maktone
-
Posts
30 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by maktone
-
-
hi restarted internet not working, the lan is not showing disconnection but when i open browser it comes up with error
-
As i i dragged the file into combo and its doing its blue screen completed stage again.
-
well I just did your instructions anyway
-
Before I could do what you wrote combo had already restarted windows and reloaded and deleted files I submitted the log just before you posted. However my internet is not connecting anymore on that.
-
ComboFix 12-08-29.03 - Maktone 30/08/2012 16:47:38.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16360.13707 [GMT 1:00]
Running from: c:\users\Maktone\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120829083616.610798
c:\users\Maktone\AppData\Local\assembly\tmp
c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56404E46-CA66-4F56-B44B-CBC5DC0A428C}.xps
c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{62326664-50CA-449E-BB8C-5C3575F2EA07}.xps
c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{77E438AD-4319-4F83-A6EF-8D43F0DE7C22}.xps
c:\users\Maktone\Documents\~WRL0823.tmp
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\settings.ini
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\tmpD98C.tmp
c:\windows\SysWow64\tmpD9EA.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 20:46 . 2012-08-30 21:36 -------- d-----w- C:\FRST
2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\Mala\AppData\Local\temp
2012-08-30 13:10 . 2012-08-30 15:36 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-08-29 21:16 . 2012-08-29 21:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-18 09:56 . 2012-08-18 09:56 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-18 09:56 . 2012-08-18 09:56 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-18 09:56 . 2012-08-18 09:56 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-18 09:56 . 2012-08-18 09:56 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-18 09:56 . 2012-08-18 09:56 188912 ----a-w- c:\windows\system32\java.exe
2012-08-18 09:56 . 2012-08-18 09:56 -------- d-----w- c:\program files\Java
2012-08-15 21:43 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 21:43 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:43 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:43 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 21:43 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:43 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 13:14 . 2012-08-13 13:14 -------- d-----w- c:\users\Maktone\AppData\Roaming\HpUpdate
2012-08-13 13:14 . 2012-08-13 13:14 -------- d-----w- c:\windows\Hewlett-Packard
2012-08-05 09:21 . 2012-08-05 09:21 98304 ----a-r- c:\users\Maktone\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2012-08-02 13:00 . 2012-08-02 13:00 -------- d-----w- c:\users\Maktone\AppData\Roaming\HP
2012-08-02 08:12 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-02 07:46 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-02 07:46 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 23:48 . 2012-04-06 10:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-29 23:48 . 2012-04-06 10:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-29 23:48 . 2012-04-06 10:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-27 08:19 . 2012-03-30 16:38 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 08:19 . 2012-03-01 23:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 21:44 . 2012-05-17 15:15 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 12:46 . 2012-03-03 21:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 15:03 . 2012-04-24 14:29 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-06-26 15:02 . 2012-06-26 15:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 15:02 . 2012-04-24 14:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-06-03 09:51 . 2012-06-03 09:51 16384 ----a-w- c:\windows\system32\drivers\EIO64.sys
2012-06-02 22:19 . 2012-06-24 09:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 09:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 09:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 09:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 09:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 09:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 09:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-24 09:10 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-24 09:10 36864 ----a-w- c:\windows\system32\wuapp.exe
2010-08-03 10:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
2010-08-03 10:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-03-01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-03-01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
2012-02-14 03:43 75000 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\Utils\Software\DAEMON Tools Pro\DTAgent.exe" [2011-03-18 839488]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"EADM"="c:\program files (x86)\Games\Origin\Origin.exe" [2012-08-09 3414680]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-14 286720]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-11 1349632]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"NBAgent"="c:\program files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"UpdateP2GoShortCut"="c:\program files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"LGODDFU"="c:\program files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe" [2012-07-20 27760]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\Utils\Sound\Apple\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe" [2012-08-03 740736]
.
c:\users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-14 7168]
R2 MBAMService;MBAMService;c:\program files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\Utils\Internet\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-01 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-01 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-25 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-01 1255736]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-09-14 562456]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-09-14 23832]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-01 254528]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-06-03 16384]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/08 15:34];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 12:08 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-03-02 918448]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe [2012-03-02 948656]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-03-02 586880]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe [2012-03-02 1430144]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-02 75048]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Utils\Internet\Skype\Updater\Updater.exe [2012-06-07 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-03-02 26136]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-08-15 56600]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-03-03 16:56]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 21:54]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 21:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-01 7543912]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"ROG GameFirst"="c:\program files\ASUS\ROG GameFirst\cFosSpeed.exe" [2010-11-22 1305272]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\Utils\Internet\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\Utils\Internet\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nuffieldhealth.com/Individuals/Public/Timetable/?centreId=34463|http://www.overclock.net/intel-general/858750-please-help-i7-950-temps-h70.html|http://forum.corsair.com/v3/showthread.php?t=91212|http://i56.tinypic.com/2w2or3k.jpg|http://www.techpowerup.com/downloads/1872/mirrors.php|http://forum.corsair.com/forums/forumdisplay.php?f=155|http://forum.corsair.com/v3/showthread.php?t=91212|http://forum.corsair.com/v3/showthread.php?t=88888&page=2|http://i56.tinypic.com/2w2or3k.jpg|resource:///browserconfig.properties|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1|http://www.google.co.uk/finance?q=LON:JKX
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
SafeBoot-63314297.sys
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*Ö[ÏSÏ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥JuE¥JuÖ[sT¯5Ç]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥™uE¥™uÖ[uXÏ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥ vE¥ vÖ[YbüXW]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥wÖ[øY~Ðb]
