProfile0.dat
[2012/07/16 08:41:41 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/07/16 08:11:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/06/26 14:35:05 | 000,000,184 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\9dfb8ef4.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== LOP Check ==========

[2012/07/23 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\.minecraft
[2012/08/20 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\DAEMON Tools Lite
[2012/08/11 23:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\DarknessII
[2012/08/02 14:19:07 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Day 1 Studios
[2012/07/21 07:34:12 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\EoN
[2012/08/03 20:31:36 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\fltk.org
[2012/07/23 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\FreeArc
[2012/08/19 17:08:09 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Launchy
[2012/08/13 07:55:49 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Lionhead Studios
[2012/07/17 01:10:02 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\LolClient
[2012/07/17 16:02:19 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\PunkBuster
[2012/05/16 02:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\System
[2012/07/18 17:54:26 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\SystemRequirementsLab
[2012/08/04 11:18:27 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\The Creative Assembly
[2012/08/20 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\TS3Client
[2012/07/25 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Ubisoft
[2012/08/21 06:36:23 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\uTorrent
[2012/07/31 21:13:41 | 000,000,000 | -HSD | M] -- C:\Users\Jason Kang\AppData\Roaming\wyUpdate AU
[2009/07/14 01:08:49 | 000,031,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 20:08:24 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=424DA2137012397299C94B7342F3D19E -- C:\Windows\SysNative\ko-KR\services.exe.mui
[2009/07/13 20:08:24 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=424DA2137012397299C94B7342F3D19E -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_982c5da9ef5cfade\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 20:05:18 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\SysNative\ko-KR\services.msc
[2009/07/13 19:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\SysWOW64\ko-KR\services.msc
[2009/07/13 20:05:18 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_d26e2d95c5c694d1\services.msc
[2009/07/13 19:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_764f92120d69239b\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2010/11/20 08:18:07 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2156
"Last Counter" = 2172
"First Help" = 2157
"Last Help" = 2173
"Object List" = 2156
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

========== Files - Unicode (All) ==========
[2012/08/18 14:32:09 | 000,000,671 | ---- | M] ()(C:\Users\Public\Desktop\?·????6 with ???.lnk) -- C:\Users\Public\Desktop\真・三國無双6 with 猛将伝.lnk
[2012/08/18 14:32:09 | 000,000,671 | ---- | C] ()(C:\Users\Public\Desktop\?·????6 with ???.lnk) -- C:\Users\Public\Desktop\真・三國無双6 with 猛将伝.lnk

< End of report >

Extras.txt



OTL Extras logfile created on: 8/21/2012 7:51:16 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = F:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 78.20% Memory free
15.92 Gb Paging File | 14.12 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 196.76 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 589.75 Gb Free Space | 84.41% Space Free | Partition Type: NTFS