"0"=hex:8a,00,36,00,00,00,00,00,00,00,00,00,80,00,49,00,6d,00,61,00,67,00,65,
00,31,00,31,00,2e,00,6a,70,67,00,45,a5,03,77,45,a5,03,77,d6,5b,f8,59,7e,d0,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:8a,00,36,00,00,00,00,00,00,00,00,00,80,00,49,00,6d,00,61,00,67,00,65,
00,31,00,32,00,2e,00,6a,70,67,00,45,a5,03,77,45,a5,03,77,d6,5b,f8,59,7e,d0,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
"3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW]
"0"=hex:14,00,1f,42,25,48,1e,03,94,7b,c3,4d,b1,31,e9,46,b4,4c,8d,d5,74,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,7d,b1,0d,7b,d2,9c,93,4a,97,33,46,cc,89,02,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ÏSÏ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ÏSÏ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥JuE¥JuÖ[sT¯5Ç]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥JuE¥JuÖ[sT¯5Ç\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™uÖ[uXÏ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™uÖ[uXÏ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ vE¥ vÖ[YbüXW]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ vE¥ vÖ[YbüXW\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥wÖ[øY~Ðb]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥wÖ[øY~Ðb\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[ÏSÏ]
"0"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,31,00,2e,00,6a,70,67,00,d6,
5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,32,00,2e,00,6a,70,67,00,d6,
5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\
"2"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,33,00,2e,00,6a,70,67,00,d6,
5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥JuE¥JuÖ[sT¯5Ç]
"0"=hex:73,00,63,00,61,00,6e,00,30,00,30,00,30,00,30,00,31,00,32,00,2e,00,6a,
70,67,00,45,a5,4a,75,45,a5,4a,75,d6,5b,53,54,af,9d,35,c7,10,01,00,00,a6,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥™uE¥™uÖ[uXÏ]
"0"=hex:73,00,63,00,61,00,6e,00,30,00,30,00,30,00,30,00,31,00,32,00,37,00,2e,
00,6a,70,67,00,45,a5,99,75,45,a5,99,75,d6,5b,55,58,10,06,cf,07,10,01,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥ vE¥ vÖ[YbüXW]
"0"=hex:70,00,72,00,69,00,6e,00,63,00,65,00,73,00,73,00,72,00,6f,00,79,00,61,
00,6c,00,6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,2e,00,6a,70,67,00,45,a5,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:68,00,65,00,61,00,6c,00,74,00,68,00,63,00,65,00,6e,00,74,00,72,00,65,
00,6c,00,65,00,74,00,74,00,65,00,72,00,2e,00,6a,70,67,00,45,a5,20,76,45,a5,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥wE¥wÖ[øY~Ðb]
"0"=hex:49,00,6d,00,61,00,67,00,65,00,31,00,31,00,2e,00,6a,70,67,00,45,a5,03,
77,45,a5,03,77,d6,5b,f8,59,7e,d0,1d,62,10,01,00,00,9a,00,36,00,00,00,00,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:49,00,6d,00,61,00,67,00,65,00,31,00,32,00,2e,00,6a,70,67,00,45,a5,03,
77,45,a5,03,77,d6,5b,f8,59,7e,d0,1d,62,10,01,00,00,9a,00,36,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW]
"0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,73,00,63,00,61,00,6e,00,32,
00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW]
"0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,31,00,61,00,2e,00,70,73,70,
69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,45,a5,20,76,\
"MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,66,00,6f,00,72,00,6d,00,31,
00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,\
"2"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,66,00,6f,00,72,00,6d,00,31,
00,32,00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,\
"3"=hex:77,00,61,00,72,00,77,00,69,00,63,00,6b,00,68,00,65,00,61,00,64,00,2e,
00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,\
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW]
"0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,31,00,2e,00,70,73,70,69,6d,
61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,45,a5,20,76,d6,5b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,f3,29,90,c2,8a,f1,a3,64,04,3b,d2,2e,1a,da,75,69,85,17,a3,43,
9f,af,f4,0f,17,7a,9e,56,1e,43,78,7c,2b,3f,b8,c6,9d,8d,9c,55,27,a7,67,8c,f3,\
"rkeysecu"=hex:fe,bc,70,b9,1d,e7,99,7e,50,0b,3b,b6,92,c6,c7,1c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\ASDR.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2012-08-30 16:54:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 15:54
.
Pre-Run: 154,928,861,184 bytes free
Post-Run: 155,130,540,032 bytes free
.
- - End Of File - - 24C39B34F7E19F8EB097A3285DFB00D0
-
it restarted windows
-
yesss combo is running
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 03
Ran by SYSTEM at 2012-08-30 16:29:54 Run:2
Running from F:\
==============================================
C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55 moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\explorer.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe
==== End of Fixlog ====
-
Thanks for helping me btw, I been struggling on this since yesterday
-
Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 03
Ran by SYSTEM at 30-08-2012 16:09:46
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7543912 2012-03-01] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cFosSpeed.exe [1305272 2010-11-22] (cFos Software GmbH)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-09-14] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r [1349632 2010-06-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1493288 2012-01-13] (Nero AG)
HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe" blrun [27760 2012-07-20] (Bitleader)
HKLM-x32\...\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [230696 2011-08-23] (CyberLink Corp.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\Utils\Sound\Apple\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S [740736 2012-08-03] (ASUS Cloud Corporation)
HKU\Maktone\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe" -autorun [839488 2011-03-18] (DT Soft Ltd)
HKU\Maktone\...\Run: [EADM] "C:\Program Files (x86)\Games\Origin\Origin.exe" -AutoStart [3414680 2012-08-09] (Electronic Arts)
HKU\Maktone\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x]
HKU\Maktone\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-16] (Samsung)
HKU\Maktone\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Maktone\...\Policies\system: [LogonHoursAction] 2
HKU\Maktone\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mala\...\Policies\system: [LogonHoursAction] 2
HKU\Mala\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\..\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: [NameServer]192.168.0.1
Startup: C:\Users\Maktone\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ======
2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2012-03-01] ()
2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] ()
2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe [948656 2012-03-01] (ASUSTeK Computer Inc.)
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2012-03-01] ()
2 AsusFanControlService; "C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe" [1430144 2012-03-01] (ASUSTeK Computer Inc.)
3 BITCOMET_HELPER_SERVICE; C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 cFosSpeedS; "C:\Program Files\ASUS\ROG GameFirst\spd.exe" -service [487096 2010-11-22] (cFos Software GmbH)
2 CLHNServiceForPowerDVD; C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-08-23] ()
2 CyberLink PowerDVD 11.0 Monitor Service; "C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe" [75048 2011-09-01] (CyberLink)
2 CyberLink PowerDVD 11.0 Service; "C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe" [292136 2011-09-01] (CyberLink)
3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-12] ()
2 SkypeUpdate; "C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
==================== Drivers (Whitelisted) ===================
0 AiChargerPlus; C:\Windows\System32\Drivers\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-03-01] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2012-03-01] ()
3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2012-03-01] (MCCI Corporation)
3 cFosSpeed; C:\Windows\System32\Drivers\cFosSpeed.sys [1437368 2010-11-22] (cFos Software GmbH)
3 CompFilter64; C:\Windows\System32\DRIVERS\lvbflt64.sys [25632 2012-01-17] (Logitech Inc.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2012-03-01] (DT Soft Ltd)
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2012-06-03] (ASUSTeK Computer Inc.)
0 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [562456 2011-09-14] (Intel Corporation)
0 iaStorF; C:\Windows\System32\Drivers\iaStorF.sys [23832 2011-09-14] (Intel Corporation)
3 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 VSPerfDrv110; \??\C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-11] (Microsoft Corporation)
2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-02] (CyberLink Corp.)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) =================
==================== One Month Created Files and Folders ======================
2012-08-30 12:46 - 2012-08-30 13:36 - 00000000 ____D C:\FRST
2012-08-30 07:05 - 2012-08-30 07:06 - 00017576 ____A C:\Users\Maktone\Desktop\MBRCheck_08.30.12_16.05.49.txt
2012-08-30 07:05 - 2012-08-30 07:05 - 00080384 ____A C:\Users\Maktone\Desktop\MBRCheck.exe
2012-08-30 06:40 - 2012-08-30 06:40 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Maktone\Desktop\tdsskiller.exe
2012-08-30 06:21 - 2012-08-30 06:28 - 00000000 ____D C:\aws
2012-08-30 06:19 - 2012-08-30 06:19 - 00000000 ___SD C:\ComboFix
2012-08-30 06:15 - 2012-08-30 07:02 - 00000000 ___SD C:\32788R22FWJFW
2012-08-30 06:04 - 2012-08-30 06:14 - 00000000 ____D C:\Qoobox
2012-08-30 06:00 - 2012-08-30 06:00 - 04740381 ____R (Swearware) C:\Users\Maktone\Desktop\ComboFix.exe
2012-08-30 06:00 - 2012-08-30 06:00 - 00000000 ____D C:\Windows\erdnt
2012-08-30 05:52 - 2012-08-30 05:52 - 00000958 ____A C:\Windows\PFRO.log
2012-08-30 05:10 - 2012-08-30 06:42 - 00151552 ____A C:\Windows\KMSEmulator.exe
2012-08-30 05:10 - 2012-08-30 06:42 - 00000280 ____A C:\Windows\setupact.log
2012-08-30 05:10 - 2012-08-30 06:42 - 00000218 ____A C:\Windows\Tasks\AutoKMSDaily.job
2012-08-30 05:10 - 2012-08-30 06:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-30 04:00 - 2012-08-30 04:00 - 00080360 ____A C:\Users\Maktone\Desktop\Extras.Txt
2012-08-30 03:59 - 2012-08-30 06:30 - 00131762 ____A C:\Users\Maktone\Desktop\OTL.Txt
2012-08-30 03:57 - 2012-08-30 03:56 - 00598528 ____A (OldTimer Tools) C:\Users\Maktone\Desktop\OTL.exe
2012-08-30 02:54 - 2012-08-30 02:54 - 00002528 ____A C:\Users\Maktone\Desktop\RKreport[1].txt
2012-08-30 02:52 - 2012-08-30 02:54 - 00000000 ____D C:\Users\Maktone\Desktop\RK_Quarantine
2012-08-30 02:52 - 2012-08-30 02:52 - 01368576 ____A C:\Users\Maktone\Desktop\RogueKiller.exe
2012-08-30 02:48 - 2012-08-30 02:48 - 00000000 ____A C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial
2012-08-29 13:16 - 2012-08-29 13:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-24 22:52 - 2012-08-24 22:52 - 04480548 ____A C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage
2012-08-23 03:57 - 2012-08-23 03:57 - 00010240 __ASH C:\Users\Maktone\Downloads\Thumbs.db
2012-08-18 01:56 - 2012-08-18 01:56 - 21869552 ____A (Oracle Corporation) C:\Users\Maktone\Downloads\jre-7u5-windows-x64.exe
2012-08-18 01:56 - 2012-08-18 01:56 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-18 01:56 - 2012-08-18 01:56 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-18 01:56 - 2012-08-18 01:56 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-18 01:56 - 2012-08-18 01:56 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-18 01:56 - 2012-08-18 01:56 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-18 01:56 - 2012-08-18 01:56 - 00000000 ____D C:\Program Files\Java
2012-08-15 13:46 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 13:46 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 13:46 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 13:46 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 13:46 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 13:46 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 13:46 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 13:46 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 13:46 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 13:46 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 13:46 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 13:46 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 13:46 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 13:46 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 13:46 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 13:46 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 13:46 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 13:46 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 13:46 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 13:46 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 13:46 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 13:46 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 13:46 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 13:46 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 13:46 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 13:46 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 13:46 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 13:46 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 13:43 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 13:43 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 13:43 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 13:43 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 13:43 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 13:43 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 13:43 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 12:39 - 2012-08-15 12:41 - 00000000 ____D C:\Users\Maktone\Documents\Google Sketchup
2012-08-15 11:30 - 2012-08-15 11:30 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qgmcd7q.partial
2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.uwm8ndt.partial
2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qf0qnn3.partial
2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.f6u4cl9.partial
2012-08-13 05:14 - 2012-08-13 05:14 - 00000000 ____D C:\Windows\Hewlett-Packard
2012-08-13 05:14 - 2012-08-13 05:14 - 00000000 ____D C:\Users\Maktone\AppData\Roaming\HpUpdate
2012-08-05 01:23 - 2012-08-05 01:23 - 00000000 ____D C:\Users\Maktone\Desktop\New folder (2)
2012-08-05 01:21 - 2012-08-05 01:21 - 00002535 ____A C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk
2012-08-05 01:21 - 2012-08-05 01:21 - 00000000 ____D C:\Users\Maktone\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2012-08-02 05:00 - 2012-08-02 05:00 - 00000000 ____D C:\Users\Maktone\AppData\Roaming\HP
2012-08-02 00:12 - 2010-02-23 00:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-08-01 23:59 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-01 23:59 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-01 23:59 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-01 23:59 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-01 23:59 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-08-01 23:59 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-01 23:59 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-01 23:59 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-08-01 23:59 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-01 23:59 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-01 23:59 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-01 23:59 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-01 23:59 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-01 23:59 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-01 23:59 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-01 23:59 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-01 23:59 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-01 23:59 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-08-01 23:59 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-08-01 23:46 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-08-01 23:46 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-08-01 23:44 - 2012-08-01 23:45 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Maktone\Downloads\Kies_2.3.2.12064_10_1 (1).exe
==================== 3 Months Modified Files ================================
2012-08-30 12:47 - 2012-08-30 12:47 - 00000167 ____A C:\file.txt
2012-08-30 07:06 - 2012-08-30 07:05 - 00017576 ____A C:\Users\Maktone\Desktop\MBRCheck_08.30.12_16.05.49.txt
2012-08-30 07:05 - 2012-08-30 07:05 - 00080384 ____A C:\Users\Maktone\Desktop\MBRCheck.exe
2012-08-30 06:46 - 2009-07-13 21:13 - 00782078 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-30 06:43 - 2012-03-06 17:54 - 00001649 ____A C:\Users\Maktone\Desktop\MySyncFolder.lnk
2012-08-30 06:42 - 2012-08-30 05:10 - 00151552 ____A C:\Windows\KMSEmulator.exe
2012-08-30 06:42 - 2012-08-30 05:10 - 00000280 ____A C:\Windows\setupact.log
2012-08-30 06:42 - 2012-08-30 05:10 - 00000218 ____A C:\Windows\Tasks\AutoKMSDaily.job
2012-08-30 06:42 - 2012-08-30 05:10 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-30 06:42 - 2012-03-01 13:54 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-30 06:40 - 2012-08-30 06:40 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Maktone\Desktop\tdsskiller.exe
2012-08-30 06:30 - 2012-08-30 03:59 - 00131762 ____A C:\Users\Maktone\Desktop\OTL.Txt
2012-08-30 06:23 - 2012-03-08 05:55 - 00000386 ____A C:\Windows\lgfwup.ini
2012-08-30 06:00 - 2012-08-30 06:00 - 04740381 ____R (Swearware) C:\Users\Maktone\Desktop\ComboFix.exe
2012-08-30 05:52 - 2012-08-30 05:52 - 00000958 ____A C:\Windows\PFRO.log
2012-08-30 05:15 - 2012-03-01 13:54 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-30 04:00 - 2012-08-30 04:00 - 00080360 ____A C:\Users\Maktone\Desktop\Extras.Txt
2012-08-30 03:56 - 2012-08-30 03:57 - 00598528 ____A (OldTimer Tools) C:\Users\Maktone\Desktop\OTL.exe
2012-08-30 02:54 - 2012-08-30 02:54 - 00002528 ____A C:\Users\Maktone\Desktop\RKreport[1].txt
2012-08-30 02:52 - 2012-08-30 02:52 - 01368576 ____A C:\Users\Maktone\Desktop\RogueKiller.exe