Computer Name: STINGRAY-PC | User Name: Jason Kang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-377425601-1505729782-3739113628-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0493C8C6-1FAB-4BAF-BE46-B8565B1E05C4}" = lport=56410 | protocol=6 | dir=in | name=pando media booster |
"{15FD1EA4-3FF1-486E-87A2-E0FB5D9DF347}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2C01DA61-FDA9-437B-BA06-68F46F557174}" = lport=56410 | protocol=17 | dir=in | name=pando media booster |
"{8980206B-7EA3-4329-A684-167B542754F7}" = lport=56410 | protocol=17 | dir=in | name=pando media booster |
"{A1971311-B401-4976-A348-19EA70794666}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B5A2D64B-97FA-408A-AFF3-A2C67DFD6A35}" = lport=56410 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D538A3-E9CC-4D95-9EB5-C4CF67E4ADF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0FAD0F21-9528-456B-9CC0-0CEC3F3EDA3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{22814F05-22CD-447B-83BD-58FFC125DCC5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{28595AD2-DA77-45E6-B8E8-7041407CEEEE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{299EC629-0C00-4D84-A2E4-49D6662CB5DA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2CA4EB8F-DA47-4C7E-A229-DF24F53B8AD8}" = protocol=6 | dir=in | app=c:\program files (x86)\ncsoft\launcher\nclauncher.exe |
"{33E22400-DF98-41DE-B5F9-A7615C044AD6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3418F171-6B51-4A43-A818-2C0F6C3A36A6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3790E012-CDA4-4DA9-997A-2EFC21CD9AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{3A42E423-876B-4989-B9CE-C8203E2865B9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3B549E6B-FA27-4E4B-92C8-056660D658AC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{41743126-E718-400A-B9F1-A238778674E9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4267B4F2-7A1C-4679-80BF-17DE9B3B1522}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{49BE79EE-7E85-4BF6-8059-8F2E572D4567}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4D0B958C-D361-4E1F-90FB-B26C0B6DF2BF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{50F6B164-5DAE-426C-A3F4-F3B6B6E4AE2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{55C8EAD0-82F1-466B-9DFB-0953D109EF63}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{59F9AC97-797C-4F38-AA9F-EBAAACB7F67F}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5D5E5CE0-04D5-4F24-87D9-97BE50D54214}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{629C5BAB-8661-4D7B-9A13-1DE8B9CBE4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{6D7F5C6A-D953-4F9C-9432-C6366B2F7430}" = protocol=17 | dir=in | app=f:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{87550267-38BC-4429-92B4-83A161BD815E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8B3EC9D5-D145-4694-81CB-11F188F6932D}" = protocol=17 | dir=in | app=c:\program files (x86)\ncsoft\launcher\nclauncher.exe |
"{90503971-94A6-4CCD-96BA-6C968CD4A60D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{99E300B2-6210-4419-BE3F-E5CE0439163D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A421172A-869B-49C5-9DE7-03F2BA9CD8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{ADB6F8EC-6338-4162-A8E1-D5854296DF28}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{B7F4625B-BDC0-4C92-9987-6E82C6A62884}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B9DA8C04-CC35-4441-847B-F6A4840DA96C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BD419CD9-76BC-44D0-AC77-C3CE2B4917B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CD345A16-229E-4D4A-BF79-3BA8DDB71119}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D20B68BE-17C2-461A-A94E-689062B6515A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D608D83E-196D-414B-8406-934AA39524D8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{DE8FF935-5994-406A-BA10-9C4F1EE1F1B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E309CD2F-24FC-4441-B158-B9904B07CE85}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{EA592C89-959A-413D-8B00-F38CC85457A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{ED296050-7AF5-4392-AB0B-92CA74BC557A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EDB90502-FA4B-4063-8460-51414E78AC36}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EDF5C88A-62F2-4B6B-951A-B148144B14CA}" = protocol=6 | dir=in | app=f:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{EEFB9FE6-4C73-494A-A04F-7205985179DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{F2348E5A-5DF4-455F-9FDC-07F4C42577E0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{F2889A8D-F08C-4E62-B853-DC26B2809280}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F57C5363-3224-4106-B3AD-DC50F5AD18E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F9C577E9-6247-4FA1-8ACD-E8AFD4A09652}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"TCP Query User{0D031B8A-E6E5-4B58-B772-B4DA84BCE192}C:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{18A4DA63-7F36-4277-836F-D767E6E76F0A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4AC94B72-CCEF-4A8B-940D-ECB74B94B96B}C:\program files (x86)\black_box\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\dead island\deadislandgame.exe |
"TCP Query User{76CAC7DA-8A15-4371-961E-4AF199B21DBB}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{820C2203-1B04-4BCD-A1BE-660B470B51E3}C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{89AADF7C-D3F6-4889-AC10-C9877E07F44A}C:\program files (x86)\black_box\driver san francisco\driver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\driver san francisco\driver.exe |
"TCP Query User{8CF7594D-5219-4DE8-86B6-B6FB98371015}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"TCP Query User{958D43EC-69FC-48EF-A52A-53469A57A0BF}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{B2C91489-F6B4-42B0-BF99-F3EA867598FA}C:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{BE52B92B-4064-4118-AAB2-69A2CCD0F856}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C28ECCCA-2607-4699-93FB-805FC69B07DB}F:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=f:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{D4926BD3-98C5-4DEB-AAF1-7A78BDB4A817}F:\program files (x86)\fable.iii-kaos\fable3.exe" = protocol=6 | dir=in | app=f:\program files (x86)\fable.iii-kaos\fable3.exe |
"TCP Query User{DC745AFC-C629-45EF-9D04-783581171E7B}C:\program files (x86)\black_box\f.3.a.r\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\f.3.a.r\f.e.a.r. 3.exe |
"TCP Query User{E5516E52-F3E8-4BF9-8F5A-7E8FB327EEC5}C:\program files (x86)\black_box\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\fifa 12\game\fifa.exe |
"UDP Query User{07216D5A-4B5D-4433-A25D-D197072B93D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1EDBFBF3-F2F5-4BAB-9F14-3DC025FE5A7F}C:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{373BEAFE-0ADC-4892-A8E1-05A9655A08F9}C:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{86D4F1DE-7A84-448D-AA3A-D6A329447D6B}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"UDP Query User{8CA32F56-B7B6-4366-9298-ABAE9C2B6AC3}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{8DE8AD5D-BBB2-4B1D-955D-971F69FB494E}F:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=f:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{9559BF57-59EC-47B9-B15B-4485863E11CB}C:\program files (x86)\black_box\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\fifa 12\game\fifa.exe |
"UDP Query User{973303BF-D697-4894-BA1D-B480FFEE57CD}C:\program files (x86)\black_box\driver san francisco\driver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\driver san francisco\driver.exe |
"UDP Query User{A09759E3-96C9-440E-A82F-DB49840C6B35}F:\program files (x86)\fable.iii-kaos\fable3.exe" = protocol=17 | dir=in | app=f:\program files (x86)\fable.iii-kaos\fable3.exe |
"UDP Query User{A655F9FA-ED09-40A0-99C5-5AEFE51D8968}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A6B1A63E-5730-42EC-8394-9DD3289CE288}C:\program files (x86)\black_box\f.3.a.r\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\f.3.a.r\f.e.a.r. 3.exe |
"UDP Query User{D2D26005-4E18-4291-A00A-FD51E91C0DE9}C:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files (x86)\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{E9B9AF65-2E05-4F4D-926B-AD69A5D9E94B}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{E9CB395C-D81A-47A1-8122-FFF787FBECA9}C:\program files (x86)\black_box\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\dead island\deadislandgame.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Prio" = Prio
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.3.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{306D4754-BECE-4FC7-85F3-B7FEED274AA8}" = Razer Orochi
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3L7IL77L-T4D4-75B1-97C5-18CD6E6334A3}_is1" = Dead Island version 1.0
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-LKS1-75B1-SKYRIM-18CD6E6334R1}_is1" = The Elder Scrolls V - Skyrim version 1.0
"{4B7IL77L-LKS1-ROW3-SAINTS-18CD6E6334R1}_is1" = Saints Row The Third version 1.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1" = F.3.A.R version 1.0
"{4L7IL70L-T4D4-75B1-U3A5-1HJ16E633S4R1}_is1" = Driver San Francisco version 1.0
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A804968F-4F32-4E02-98B2-5864EEB42903}" = 真・三國無双6 with 猛将伝
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B95T9A00-40176-4AC6-N973-5A8AB71A09DJ}_is1" = GTA IV + EFLC version 1.5
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.3
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.50
"Alan Wake American Nightmare_is1" = Alan Wake American Nightmare
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"C9(Continent of the Ninth Seal)_is1" = C9
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"Crysis WARHEAD®" = Crysis WARHEAD®
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Driver San Francisco" = Driver San Francisco
"Fraps" = Fraps (remove only)
"FreeArc" = FreeArc 0.666
"FXAA Post Process Injector" = FXAA Post Process Injector
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{A804968F-4F32-4E02-98B2-5864EEB42903}" = 真・三國無双6 with 猛将伝
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"Launchy_21344213_is1" = Launchy 2.5
"LOLReplay" = LOLReplay
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.5.0
"Spec Ops The Line_is1" = Spec Ops The Line
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 7940" = Call of Duty 4: Modern Warfare
"The Darkness II_is1" = The Darkness II
"Trine 2_is1" = Trine 2
"Universe Sandbox" = Universe Sandbox
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-377425601-1505729782-3739113628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2012 8:53:30 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: saintsrowthethird_dx11.exe, version: 1.0.0.1,
time stamp: 0x4ebad694 Faulting module name: d3d11.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b7b0 Exception code: 0xc0000005 Fault offset: 0x000587c8 Faulting
process id: 0x1374 Faulting application start time: 0x01cd7b4831804f46 Faulting application
path: C:\Program Files (x86)\Black_Box\Saints Row The Third\saintsrowthethird_dx11.exe
Faulting
module path: C:\Windows\system32\d3d11.dll Report Id: cb75e596-e73c-11e1-b9e9-902b343d1c4f