2012-08-30 02:48 - 2012-08-30 02:48 - 00000000 ____A C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial
2012-08-30 02:28 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-29 15:48 - 2012-04-06 02:56 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-08-29 15:48 - 2012-04-06 02:56 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-08-29 15:48 - 2012-04-06 02:56 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-08-29 13:11 - 2012-03-01 13:19 - 01487231 ____A C:\Windows\WindowsUpdate.log
2012-08-27 00:19 - 2012-03-30 08:38 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-27 00:19 - 2012-03-01 15:20 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-26 16:10 - 2009-07-13 20:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-26 16:10 - 2009-07-13 20:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-24 22:52 - 2012-08-24 22:52 - 04480548 ____A C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage
2012-08-23 03:57 - 2012-08-23 03:57 - 00010240 __ASH C:\Users\Maktone\Downloads\Thumbs.db
2012-08-21 16:18 - 2012-03-01 13:55 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-19 05:21 - 2012-03-06 17:52 - 00001242 ____A C:\Users\Public\Desktop\ASUS WebStorage.lnk
2012-08-18 01:56 - 2012-08-18 01:56 - 21869552 ____A (Oracle Corporation) C:\Users\Maktone\Downloads\jre-7u5-windows-x64.exe
2012-08-18 01:56 - 2012-08-18 01:56 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-18 01:56 - 2012-08-18 01:56 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-18 01:56 - 2012-08-18 01:56 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-18 01:56 - 2012-08-18 01:56 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-18 01:56 - 2012-08-18 01:56 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-15 13:58 - 2009-07-13 20:45 - 00352032 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 13:44 - 2012-05-17 07:15 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-15 11:30 - 2012-08-15 11:30 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qgmcd7q.partial
2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.uwm8ndt.partial
2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qf0qnn3.partial
2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.f6u4cl9.partial
2012-08-05 01:21 - 2012-08-05 01:21 - 00002535 ____A C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk
2012-08-01 23:46 - 2012-04-24 07:10 - 00001961 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-08-01 23:45 - 2012-08-01 23:44 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Maktone\Downloads\Kies_2.3.2.12064_10_1 (1).exe
2012-08-01 23:36 - 2012-04-24 06:21 - 00001901 ____A C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk
2012-07-25 08:24 - 2012-07-25 08:22 - 00001908 ____A C:\Windows\diagwrn.xml
2012-07-25 08:24 - 2012-07-25 08:22 - 00001908 ____A C:\Windows\diagerr.xml
2012-07-25 08:22 - 2012-03-09 01:36 - 00000000 ____A C:\Windows\setuperr.log
2012-07-20 04:00 - 2012-03-03 13:52 - 00001354 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-18 10:15 - 2012-08-15 13:43 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-09 06:27 - 2012-07-09 06:27 - 00000103 ____A C:\Users\Maktone\Documents\passport.txt
2012-07-04 14:16 - 2012-08-15 13:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 13:43 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 13:43 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 13:43 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 13:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 04:46 - 2012-03-03 13:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 08:05 - 2012-07-02 08:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-02 08:05 - 2012-07-02 08:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-01 00:31 - 2012-07-01 00:32 - 00001250 ____A C:\Users\Maktone\Desktop\PlayMaxPayne3 - Shortcut.lnk
2012-06-28 20:55 - 2012-08-15 13:46 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 13:46 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 13:46 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 13:46 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 13:46 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 13:46 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 13:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 13:46 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 13:46 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 13:46 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 13:46 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 13:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 13:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 13:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 13:46 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 13:46 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 13:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 13:46 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 13:46 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 13:46 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 13:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 13:46 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 13:46 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 13:46 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 13:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 13:46 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 13:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 13:46 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 12:58 - 2012-06-26 12:58 - 00000078 ____A C:\Users\Maktone\Documents\michael.txt
2012-06-26 07:03 - 2012-04-24 06:29 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-06-26 07:02 - 2012-04-24 06:57 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-06-22 10:42 - 2012-06-22 10:42 - 00020628 ____A C:\Users\Maktone\Downloads\579023.zip
2012-06-13 09:53 - 2012-06-13 09:53 - 00088856 ____A C:\Users\Mala\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-13 09:53 - 2012-06-13 09:53 - 00001008 _RASH C:\Users\Mala\ntuser.pol
2012-06-13 09:53 - 2012-06-13 09:53 - 00000020 ___SH C:\Users\Mala\ntuser.ini
2012-06-13 09:53 - 2012-03-01 16:51 - 00000632 _RASH C:\Users\Maktone\ntuser.pol
2012-06-13 00:30 - 2012-06-13 00:30 - 00002039 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 00:28 - 2012-06-13 00:28 - 00001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-08 21:43 - 2012-08-01 23:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-08-01 23:59 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-08-01 23:59 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-08-01 23:59 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-08-01 23:59 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-08-01 23:59 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-08-01 23:59 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-08-01 23:59 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 14:47 - 2012-06-05 14:47 - 22717310 ____A C:\Users\Maktone\Downloads\GPUTweakVer2150.zip
2012-06-05 14:45 - 2012-06-05 14:45 - 00524928 ____A C:\Users\Maktone\Downloads\560UpdateBIOS (1).rar
2012-06-05 14:42 - 2012-06-05 14:42 - 00524928 ____A C:\Users\Maktone\Downloads\560UpdateBIOS.rar
2012-06-05 14:20 - 2012-06-05 14:20 - 00283362 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-06-05 03:25 - 2012-06-05 03:25 - 00008714 ____A C:\Users\Maktone\Documents\PaKi.txt
2012-06-05 03:08 - 2012-06-05 03:08 - 00000009 ____A C:\Users\Maktone\Documents\PaKi.m3u
2012-06-03 23:59 - 2012-08-01 23:46 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-03 23:59 - 2012-08-01 23:46 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-03 02:02 - 2012-06-03 02:02 - 00291440 ____A C:\Windows\Minidump\060312-29218-01.dmp
2012-06-03 02:02 - 2012-06-03 01:57 - 805135207 ____A C:\Windows\MEMORY.DMP
2012-06-03 01:57 - 2012-06-03 01:57 - 00290832 ____A C:\Windows\Minidump\060312-20373-01.dmp
2012-06-03 01:53 - 2012-06-03 01:53 - 22232105 ____A C:\Users\Maktone\Downloads\GPUTweakVer2124.zip
2012-06-03 01:51 - 2012-06-03 01:51 - 00016384 ____A (ASUSTeK Computer Inc.) C:\Windows\System32\Drivers\EIO64.sys
2012-06-03 01:51 - 2012-03-01 14:07 - 00019170 ____A C:\Windows\DPINST.LOG
2012-06-03 01:50 - 2012-06-03 01:50 - 19243963 ____A C:\Users\Maktone\Downloads\SmartDoc_5_82.zip
2012-06-02 16:31 - 2012-06-02 16:31 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-06-02 14:19 - 2012-06-24 01:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 01:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 01:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 01:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 01:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-24 01:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-24 01:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-24 01:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-24 01:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-03-01 15:08] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16360.36 MB
Available physical RAM: 15149.21 MB
Total Pagefile: 16358.56 MB
Available Pagefile: 15145.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions ============================
1 Drive c: (Azmo) (Fixed) (Total:223.56 GB) (Free:144.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive f: () (Removable) (Total:7.47 GB) (Free:3.18 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (NoToRiOuS) (Fixed) (Total:1862.89 GB) (Free:1205.04 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 0 B *
Disk 1 Online 223 GB 6144 KB
Disk 2 Online 7652 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 1862 GB 129 MB
==================================================================================
Disk: 0
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000
There is no volume associated with this partition.
==================================================================================
Disk: 0
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NoToRiOuS NTFS Partition 1862 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 223 GB 4096 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Azmo NTFS Partition 223 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7651 MB 31 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 7651 MB Healthy
==================================================================================
Last Boot: 2012-08-27 05:38
==================== End Of Log =============================
-
post too long so attached it
-
15:40:34.0580 5328 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:40:34.0596 5328 ============================================================
15:40:34.0596 5328 Current date / time: 2012/08/30 15:40:34.0596
15:40:34.0596 5328 SystemInfo:
15:40:34.0596 5328
15:40:34.0596 5328 OS Version: 6.1.7601 ServicePack: 1.0
15:40:34.0596 5328 Product type: Workstation
15:40:34.0596 5328 ComputerName: AZMOSIS
15:40:34.0596 5328 UserName: Maktone
15:40:34.0596 5328 Windows directory: C:\Windows
15:40:34.0596 5328 System windows directory: C:\Windows
15:40:34.0596 5328 Running under WOW64
15:40:34.0596 5328 Processor architecture: Intel x64
15:40:34.0596 5328 Number of processors: 8
15:40:34.0596 5328 Page size: 0x1000
15:40:34.0596 5328 Boot type: Normal boot
15:40:34.0596 5328 ============================================================
15:40:35.0157 5328 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:40:35.0157 5328 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:40:35.0376 5328 Drive \Device\Harddisk2\DR5 - Size: 0x1DE400000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:40:35.0391 5328 ============================================================
15:40:35.0391 5328 \Device\Harddisk0\DR0:
15:40:35.0391 5328 MBR partitions:
15:40:35.0391 5328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x1BF20000
15:40:35.0391 5328 \Device\Harddisk1\DR1:
15:40:35.0391 5328 GPT partitions:
15:40:35.0391 5328 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8A15E5D0-050B-454A-A928-1664B8B62AF8}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
15:40:35.0391 5328 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DA340C0D-2945-4151-B7E5-126FFCA47ED6}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
15:40:35.0391 5328 MBR partitions:
15:40:35.0391 5328 \Device\Harddisk2\DR5:
15:40:35.0391 5328 MBR partitions:
15:40:35.0391 5328 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEF1FC1
15:40:35.0391 5328 ============================================================
15:40:35.0391 5328 C: <-> \Device\Harddisk0\DR0\Partition1
15:40:35.0407 5328 D: <-> \Device\Harddisk1\DR1\Partition2
15:40:35.0407 5328 ============================================================
15:40:35.0407 5328 Initialize success
15:40:35.0407 5328 ============================================================
15:41:08.0541 1712 Deinitialize success
-
This is the quickscan after the internet was activated:
OTL logfile created on: 30/08/2012 15:29:00 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
15.98 Gb Total Physical Memory | 13.52 Gb Available Physical Memory | 84.61% Memory free
31.95 Gb Paging File | 29.28 Gb Available in Paging File | 91.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.56 Gb Total Space | 144.39 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 1205.04 Gb Free Space | 64.69% Space Free | Partition Type: NTFS
Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe
PRC - [2012/08/03 10:38:54 | 000,740,736 | ---- | M] (ASUS Cloud Corporation) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/20 12:10:43 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\fwupdate.exe
PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe
PRC - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe
PRC - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Suite II.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/09/19 17:17:24 | 001,119,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
PRC - [2011/09/14 16:41:58 | 000,286,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
PRC - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
PRC - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011/09/07 16:13:06 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/08/24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe
PRC - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/03/18 12:40:50 | 000,839,488 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe
PRC - [2011/03/18 12:40:46 | 000,377,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AsRoutineController.exe
PRC - [2010/11/21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/11/08 16:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
PRC - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2002/03/15 22:43:00 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/23 15:10:28 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/06/13 09:21:03 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/13 09:17:54 | 000,335,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6fdaf4d2968973c0667f94c5bdeb0b9f\IAStorUtil.ni.dll
MOD - [2012/06/13 08:50:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 08:50:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 08:50:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/18 17:49:14 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/17 16:25:58 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/17 16:25:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/17 16:25:56 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/17 16:25:56 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/17 16:25:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\c8c86990be4c601bba900fe50a82f829\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2012/05/17 16:25:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/17 16:25:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b251e1073d227047cbbf9771cb194910\IAStorCommon.ni.dll
MOD - [2012/05/17 16:21:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/17 16:21:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/17 16:21:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/17 16:21:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/17 16:21:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/03/09 16:26:33 | 000,039,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2012/03/02 01:12:07 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMLib.dll
MOD - [2011/12/28 12:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\Sensor.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 21:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011/10/13 16:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ASUS Update\Update.dll
MOD - [2011/09/29 12:36:54 | 001,046,016 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Probe_II\ProbeII.dll
MOD - [2011/09/26 20:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/09/26 19:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/09/20 19:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011/09/19 21:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Settings\Settings.dll
MOD - [2011/09/05 08:19:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll
MOD - [2011/08/23 17:19:52 | 001,294,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/07/21 10:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Splitter\Splitter.dll
MOD - [2011/07/12 20:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AssistFunc.dll
MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/05 09:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\pngio.dll
MOD - [2010/10/05 09:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ImageHelper.dll
MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\pngio.dll
MOD - [2007/03/13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007/02/28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/02/09 21:05:56 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV:64bit: - [2011/06/29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2010/11/22 15:56:12 | 000,487,096 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\ROG GameFirst\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 17:04:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/03/01 23:05:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/03/01 23:04:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/30 19:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/04 08:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 08:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/03 10:51:58 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/02 01:12:51 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2012/03/02 00:30:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 07:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/12/12 05:32:04 | 000,067,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/09/21 11:25:52 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/09/14 16:43:30 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/09/14 16:43:30 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/08/15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/07/20 02:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/03/23 16:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/22 15:56:14 | 001,437,368 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/02/22 16:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/09/02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/03/08 15:34:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/08/24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 A8 28 64 93 83 CD 01 [binary data]
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M]
[2012/03/02 01:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Extensions
[2012/07/25 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\extensions
[2012/05/31 21:48:34 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/07/25 17:04:18 | 000,670,738 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Skype Click to Call = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [EADM] C:\Program Files (x86)\Games\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/30 21:46:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/30 15:21:42 | 000,000,000 | ---D | C] -- C:\aws