Error - 8/18/2012 3:20:10 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EFLC.exe, version: 1.1.1.0, time stamp:
0x4bb19157 Faulting module name: EFLC.exe, version: 1.1.1.0, time stamp: 0x4bb19157
Exception
code: 0xc0000005 Fault offset: 0x00052d46 Faulting process id: 0xf24 Faulting application
start time: 0x01cd7d7679ac9024 Faulting application path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Faulting module path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Report Id: b99da4ed-e969-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 3:28:01 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LaunchEFLC.exe, version: 0.1.0.8, time
stamp: 0x4aa8b588 Faulting module name: LaunchEFLC.exe, version: 0.1.0.8, time stamp:
0x4aa8b588 Exception code: 0xc0000005 Fault offset: 0x00016c27 Faulting process id:
0x1728 Faulting application start time: 0x01cd7d7791d5e3af Faulting application path:
F:\Program Files (x86)\Black_Box\GTA IV + EFLC\EFLC\LaunchEFLC.exe Faulting module
path: F:\Program Files (x86)\Black_Box\GTA IV + EFLC\EFLC\LaunchEFLC.exe Report
Id: d247ea2b-e96a-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 3:28:05 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EFLC.exe, version: 1.1.1.0, time stamp:
0x4bb19157 Faulting module name: EFLC.exe, version: 1.1.1.0, time stamp: 0x4bb19157
Exception
code: 0xc0000005 Fault offset: 0x00052d46 Faulting process id: 0x93c Faulting application
start time: 0x01cd7d77961b3e81 Faulting application path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Faulting module path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Report Id: d49a474f-e96a-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 3:29:18 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EFLC.exe, version: 1.1.1.0, time stamp:
0x4bb19157 Faulting module name: EFLC.exe, version: 1.1.1.0, time stamp: 0x4bb19157
Exception
code: 0xc0000005 Fault offset: 0x00052d46 Faulting process id: 0x650 Faulting application
start time: 0x01cd7d77c1b0f4d1 Faulting application path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Faulting module path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Report Id: 005c3e65-e96b-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 3:29:21 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LaunchEFLC.exe, version: 0.1.0.8, time
stamp: 0x4aa8b588 Faulting module name: LaunchEFLC.exe, version: 0.1.0.8, time stamp:
0x4aa8b588 Exception code: 0xc0000005 Fault offset: 0x00016c27 Faulting process id:
0xa74 Faulting application start time: 0x01cd7d77c397e463 Faulting application path:
F:\Program Files (x86)\Black_Box\GTA IV + EFLC\EFLC\LaunchEFLC.exe Faulting module
path: F:\Program Files (x86)\Black_Box\GTA IV + EFLC\EFLC\LaunchEFLC.exe Report
Id: 01ffbb5a-e96b-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 3:32:07 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EFLC.exe, version: 1.1.1.0, time stamp:
0x4bb19157 Faulting module name: EFLC.exe, version: 1.1.1.0, time stamp: 0x4bb19157
Exception
code: 0xc0000005 Fault offset: 0x00052d46 Faulting process id: 0xc40 Faulting application
start time: 0x01cd7d7824342446 Faulting application path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Faulting module path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Report Id: 64e8b2fc-e96b-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 3:32:23 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EFLC.exe, version: 1.1.1.0, time stamp:
0x4bb19157 Faulting module name: EFLC.exe, version: 1.1.1.0, time stamp: 0x4bb19157
Exception
code: 0xc0000005 Fault offset: 0x00052d46 Faulting process id: 0x1530 Faulting application
start time: 0x01cd7d782ff72d9d Faulting application path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Faulting module path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Report Id: 6e676923-e96b-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 3:33:57 PM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EFLC.exe, version: 1.1.1.0, time stamp:
0x4bb19157 Faulting module name: EFLC.exe, version: 1.1.1.0, time stamp: 0x4bb19157
Exception
code: 0xc0000005 Fault offset: 0x00052d46 Faulting process id: 0x11a4 Faulting application
start time: 0x01cd7d7867514cd9 Faulting application path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Faulting module path: F:\Program Files (x86)\Black_Box\GTA
IV + EFLC\EFLC\EFLC.exe Report Id: a6dbd621-e96b-11e1-9d5f-902b343d1c4f

Error - 8/18/2012 4:27:41 PM | Computer Name = Stingray-PC | Source = Application Hang | ID = 1002
Description = The program TESV.exe version 1.6.89.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 15e8 Start Time:
01cd7d7f01f7e298 Termination Time: 111 Application Path: C:\Program Files (x86)\Black_Box\The
Elder Scrolls V - Skyrim\TESV.exe Report Id:

Error - 8/19/2012 12:02:00 AM | Computer Name = Stingray-PC | Source = Application Error | ID = 1000
Description = Faulting application name: League of Legends.exe, version: 1.0.0.145,
time stamp: 0x50258d8c Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00050000 Faulting process id:
0xd3c Faulting application start time: 0x01cd7db591bf2370 Faulting application path:
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.176\deploy\League
of Legends.exe Faulting module path: unknown Report Id: 9fc25306-e9b2-11e1-8bd9-902b343d1c4f

[ System Events ]
Error - 8/20/2012 11:15:53 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/20/2012 11:15:53 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/20/2012 11:15:53 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/20/2012 11:15:53 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/20/2012 11:15:53 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/20/2012 11:15:53 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/20/2012 11:16:26 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/20/2012 11:27:20 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 8/20/2012 11:29:21 PM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7022
Description = The Intel® Management and Security Application User Notification
Service service hung on starting.

Error - 8/21/2012 7:15:15 AM | Computer Name = Stingray-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez
Studios Authenticate and Update Service service to connect.


< End of report >

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 07:59:09
-----------------------------
07:59:09.517 OS Version: Windows x64 6.1.7601 Service Pack 1
07:59:09.517 Number of processors: 4 586 0x3A09
07:59:09.518 ComputerName: STINGRAY-PC UserName: Jason Kang
07:59:11.884 Initialize success
07:59:11.943 AVAST engine defs: 12082100
07:59:18.274 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:59:18.275 Disk 0 Vendor: WDC_WD7500BPVT-00HXZT1 01.01A01 Size: 715404MB BusType: 3
07:59:18.278 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6
07:59:18.279 Disk 1 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
07:59:18.309 Disk 1 MBR read successfully
07:59:18.311 Disk 1 MBR scan
07:59:18.313 Disk 1 Windows 7 default MBR code
07:59:18.340 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:59:18.351 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
07:59:18.391 Disk 1 scanning C:\Windows\system32\drivers
07:59:24.899 Service scanning
07:59:41.195 Modules scanning
07:59:41.196 Disk 1 trace - called modules:
07:59:41.211 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:59:41.212 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800779c060]
07:59:41.212 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80073fcc40]
07:59:41.212 5 ACPI.sys[fffff88000fb37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa80074f8060]
07:59:42.113 AVAST engine scan C:\Windows
07:59:43.406 AVAST engine scan C:\Windows\system32
08:01:33.689 AVAST engine scan C:\Windows\system32\drivers
08:01:43.534 AVAST engine scan C:\Users\Jason Kang
08:04:44.399 AVAST engine scan C:\ProgramData
08:06:16.843 Scan finished successfully
08:06:34.490 Disk 1 MBR has been saved successfully to "C:\Users\Jason Kang\Desktop\MBR.dat"
08:06:34.490 The log file has been saved successfully to "C:\Users\Jason Kang\Desktop\aswMBR.txt"

edit: ive also noticed many fake windows processes running and turning off quickly and my firewall warns me its off while it is on...

Edited by stingray93, 21 August 2012 - 06:27 AM.

  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\S-1-5-21-377425601-1505729782-3739113628-1000..\Run: [PlayNC Launcher] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-377425601-1505729782-3739113628-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    [2012/08/18 15:33:03 | 000,000,000 | RH-D | C] -- C:\Users\Jason Kang\AppData\Roaming\SecuROM
    [2012/08/12 17:07:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
    [2012/08/11 23:39:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
    [2012/08/06 07:29:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Files
    ipconfig /flushdns /c
    ipconfig /release /c
    ipconfig /renew /c
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#5
stingray93

stingray93

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for the quick reply! i really appreciate someone helping me :) i built a new computer and i was really bummed when i found out some crap was using up lots of my cpu

but er after step 1 when i reboot after running fix this log popped up.. dunno if itll help

08212012_083201.log


All processes killed
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <services.*> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-377425601-1505729782-3739113628-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-377425601-1505729782-3739113628-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Jason Kang\AppData\Roaming\SecuROM\UserData folder moved successfully.
C:\Users\Jason Kang\AppData\Roaming\SecuROM folder moved successfully.
C:\ProgramData\SecuROM\DFA\{466D26E981FA4C0C1F8381CD3729AFC4} folder moved successfully.
C:\ProgramData\SecuROM\DFA\{4379EFC7BF4238A32271682BC873DD70} folder moved successfully.
C:\ProgramData\SecuROM\DFA folder moved successfully.
C:\ProgramData\SecuROM folder moved successfully.
C:\ProgramData\DSS\Content Activation\{28877B909FCFA42F28248FA0A2189438} folder moved successfully.
C:\ProgramData\DSS\Content Activation\{1F22114E046473B222E364141B429662} folder moved successfully.
C:\ProgramData\DSS\Content Activation folder moved successfully.
C:\ProgramData\DSS folder moved successfully.
C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} folder moved successfully.
C:\Windows\SysWow64\tmpC0A4.tmp deleted successfully.
C:\Windows\SysWow64\tmpC0B4.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\Downloads\cmd.bat deleted successfully.
F:\Downloads\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e9e3:76dd:b49e:fbe5%10
Default Gateway . . . . . . . . . :
Tunnel adapter isatap.{2C918B38-3C3D-4616-8AFC-B3F458CFF5CB}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2088:3543:e7db:acae
Link-local IPv6 Address . . . . . : fe80::2088:3543:e7db:acae%12
Default Gateway . . . . . . . . . : ::
F:\Downloads\cmd.bat deleted successfully.
F:\Downloads\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e9e3:76dd:b49e:fbe5%10
IPv4 Address. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2088:3543:e7db:acae
Link-local IPv6 Address . . . . . : fe80::2088:3543:e7db:acae%12
Default Gateway . . . . . . . . . : ::
F:\Downloads\cmd.bat deleted successfully.
F:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jason Kang
->Temp folder emptied: 1846560 bytes
->Temporary Internet Files folder emptied: 1516421 bytes
->Java cache emptied: 12877846 bytes
->Google Chrome cache emptied: 394147419 bytes
->Flash cache emptied: 736 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30276 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 391042 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 392.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jason Kang
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08212012_083201

Files\Folders moved on Reboot...
C:\Users\Jason Kang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL LOG


OTL logfile created on: 8/21/2012 8:35:24 AM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = F:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.31% Memory free
15.92 Gb Paging File | 14.23 Gb Available in Paging File | 89.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 203.75 Gb Free Space | 43.76% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 589.74 Gb Free Space | 84.41% Space Free | Partition Type: NTFS