[2012/08/30 15:19:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/30 15:15:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/30 15:04:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/30 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/30 15:00:42 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe
[2012/08/30 12:57:17 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe
[2012/08/30 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\RK_Quarantine
[2012/08/29 22:16:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/18 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/15 21:39:00 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Documents\Google Sketchup
[2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HpUpdate
[2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/08/05 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\New folder (2)
[2012/08/05 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/08/02 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HP
[2012/08/02 08:46:21 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/08/02 08:46:21 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/30 15:25:54 | 000,782,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/30 15:25:54 | 000,666,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 15:25:54 | 000,126,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/30 15:23:27 | 000,000,386 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/08/30 15:21:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/08/30 15:21:42 | 000,001,649 | ---- | M] () -- C:\Users\Maktone\Desktop\MySyncFolder.lnk
[2012/08/30 15:21:37 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012/08/30 15:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/30 15:21:22 | 4276,375,550 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/30 15:00:10 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe
[2012/08/30 14:15:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe
[2012/08/30 11:52:42 | 001,368,576 | ---- | M] () -- C:\Users\Maktone\Desktop\RogueKiller.exe
[2012/08/30 11:48:52 | 000,000,000 | ---- | M] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial
[2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/30 00:48:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/29 15:43:16 | 000,052,662 | ---- | M] () -- C:\Users\Maktone\Desktop\Picture 16.jpg
[2012/08/29 13:12:08 | 000,074,709 | ---- | M] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg
[2012/08/29 12:53:34 | 000,050,324 | ---- | M] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg
[2012/08/29 12:50:00 | 000,095,160 | ---- | M] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg
[2012/08/29 12:48:35 | 000,050,727 | ---- | M] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg
[2012/08/29 12:43:19 | 000,056,240 | ---- | M] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg
[2012/08/29 12:43:13 | 000,066,044 | ---- | M] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg
[2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 07:52:27 | 004,480,548 | ---- | M] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage
[2012/08/22 01:18:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/19 14:21:48 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk
[2012/08/15 22:58:57 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 15:55:38 | 000,021,608 | ---- | M] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf
[2012/08/05 10:21:22 | 000,002,535 | ---- | M] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/08/02 14:07:34 | 000,266,545 | ---- | M] () -- C:\Users\Maktone\Desktop\Image12.jpg
[2012/08/02 14:06:17 | 000,373,703 | ---- | M] () -- C:\Users\Maktone\Desktop\Image11.jpg
[2012/08/02 14:01:35 | 000,658,333 | ---- | M] () -- C:\Users\Maktone\Desktop\Image1.jpg
[2012/08/02 08:46:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/08/02 08:46:07 | 000,001,985 | ---- | M] () -- C:\Users\Maktone\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/08/02 08:36:43 | 000,001,901 | ---- | M] () -- C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/30 14:10:14 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/08/30 14:10:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/08/30 11:52:42 | 001,368,576 | ---- | C] () -- C:\Users\Maktone\Desktop\RogueKiller.exe
[2012/08/30 11:48:52 | 000,000,000 | ---- | C] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial
[2012/08/29 15:43:16 | 000,052,662 | ---- | C] () -- C:\Users\Maktone\Desktop\Picture 16.jpg
[2012/08/29 13:12:19 | 000,074,709 | ---- | C] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg
[2012/08/29 12:53:24 | 000,050,324 | ---- | C] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg
[2012/08/29 12:49:39 | 000,095,160 | ---- | C] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg
[2012/08/29 12:48:21 | 000,050,727 | ---- | C] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg
[2012/08/29 12:43:10 | 000,056,240 | ---- | C] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg
[2012/08/29 12:42:59 | 000,066,044 | ---- | C] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg
[2012/08/25 07:52:26 | 004,480,548 | ---- | C] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage
[2012/08/15 15:55:38 | 000,021,608 | ---- | C] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf
[2012/08/05 10:23:55 | 000,594,525 | ---- | C] () -- C:\Users\Maktone\Desktop\projectthesis2.pdf
[2012/08/05 10:23:50 | 003,314,736 | ---- | C] () -- C:\Users\Maktone\Desktop\graphs.pdf
[2012/08/05 10:21:22 | 000,002,535 | ---- | C] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/08/02 14:07:34 | 000,266,545 | ---- | C] () -- C:\Users\Maktone\Desktop\Image12.jpg
[2012/08/02 14:06:17 | 000,373,703 | ---- | C] () -- C:\Users\Maktone\Desktop\Image11.jpg
[2012/08/02 14:01:35 | 000,658,333 | ---- | C] () -- C:\Users\Maktone\Desktop\Image1.jpg
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/13 13:31:19 | 000,115,406 | ---- | C] () -- C:\Windows\hpgins28.dat
[2012/05/13 13:31:19 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat
[2012/04/27 17:48:12 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/04/27 17:48:12 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/04/06 11:56:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/06 11:56:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/03/08 15:45:41 | 000,007,598 | ---- | C] () -- C:\Users\Maktone\AppData\Local\Resmon.ResmonCfg
[2012/03/08 14:55:20 | 000,000,386 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/03/03 12:35:39 | 032,461,312 | ---- | C] () -- C:\Windows\SysWow64\Office 2010 Toolkit.exe
[2012/03/03 12:35:39 | 000,000,751 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini
[2012/03/02 02:40:58 | 005,472,848 | ---- | C] () -- C:\Windows\PE_File.dll
[2012/03/02 02:36:15 | 005,412,720 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012/03/02 02:27:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/03/02 01:51:30 | 000,000,632 | RHS- | C] () -- C:\Users\Maktone\ntuser.pol
[2012/03/02 00:48:54 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/03/02 00:48:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/03/02 00:48:52 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/03/01 23:06:11 | 000,765,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/01 23:06:07 | 000,007,594 | ---- | C] () -- C:\Windows\SysWow64\xFiMB2CfgUninstall32.ini
[2012/03/01 23:06:07 | 000,005,135 | ---- | C] () -- C:\Windows\SysWow64\cfgfx.ini
[2012/03/01 23:06:07 | 000,002,775 | ---- | C] () -- C:\Windows\FF08_Render_Spk.ini
[2012/03/01 23:06:07 | 000,002,411 | ---- | C] () -- C:\Windows\FF08_Render_Hp.ini
[2012/03/01 23:06:07 | 000,002,267 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2012/03/01 23:06:07 | 000,001,542 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2012/03/01 23:06:03 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/03/01 23:06:00 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/03/01 23:06:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/03/01 22:51:04 | 000,056,512 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/03/01 22:38:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/01 22:38:42 | 000,040,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
========== LOP Check ==========
[2012/08/30 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\ASUS WebStorage
[2012/08/30 00:46:57 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\BitComet
[2012/04/06 21:37:49 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\CometPlayer
[2012/03/02 00:30:33 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\DAEMON Tools Pro
[2012/03/09 02:09:02 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Leadertech
[2012/04/25 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\oald8
[2012/08/26 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Origin
[2012/04/19 11:10:12 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\picpick
[2012/08/02 08:45:50 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Samsung
[2012/03/11 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\tigerplayer
[2012/05/13 13:14:27 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Ulead Systems
[2012/06/13 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Mala\AppData\Roaming\ASUS WebStorage
[2012/06/13 18:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mala\AppData\Roaming\DAEMON Tools Pro
[2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012/08/30 11:28:50 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/08/02 15:23:27 | 000,015,453 | ---- | M] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx
[2012/08/02 15:23:27 | 000,015,453 | ---- | C] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx
[2012/08/02 15:23:27 | 000,000,162 | -H-- | M] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx
[2012/08/02 15:23:27 | 000,000,162 | -H-- | C] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx
< End of report >
-
OTL logfile created on: 30/08/2012 15:23:55 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
15.98 Gb Total Physical Memory | 13.85 Gb Available Physical Memory | 86.70% Memory free