Computer Name: STINGRAY-PC | User Name: Jason Kang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 07:50:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL (2).exe
PRC - [2012/08/20 21:37:53 | 001,456,705 | RHS- | M] (ic#code) -- C:\Program Files (x86)\LOLReplay\svcchost.exe
PRC - [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/07/24 15:20:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/23 23:46:34 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/24 22:49:06 | 002,544,304 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2012/05/10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/03/27 04:14:27 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2010/11/10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2009/10/22 09:43:58 | 002,548,056 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 00:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll
MOD - [2012/08/14 00:30:58 | 012,235,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
MOD - [2012/08/14 00:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
MOD - [2012/08/14 00:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avutil-51.dll
MOD - [2012/08/14 00:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avformat-54.dll
MOD - [2012/08/14 00:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll
MOD - [2012/07/23 23:46:34 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2012/07/21 02:44:58 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2012/07/21 02:44:54 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2012/07/21 02:44:38 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2012/07/21 02:44:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2012/07/21 02:44:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2011/04/30 11:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010/11/10 19:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 19:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 19:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 19:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 19:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 19:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2009/12/17 00:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 22:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 21:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 21:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/04 07:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/07/28 11:37:16 | 000,009,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/15 12:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/24 15:20:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/19 20:38:34 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/05/15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 15:42:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/05/04 07:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/27 04:13:18 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/27 04:13:18 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/27 04:13:17 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/06 04:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/01/06 04:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/11 18:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV - [2012/07/23 23:46:34 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012/07/17 20:48:39 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/07/17 20:48:21 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/07/17 17:14:21 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...&ocid=iehp&tc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 86 55 25 C3 63 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: AirMech = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\11103_0\
CHR - Extension: avast! WebRep = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Bayonetta = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodndeanggehkmjpcojknjghdninnhfm\3_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Users\Jason Kang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/18 17:08:11 | 000,001,063 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Microsoft Windows Service Host!] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - Startup: C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWMonitor.exe - Shortcut.lnk = C:\Users\Jason Kang\Downloads\HWMonitor.exe (CPUID)
O4 - Startup: C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C918B38-3C3D-4616-8AFC-B3F458CFF5CB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - AppInit_DLLs: (prio32.dll) - C:\Program Files\Prio\prio32.dll (O&K Software)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 23:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/20 23:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/18 22:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black_Box
[2012/08/18 17:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Skype
[2012/08/18 17:24:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/18 17:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/18 17:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/18 17:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/08/18 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\TS3Client
[2012/08/18 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\TecmoKoei
[2012/08/18 15:13:02 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\SETTEC
[2012/08/18 15:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ASign
[2012/08/18 14:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TecmoKoei
[2012/08/18 12:48:39 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/08/18 12:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/08/18 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/08/18 00:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/08/17 23:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2012/08/15 09:45:23 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Darksiders2
[2012/08/15 08:28:37 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Battlefield 3
[2012/08/14 20:07:25 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4B761B9D-D433-4612-8971-641D42C68E90}
[2012/08/14 20:07:14 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{5248E746-5B2D-4369-8F8D-97849A7E691B}
[2012/08/14 10:07:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\3DMark 11
[2012/08/14 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\IsolatedStorage
[2012/08/14 10:06:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Futuremark_Corporation
[2012/08/14 10:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012/08/14 10:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012/08/14 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{D9334F2A-D5E6-43F7-B0C2-128FC5479E7F}
[2012/08/14 08:06:35 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{B9D4C290-269D-43D6-852A-011B160AC6FA}
[2012/08/13 20:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2012/08/13 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{7806EA74-5C8F-4CF7-AB5F-14E4485CAA0D}
[2012/08/13 19:48:55 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4DC52C67-95BC-4D95-A709-ABC5F25988D2}
[2012/08/13 09:44:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/08/13 07:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Lionhead Studios
[2012/08/13 07:48:25 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4221E4EA-2C22-471F-A3AD-26D9C77CCE36}
[2012/08/13 07:48:08 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{3018B941-9575-4C76-94F9-2B0B5AD699CE}
[2012/08/12 17:07:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Rockstar Games
[2012/08/12 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{8E1364E3-BAC9-4A11-8FBE-386E1D4FFF91}
[2012/08/12 17:07:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{4CD6BB89-5188-4DD9-AE9D-42121D0D4770}
[2012/08/12 08:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/08/11 23:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012/08/11 23:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012/08/11 23:15:33 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012/08/11 23:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012/08/11 23:15:31 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/11 23:15:31 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/11 23:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/08/11 21:59:27 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\DarknessII
[2012/08/11 21:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012/08/11 21:18:28 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{A399B8A7-1932-4B5B-B899-A9D73D1B3836}
[2012/08/11 21:18:17 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{ACB67A21-46BE-4649-A317-616FF1632A3B}
[2012/08/11 15:49:10 | 000,000,000 | -HSD | C] -- C:\Users\Jason Kang\Documents\i68Backups
[2012/08/11 15:49:10 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\i68Fifa12
[2012/08/11 09:17:52 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{F6F0BF3C-E551-4E3D-9741-330F019BB3DB}
[2012/08/11 09:17:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{9F3E3614-BE7A-4763-B9C0-EA77B42FC839}
[2012/08/10 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{722ADC41-3937-4D14-950B-01A00E8343EC}
[2012/08/10 21:17:04 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{00D5F1B1-9F59-4397-8B3C-B5C3933A6C01}
[2012/08/10 09:16:52 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{CE51C170-F5A5-434E-8AB2-CFF107E1A815}
[2012/08/10 09:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{885EC966-4DE5-4A9F-B21B-16599F2E4088}
[2012/08/09 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{F314AD86-78D6-46E2-8130-4D935B2590C6}
[2012/08/09 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{0417A9FD-3B61-4B62-9DDE-CAAA62C4E06D}