31.95 Gb Paging File | 29.62 Gb Available in Paging File | 92.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.56 Gb Total Space | 144.39 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 1205.04 Gb Free Space | 64.69% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 3.18 Gb Free Space | 42.59% Space Free | Partition Type: NTFS
Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe
PRC - [2012/08/03 10:38:54 | 000,740,736 | ---- | M] (ASUS Cloud Corporation) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/20 12:10:43 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\fwupdate.exe
PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe
PRC - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe
PRC - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Suite II.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/09/19 17:17:24 | 001,119,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
PRC - [2011/09/14 16:41:58 | 000,286,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
PRC - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
PRC - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011/09/07 16:13:06 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/08/24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe
PRC - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/03/18 12:40:50 | 000,839,488 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe
PRC - [2011/03/18 12:40:46 | 000,377,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AsRoutineController.exe
PRC - [2010/11/21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/11/08 16:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
PRC - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2002/03/15 22:43:00 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/23 15:10:28 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/06/13 09:21:03 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/13 09:17:54 | 000,335,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6fdaf4d2968973c0667f94c5bdeb0b9f\IAStorUtil.ni.dll
MOD - [2012/06/13 08:50:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 08:50:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 08:50:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/18 17:49:14 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/17 16:25:58 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/17 16:25:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/17 16:25:56 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/17 16:25:56 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/17 16:25:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\c8c86990be4c601bba900fe50a82f829\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2012/05/17 16:25:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/17 16:25:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b251e1073d227047cbbf9771cb194910\IAStorCommon.ni.dll
MOD - [2012/05/17 16:21:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/17 16:21:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/17 16:21:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/17 16:21:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/17 16:21:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/03/09 16:26:33 | 000,039,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2012/03/02 01:12:07 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMLib.dll
MOD - [2011/12/28 12:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\Sensor.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 21:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011/10/13 16:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ASUS Update\Update.dll
MOD - [2011/09/29 12:36:54 | 001,046,016 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Probe_II\ProbeII.dll
MOD - [2011/09/26 20:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/09/26 19:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/09/20 19:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011/09/19 21:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Settings\Settings.dll
MOD - [2011/09/05 08:19:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll
MOD - [2011/08/23 17:19:52 | 001,294,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/07/21 10:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Splitter\Splitter.dll
MOD - [2011/07/12 20:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AssistFunc.dll
MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/05 09:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\pngio.dll
MOD - [2010/10/05 09:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ImageHelper.dll
MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\pngio.dll
MOD - [2007/03/13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007/02/28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/02/09 21:05:56 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV:64bit: - [2011/06/29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2010/11/22 15:56:12 | 000,487,096 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\ROG GameFirst\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 17:04:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/03/01 23:05:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/03/01 23:04:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/30 19:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/04 08:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 08:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/03 10:51:58 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/02 01:12:51 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2012/03/02 00:30:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 07:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/12/12 05:32:04 | 000,067,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/09/21 11:25:52 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/09/14 16:43:30 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/09/14 16:43:30 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/08/15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/07/20 02:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/03/23 16:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/22 15:56:14 | 001,437,368 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/02/22 16:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/09/02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/03/08 15:34:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/08/24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 A8 28 64 93 83 CD 01 [binary data]
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M]
[2012/03/02 01:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Extensions
[2012/07/25 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\extensions
[2012/05/31 21:48:34 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/07/25 17:04:18 | 000,670,738 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Skype Click to Call = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [EADM] C:\Program Files (x86)\Games\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/30 12:16:22 | 000,000,100 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/30 21:46:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/30 15:21:42 | 000,000,000 | ---D | C] -- C:\aws
[2012/08/30 15:19:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/30 15:15:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/30 15:04:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/30 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/30 15:00:42 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe
[2012/08/30 12:57:17 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe
[2012/08/30 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\RK_Quarantine
[2012/08/29 22:16:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/18 10:56:21 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/08/18 10:56:21 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/08/18 10:56:21 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/08/18 10:56:20 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/08/18 10:56:20 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/08/18 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/15 22:46:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 22:46:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 22:46:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 22:46:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 22:46:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 22:46:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 22:46:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 22:46:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 22:46:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 22:46:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 22:46:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 22:46:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 22:46:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 22:43:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 22:43:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 22:43:37 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 22:43:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 21:39:00 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Documents\Google Sketchup
[2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HpUpdate
[2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/08/05 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\New folder (2)
[2012/08/05 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/08/02 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HP
[2012/08/02 09:12:31 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/08/02 08:59:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/08/02 08:59:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/08/02 08:59:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/08/02 08:59:48 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/08/02 08:59:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/08/02 08:46:21 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/08/02 08:46:21 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/30 15:23:27 | 000,000,386 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/08/30 15:21:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/08/30 15:21:42 | 000,001,649 | ---- | M] () -- C:\Users\Maktone\Desktop\MySyncFolder.lnk