[2012/08/09 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{DF31FFAD-DAF7-4050-ACF8-CC90BB1F35F0}
[2012/08/09 09:15:29 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{79258763-C526-4FFF-902A-AD71D5A2A161}
[2012/08/08 21:15:04 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C6107D4D-CFB6-43DD-BB44-A194AE976BA6}
[2012/08/08 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{9180651A-47D0-4C80-A368-9969F1CB075C}
[2012/08/08 09:14:41 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C2ECC0D5-6732-4081-83AB-2B9CE453A6C9}
[2012/08/08 09:14:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{CB3C237B-3A91-48F4-A771-E578300D1AD6}
[2012/08/07 21:14:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{FE15EDA3-51FA-4EB7-8325-CA0CDF1FC960}
[2012/08/07 21:13:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{98112E1A-9DB5-4D16-800C-5849780290EF}
[2012/08/07 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{1CFDD4B5-E967-4AEC-96ED-293A62B1D434}
[2012/08/07 09:13:02 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{D30A4E0B-6527-4C57-8771-3820C4C7F058}
[2012/08/06 16:02:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{DB23126E-015C-403A-B2AA-E574EEE9DF97}
[2012/08/06 16:01:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{BC430BA0-7189-4DAA-B96A-B99C369A5586}
[2012/08/06 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\LOLReplay
[2012/08/06 14:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2012/08/06 13:50:14 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/08/06 08:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/08/06 08:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/08/06 07:31:10 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/08/06 07:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/08/06 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Downloaded Installations
[2012/08/06 04:01:42 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{F78469F8-A195-43AF-9022-3DC508F14988}
[2012/08/06 04:01:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{63BF146B-B4D0-416A-91B3-F9EE236E9B24}
[2012/08/06 04:01:30 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{374CA449-F47F-46B8-981A-70D78B6FD589}
[2012/08/05 20:45:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\.explorer.local
[2012/08/05 20:45:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\.explorer.cache
[2012/08/05 16:01:00 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{6A90ECE6-8ABB-4EED-A8F8-6C7A359B2ECA}
[2012/08/05 16:00:47 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C595B129-2BB6-47F5-9C5C-8C6C157B2586}
[2012/08/04 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{3FD9445D-8E47-4AE3-A89B-6AA215DF940C}
[2012/08/04 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{C6784847-0F60-4231-B38F-9165A1CA5333}
[2012/08/04 12:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total.War.Shogun.2.Fall.Of.The.Samurai-KaOs
[2012/08/04 11:18:27 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\The Creative Assembly
[2012/08/04 10:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Creative Assembly
[2012/08/04 09:45:33 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{D0CE5DB4-799B-4A6E-BC16-D346C03B5060}
[2012/08/04 09:45:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{9F995E93-17D1-4B47-8F52-835F725F38E8}
[2012/08/03 22:29:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\GTA San Andreas User Files
[2012/08/03 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/03 21:44:56 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{0475B9BD-CC5C-4C17-91B0-39F6B9FD658D}
[2012/08/03 20:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/08/03 20:31:36 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\fltk.org
[2012/08/03 20:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/08/03 20:31:31 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Amnesia
[2012/08/03 20:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012/08/03 20:28:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Vindictus
[2012/08/03 20:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2012/08/03 20:13:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/03 20:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/08/03 20:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2012/08/03 20:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/08/03 16:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/08/03 16:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/08/03 09:44:15 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{8689DB35-29A9-4B90-A60A-34C4A340C126}
[2012/08/03 09:44:04 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\{82E6BD17-CD8D-4F4F-83BD-0030D04F9BDA}
[2012/08/03 09:43:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Tracing
[2012/08/03 09:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/08/03 09:13:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/03 09:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/08/03 09:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/08/03 09:10:50 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Windows Live
[2012/08/03 09:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/08/02 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Day 1 Studios
[2012/08/02 14:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F.3.A.R
[2012/08/02 12:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver San Francisco
[2012/08/01 11:52:44 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Remedy
[2012/08/01 10:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V - Skyrim
[2012/08/01 09:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V - Skyrim
[2012/07/31 21:13:37 | 000,000,000 | -HSD | C] -- C:\Users\Jason Kang\wc
[2012/07/31 21:13:35 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Universe Sandbox
[2012/07/31 21:13:35 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Universe Sandbox
[2012/07/31 21:13:33 | 000,000,000 | -HSD | C] -- C:\Users\Jason Kang\AppData\Roaming\wyUpdate AU
[2012/07/31 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universe Sandbox
[2012/07/31 10:51:37 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/07/31 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\PMB Files
[2012/07/31 10:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/07/31 10:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/07/31 10:48:32 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Pando_Temp
[2012/07/31 10:47:43 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\assembly
[2012/07/31 10:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/07/31 10:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2012/07/30 20:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scroll V - Skyrim
[2012/07/30 16:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/07/30 16:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/07/30 15:29:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Nexus Mod Manager
[2012/07/30 15:29:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\Black_Tree_Gaming
[2012/07/30 15:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/07/30 15:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012/07/30 01:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/07/30 01:34:50 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/07/30 01:34:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/07/30 01:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/30 01:33:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/07/28 21:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Activision
[2012/07/28 19:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PROTOTYPE 2
[2012/07/25 12:50:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Ubisoft
[2012/07/25 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Ubisoft
[2012/07/25 07:47:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\EA Games
[2012/07/25 07:45:09 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\EA Games
[2012/07/25 07:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dead.Space.2-KaOs
[2012/07/24 19:15:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/07/24 18:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/07/24 18:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/07/24 18:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/07/24 18:28:05 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\vlc
[2012/07/24 17:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/24 17:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/07/24 15:18:40 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Local\PunkBuster
[2012/07/23 22:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/23 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\.minecraft
[2012/07/23 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\WinRAR
[2012/07/23 17:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Island
[2012/07/23 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Documents\Criterion Games
[2012/07/23 17:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need for Speed™ Hot Pursuit
[2012/07/23 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\FreeArc
[2012/07/23 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeArc
[2012/07/23 17:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc
[2012/07/23 17:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeArc
[2012/07/23 07:42:33 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\Heaven
[2012/07/23 07:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2012/07/23 07:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Unigine
[2012/07/23 07:36:54 | 000,000,000 | ---D | C] -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012/07/23 07:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012/07/22 15:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Faction

========== Files - Modified Within 30 Days ==========

[2012/08/21 08:33:31 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 08:33:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 08:33:08 | 2117,791,743 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 08:06:34 | 000,000,512 | ---- | M] () -- C:\Users\Jason Kang\Desktop\MBR.dat
[2012/08/21 07:55:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 07:23:41 | 000,012,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 07:23:41 | 000,012,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 23:46:39 | 000,007,599 | ---- | M] () -- C:\Users\Jason Kang\AppData\Local\Resmon.ResmonCfg
[2012/08/20 23:39:27 | 000,097,924 | ---- | M] () -- C:\Users\Jason Kang\Documents\cc_20120820_233916.reg
[2012/08/20 23:34:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | M] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\EFLC.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | M] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\EFLC.lnk
[2012/08/18 17:24:58 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/18 12:48:39 | 000,000,710 | ---- | M] () -- C:\Users\Jason Kang\Desktop\SopCast.lnk
[2012/08/18 10:52:33 | 000,001,184 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWMonitor.exe - Shortcut.lnk
[2012/08/18 00:25:49 | 000,000,722 | ---- | M] () -- C:\Users\Jason Kang\Desktop\SpeedFan.lnk
[2012/08/18 00:25:49 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/08/17 23:40:43 | 000,000,902 | ---- | M] () -- C:\Users\Jason Kang\Desktop\AIDA64 Extreme Edition.lnk
[2012/08/17 10:03:42 | 000,123,860 | ---- | M] () -- C:\Users\Jason Kang\Documents\oc.png
[2012/08/16 10:46:15 | 000,000,352 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\Network Meter_Settings.ini
[2012/08/16 10:46:04 | 000,000,533 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\All CPU MeterV2_Settings.ini
[2012/08/15 17:17:37 | 001,315,496 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 17:17:37 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/15 17:17:37 | 000,426,608 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012/08/15 17:17:37 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/15 17:17:37 | 000,118,796 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012/08/15 09:51:29 | 000,000,747 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Darksiders2.exe - Shortcut.lnk
[2012/08/15 08:40:32 | 000,000,550 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\prio.ini
[2012/08/14 20:06:26 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/08/14 18:57:58 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/14 10:06:02 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/08/13 21:29:03 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012/08/13 20:50:41 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012/08/13 10:03:33 | 000,001,375 | ---- | M] () -- C:\Users\Jason Kang\Desktop\LANoire.exe - Shortcut.lnk
[2012/08/13 07:56:50 | 000,001,248 | ---- | M] () -- C:\Users\Jason Kang\Desktop\FableLauncher.exe - Shortcut.lnk
[2012/08/11 23:57:21 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/08/11 23:57:21 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/08/11 23:43:26 | 000,001,272 | ---- | M] () -- C:\Users\Jason Kang\Desktop\dirt3.exe - Shortcut.lnk
[2012/08/11 23:15:31 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/11 23:15:31 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/11 21:58:43 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\The Darkness II.lnk
[2012/08/09 16:06:02 | 000,743,729 | ---- | M] () -- C:\Users\Jason Kang\Documents\overdone.jpg
[2012/08/07 10:17:48 | 000,002,805 | ---- | M] () -- C:\Users\Jason Kang\Desktop\skse_loader.exe - Shortcut.lnk
[2012/08/06 23:08:01 | 000,777,775 | ---- | M] () -- C:\Users\Jason Kang\Documents\smite revive.jpg
[2012/08/06 14:46:14 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/08/06 13:50:15 | 000,000,572 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Fraps.lnk
[2012/08/06 11:43:37 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/06 11:43:37 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/06 09:25:13 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/06 08:05:51 | 000,001,855 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Crysis.exe - Shortcut.lnk
[2012/08/06 07:31:10 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/08/06 07:25:23 | 000,000,662 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2012/08/04 17:24:23 | 000,001,670 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Shogun2.exe - Shortcut.lnk
[2012/08/03 16:36:40 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/08/02 14:18:58 | 000,001,525 | ---- | M] () -- C:\Users\Jason Kang\Desktop\F.E.A.R. 3.exe - Shortcut.lnk
[2012/08/02 13:40:08 | 000,001,101 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Driver.exe - Shortcut.lnk
[2012/07/31 20:47:06 | 000,002,013 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Universe Sandbox.lnk
[2012/07/31 12:45:00 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/07/31 10:51:37 | 000,002,102 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Aion.lnk
[2012/07/31 10:47:25 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/07/30 16:37:59 | 000,001,553 | ---- | M] () -- C:\Users\Jason Kang\Desktop\WORDVIEW.EXE - Shortcut.lnk
[2012/07/30 15:29:48 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/07/30 15:01:23 | 000,001,820 | ---- | M] () -- C:\Users\Jason Kang\AppData\Roaming\EliseProfile0.dat
[2012/07/30 08:15:14 | 000,001,086 | ---- | M] () -- C:\Users\Jason Kang\Desktop\MSI Afterburner.lnk
[2012/07/29 21:41:32 | 000,001,608 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Rayman Origins.exe - Shortcut.lnk
[2012/07/28 21:26:48 | 000,000,960 | ---- | M] () -- C:\Users\Jason Kang\Desktop\prototype2.exe - Shortcut.lnk
[2012/07/26 20:02:59 | 001,310,932 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/25 08:05:18 | 000,001,465 | ---- | M] () -- C:\Users\Jason Kang\Desktop\deadspace2.exe - Shortcut.lnk
[2012/07/24 18:47:58 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk
[2012/07/24 17:58:40 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/24 15:20:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/24 15:15:18 | 000,001,259 | ---- | M] () -- C:\Users\Jason Kang\Desktop\iw3mp.exe - Shortcut.lnk
[2012/07/24 09:50:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/24 07:40:03 | 000,001,553 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSIAfterburner.exe - Shortcut.lnk
[2012/07/23 17:38:37 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Dead Island.lnk
[2012/07/23 17:25:22 | 000,001,525 | ---- | M] () -- C:\Users\Jason Kang\Desktop\NFS11.exe - Shortcut.lnk
[2012/07/23 17:17:51 | 000,001,097 | ---- | M] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeArc.lnk
[2012/07/23 17:17:51 | 000,001,073 | ---- | M] () -- C:\Users\Jason Kang\Desktop\FreeArc.lnk
[2012/07/23 07:42:17 | 000,003,072 | ---- | M] () -- C:\Users\Jason Kang\AppData\Local\file__0.localstorage
[2012/07/23 07:42:11 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/07/22 15:23:23 | 000,001,682 | ---- | M] () -- C:\Users\Jason Kang\Desktop\rf4_launcher.exe - Shortcut.lnk
[2012/07/22 15:18:33 | 000,000,219 | ---- | M] () -- C:\Users\Jason Kang\Desktop\Left 4 Dead 2.url