[2012/08/30 15:21:37 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012/08/30 15:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/30 15:21:22 | 4276,375,550 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/30 15:01:53 | 000,782,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/30 15:01:53 | 000,666,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 15:01:53 | 000,126,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/30 15:00:10 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe
[2012/08/30 14:15:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe
[2012/08/30 11:52:42 | 001,368,576 | ---- | M] () -- C:\Users\Maktone\Desktop\RogueKiller.exe
[2012/08/30 11:48:52 | 000,000,000 | ---- | M] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial
[2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/30 00:48:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/29 15:43:16 | 000,052,662 | ---- | M] () -- C:\Users\Maktone\Desktop\Picture 16.jpg
[2012/08/29 13:12:08 | 000,074,709 | ---- | M] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg
[2012/08/29 12:53:34 | 000,050,324 | ---- | M] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg
[2012/08/29 12:50:00 | 000,095,160 | ---- | M] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg
[2012/08/29 12:48:35 | 000,050,727 | ---- | M] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg
[2012/08/29 12:43:19 | 000,056,240 | ---- | M] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg
[2012/08/29 12:43:13 | 000,066,044 | ---- | M] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg
[2012/08/27 09:19:28 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/27 09:19:28 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 07:52:27 | 004,480,548 | ---- | M] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage
[2012/08/22 01:18:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/19 14:21:48 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk
[2012/08/18 10:56:18 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/08/18 10:56:18 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/08/18 10:56:18 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/08/18 10:56:18 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/08/18 10:56:18 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/08/15 22:58:57 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 15:55:38 | 000,021,608 | ---- | M] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf
[2012/08/05 10:21:22 | 000,002,535 | ---- | M] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/08/02 14:07:34 | 000,266,545 | ---- | M] () -- C:\Users\Maktone\Desktop\Image12.jpg
[2012/08/02 14:06:17 | 000,373,703 | ---- | M] () -- C:\Users\Maktone\Desktop\Image11.jpg
[2012/08/02 14:01:35 | 000,658,333 | ---- | M] () -- C:\Users\Maktone\Desktop\Image1.jpg
[2012/08/02 08:46:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/08/02 08:46:07 | 000,001,985 | ---- | M] () -- C:\Users\Maktone\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/08/02 08:36:43 | 000,001,901 | ---- | M] () -- C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/30 14:10:14 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/08/30 14:10:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/08/30 11:52:42 | 001,368,576 | ---- | C] () -- C:\Users\Maktone\Desktop\RogueKiller.exe
[2012/08/30 11:48:52 | 000,000,000 | ---- | C] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial
[2012/08/29 15:43:16 | 000,052,662 | ---- | C] () -- C:\Users\Maktone\Desktop\Picture 16.jpg
[2012/08/29 13:12:19 | 000,074,709 | ---- | C] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg
[2012/08/29 12:53:24 | 000,050,324 | ---- | C] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg
[2012/08/29 12:49:39 | 000,095,160 | ---- | C] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg
[2012/08/29 12:48:21 | 000,050,727 | ---- | C] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg
[2012/08/29 12:43:10 | 000,056,240 | ---- | C] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg
[2012/08/29 12:42:59 | 000,066,044 | ---- | C] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg
[2012/08/25 07:52:26 | 004,480,548 | ---- | C] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage
[2012/08/15 15:55:38 | 000,021,608 | ---- | C] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf
[2012/08/05 10:23:55 | 000,594,525 | ---- | C] () -- C:\Users\Maktone\Desktop\projectthesis2.pdf
[2012/08/05 10:23:50 | 003,314,736 | ---- | C] () -- C:\Users\Maktone\Desktop\graphs.pdf
[2012/08/05 10:21:22 | 000,002,535 | ---- | C] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/08/02 14:07:34 | 000,266,545 | ---- | C] () -- C:\Users\Maktone\Desktop\Image12.jpg
[2012/08/02 14:06:17 | 000,373,703 | ---- | C] () -- C:\Users\Maktone\Desktop\Image11.jpg
[2012/08/02 14:01:35 | 000,658,333 | ---- | C] () -- C:\Users\Maktone\Desktop\Image1.jpg
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/13 13:31:19 | 000,115,406 | ---- | C] () -- C:\Windows\hpgins28.dat
[2012/05/13 13:31:19 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat
[2012/04/27 17:48:12 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/04/27 17:48:12 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/04/06 11:56:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/06 11:56:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/03/08 15:45:41 | 000,007,598 | ---- | C] () -- C:\Users\Maktone\AppData\Local\Resmon.ResmonCfg
[2012/03/08 14:55:20 | 000,000,386 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/03/03 12:35:39 | 032,461,312 | ---- | C] () -- C:\Windows\SysWow64\Office 2010 Toolkit.exe
[2012/03/03 12:35:39 | 000,000,751 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini
[2012/03/02 02:40:58 | 005,472,848 | ---- | C] () -- C:\Windows\PE_File.dll
[2012/03/02 02:36:15 | 005,412,720 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012/03/02 02:27:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/03/02 01:51:30 | 000,000,632 | RHS- | C] () -- C:\Users\Maktone\ntuser.pol
[2012/03/02 00:48:54 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/03/02 00:48:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/03/02 00:48:52 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/03/01 23:06:11 | 000,765,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/01 23:06:07 | 000,007,594 | ---- | C] () -- C:\Windows\SysWow64\xFiMB2CfgUninstall32.ini
[2012/03/01 23:06:07 | 000,005,135 | ---- | C] () -- C:\Windows\SysWow64\cfgfx.ini
[2012/03/01 23:06:07 | 000,002,775 | ---- | C] () -- C:\Windows\FF08_Render_Spk.ini
[2012/03/01 23:06:07 | 000,002,411 | ---- | C] () -- C:\Windows\FF08_Render_Hp.ini
[2012/03/01 23:06:07 | 000,002,267 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2012/03/01 23:06:07 | 000,001,542 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2012/03/01 23:06:03 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/03/01 23:06:00 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/03/01 23:06:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/03/01 22:51:04 | 000,056,512 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/03/01 22:38:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/01 22:38:42 | 000,040,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
========== Files - Unicode (All) ==========
[2012/08/02 15:23:27 | 000,015,453 | ---- | M] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx
[2012/08/02 15:23:27 | 000,015,453 | ---- | C] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx
[2012/08/02 15:23:27 | 000,000,162 | -H-- | M] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx
[2012/08/02 15:23:27 | 000,000,162 | -H-- | C] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx
< End of report >
-
OTL Extras logfile created on: 30/08/2012 12:57:40 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
15.98 Gb Total Physical Memory | 13.82 Gb Available Physical Memory | 86.52% Memory free
31.95 Gb Paging File | 29.59 Gb Available in Paging File | 92.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.56 Gb Total Space | 144.50 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 1205.05 Gb Free Space | 64.69% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 3.19 Gb Free Space | 42.65% Space Free | Partition Type: NTFS
Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Utils\Graphics\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Utils\Graphics\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{019D044A-DED9-4214-9678-03D086889DFF}" = Microsoft Visual Studio 11 Performance Collection Tools Beta - ENU
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 11 Prerequisites - ENU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E3579F6-A5E5-33A3-97BB-B0FB60406CDD}" = Microsoft Visual C++ 11 x64 Minimum Runtime - 11.0.50214
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java 7 Update 5 (64-bit)
"{271B7D95-0A19-406F-886B-7D7936F9BF54}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0
"{2B671A8A-5750-4682-9425-F5A5A7327775}" = Microsoft SQL Server 2012 Management Objects RC0 (x64)
"{3F263601-92CC-4DA5-813A-BE6A3E94F84E}" = Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
"{54AC5197-9CE4-4C42-B191-16F5918479EC}" = Microsoft Web Platform Installer 4.0
"{5B4DC741-5A7C-3432-AFD8-88FEF860DEFF}" = Microsoft Visual Studio Team Foundation Server 11 Beta Storyboarding
"{6413F6CE-E598-81D9-76B7-59DE02B75B67}" = Windows Software Development Kit DirectX x64 Remote
"{67ED5E8A-5C76-414E-AEB7-C5826AFF04AC}" = Visual Studio 11 Prerequisites
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6D53338A-BAE2-42A3-8704-1A211CE8A505}" = Microsoft SQL Server 2012 Express LocalDB RC0
"{6DDF14AE-7577-FED9-BCCD-235E552BB557}" = Windows App Certification Kit
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6FE038A3-77AA-358E-8203-E5A806964E5B}" = Microsoft Visual C++ 11 Beta x64 Designtime - 11.0.50214
"{77E0AEEA-7217-4FE5-AA67-1830FADD8097}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{795AE7FA-334A-3348-A358-6F56377B8639}" = Microsoft .NET Framework 4.5 Beta
"{7E77E47D-16B7-46EA-92BD-0742E6EAD7E7}" = Microsoft SQL Server 2012 Native Client RC0
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{482CB0DF-849D-479C-8CBB-F9DA6AF0F8C5}" =
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0
"{921CB21C-FB21-48C9-A62C-4A9313A03E49}" = Microsoft Visual Studio 11 Performance Collection Tools Beta