========== Files Created - No Company Name ==========

[2012/08/21 08:06:34 | 000,000,512 | ---- | C] () -- C:\Users\Jason Kang\Desktop\MBR.dat
[2012/08/20 23:39:20 | 000,097,924 | ---- | C] () -- C:\Users\Jason Kang\Documents\cc_20120820_233916.reg
[2012/08/20 23:34:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,150 | ---- | C] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\Grand Theft Auto IV.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\EFLC.lnk
[2012/08/18 22:49:36 | 000,001,072 | ---- | C] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\EFLC.lnk
[2012/08/18 17:24:58 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/18 12:48:39 | 000,000,710 | ---- | C] () -- C:\Users\Jason Kang\Desktop\SopCast.lnk
[2012/08/18 10:52:33 | 000,001,184 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWMonitor.exe - Shortcut.lnk
[2012/08/18 00:25:49 | 000,000,722 | ---- | C] () -- C:\Users\Jason Kang\Desktop\SpeedFan.lnk
[2012/08/18 00:25:47 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/08/17 23:40:43 | 000,000,902 | ---- | C] () -- C:\Users\Jason Kang\Desktop\AIDA64 Extreme Edition.lnk
[2012/08/17 10:03:42 | 000,123,860 | ---- | C] () -- C:\Users\Jason Kang\Documents\oc.png
[2012/08/16 10:46:15 | 000,000,352 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\Network Meter_Settings.ini
[2012/08/16 09:54:39 | 000,000,533 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\All CPU MeterV2_Settings.ini
[2012/08/15 09:51:32 | 000,000,747 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Darksiders2.exe - Shortcut.lnk
[2012/08/14 20:06:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/08/14 10:06:02 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/08/13 21:29:03 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012/08/13 20:50:41 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012/08/13 10:03:55 | 000,001,375 | ---- | C] () -- C:\Users\Jason Kang\Desktop\LANoire.exe - Shortcut.lnk
[2012/08/13 07:56:53 | 000,001,248 | ---- | C] () -- C:\Users\Jason Kang\Desktop\FableLauncher.exe - Shortcut.lnk
[2012/08/12 08:11:42 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/08/12 08:11:42 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/11 23:57:21 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/08/11 23:43:31 | 000,001,272 | ---- | C] () -- C:\Users\Jason Kang\Desktop\dirt3.exe - Shortcut.lnk
[2012/08/11 21:58:43 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\The Darkness II.lnk
[2012/08/09 16:06:01 | 000,743,729 | ---- | C] () -- C:\Users\Jason Kang\Documents\overdone.jpg
[2012/08/07 10:17:19 | 000,002,805 | ---- | C] () -- C:\Users\Jason Kang\Desktop\skse_loader.exe - Shortcut.lnk
[2012/08/06 23:08:01 | 000,777,775 | ---- | C] () -- C:\Users\Jason Kang\Documents\smite revive.jpg
[2012/08/06 14:46:14 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/08/06 14:46:14 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/08/06 13:50:15 | 000,000,572 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Fraps.lnk
[2012/08/06 08:05:51 | 000,001,855 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Crysis.exe - Shortcut.lnk
[2012/08/06 07:25:23 | 000,000,662 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2012/08/04 17:24:23 | 000,001,670 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Shogun2.exe - Shortcut.lnk
[2012/08/03 16:36:40 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/08/03 09:15:11 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/08/02 14:18:58 | 000,001,525 | ---- | C] () -- C:\Users\Jason Kang\Desktop\F.E.A.R. 3.exe - Shortcut.lnk
[2012/08/02 13:40:08 | 000,001,101 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Driver.exe - Shortcut.lnk
[2012/07/31 20:47:06 | 000,002,043 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universe Sandbox.lnk
[2012/07/31 20:47:06 | 000,002,013 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Universe Sandbox.lnk
[2012/07/31 12:45:00 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012/07/31 12:45:00 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/07/31 10:51:37 | 000,002,102 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Aion.lnk
[2012/07/31 10:47:25 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/07/30 16:37:59 | 000,001,553 | ---- | C] () -- C:\Users\Jason Kang\Desktop\WORDVIEW.EXE - Shortcut.lnk
[2012/07/30 16:28:30 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2012/07/30 15:29:48 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/07/30 01:35:14 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/07/30 01:34:11 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/07/29 21:41:32 | 000,001,608 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Rayman Origins.exe - Shortcut.lnk
[2012/07/28 21:26:48 | 000,000,960 | ---- | C] () -- C:\Users\Jason Kang\Desktop\prototype2.exe - Shortcut.lnk
[2012/07/26 20:02:58 | 001,310,932 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/25 08:05:18 | 000,001,465 | ---- | C] () -- C:\Users\Jason Kang\Desktop\deadspace2.exe - Shortcut.lnk
[2012/07/24 18:47:59 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/07/24 18:47:58 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk
[2012/07/24 17:58:40 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/24 15:20:03 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/24 15:15:18 | 000,001,259 | ---- | C] () -- C:\Users\Jason Kang\Desktop\iw3mp.exe - Shortcut.lnk
[2012/07/24 09:50:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/24 07:40:03 | 000,001,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSIAfterburner.exe - Shortcut.lnk
[2012/07/23 17:38:37 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Dead Island.lnk
[2012/07/23 17:25:22 | 000,001,525 | ---- | C] () -- C:\Users\Jason Kang\Desktop\NFS11.exe - Shortcut.lnk
[2012/07/23 17:17:51 | 000,001,097 | ---- | C] () -- C:\Users\Jason Kang\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeArc.lnk
[2012/07/23 17:17:51 | 000,001,073 | ---- | C] () -- C:\Users\Jason Kang\Desktop\FreeArc.lnk
[2012/07/23 07:42:17 | 000,003,072 | ---- | C] () -- C:\Users\Jason Kang\AppData\Local\file__0.localstorage
[2012/07/23 07:42:11 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/07/23 07:36:54 | 000,001,086 | ---- | C] () -- C:\Users\Jason Kang\Desktop\MSI Afterburner.lnk
[2012/07/22 15:23:23 | 000,001,682 | ---- | C] () -- C:\Users\Jason Kang\Desktop\rf4_launcher.exe - Shortcut.lnk
[2012/07/22 15:18:33 | 000,000,219 | ---- | C] () -- C:\Users\Jason Kang\Desktop\Left 4 Dead 2.url
[2012/07/19 09:57:38 | 000,000,550 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\prio.ini
[2012/07/17 16:02:22 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/17 16:02:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/17 13:47:24 | 000,007,599 | ---- | C] () -- C:\Users\Jason Kang\AppData\Local\Resmon.ResmonCfg
[2012/07/16 22:26:02 | 000,001,820 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\EliseProfile0.dat
[2012/07/16 08:41:41 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/07/16 08:11:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/06/26 14:35:05 | 000,000,184 | ---- | C] () -- C:\Users\Jason Kang\AppData\Roaming\9dfb8ef4.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== LOP Check ==========

[2012/07/23 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\.minecraft
[2012/08/20 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\DAEMON Tools Lite
[2012/08/11 23:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\DarknessII
[2012/08/02 14:19:07 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Day 1 Studios
[2012/07/21 07:34:12 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\EoN
[2012/08/03 20:31:36 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\fltk.org
[2012/07/23 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\FreeArc
[2012/08/19 17:08:09 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Launchy
[2012/08/13 07:55:49 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Lionhead Studios
[2012/07/17 01:10:02 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\LolClient
[2012/07/17 16:02:19 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\PunkBuster
[2012/05/16 02:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\System
[2012/07/18 17:54:26 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\SystemRequirementsLab
[2012/08/04 11:18:27 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\The Creative Assembly
[2012/08/20 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\TS3Client
[2012/07/25 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\Ubisoft
[2012/08/21 06:36:23 | 000,000,000 | ---D | M] -- C:\Users\Jason Kang\AppData\Roaming\uTorrent
[2012/07/31 21:13:41 | 000,000,000 | -HSD | M] -- C:\Users\Jason Kang\AppData\Roaming\wyUpdate AU
[2009/07/14 01:08:49 | 000,031,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/18 14:32:09 | 000,000,671 | ---- | M] ()(C:\Users\Public\Desktop\?·????6 with ???.lnk) -- C:\Users\Public\Desktop\真・三國無双6 with 猛将伝.lnk
[2012/08/18 14:32:09 | 000,000,671 | ---- | C] ()(C:\Users\Public\Desktop\?·????6 with ???.lnk) -- C:\Users\Public\Desktop\真・三國無双6 with 猛将伝.lnk

< End of report >

i will post step 2 results soon thanks!
  • 0

#6
stingray93

stingray93

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
MBMA LOG


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jason Kang :: STINGRAY-PC [administrator]

8/21/2012 8:44:07 AM
mbam-log-2012-08-21 (08-44-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214473
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\LOLReplay\svcchost.exe (Trojan.MWF.Gen) -> 2340 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Service Host! (Trojan.MWF.Gen) -> Data: C:\Windows\explorer.exe "C:\Program Files (x86)\LOLReplay\svcchost.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\LOLReplay\svcchost.exe (Trojan.MWF.Gen) -> Delete on reboot.

(end)
  • 0

#7
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#8
stingray93

stingray93

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
sry i mustve posted mbma log just after u loaded this page haha :) its right above your latest reply
and uh after the eset scan if found nothing
and also! im still bit skeptical but i have never seen my cpu ramp up to 100% usage!
thank you so much for taking your time to helping me out :D
are there any other steps or precautionary steps i can take?
  • 0

#9
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
if your system is running fine then no you are good to go :)
  • 0

#10
stingray93

stingray93

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you so much!!!! u just made my day... :)
  • 0

#11
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP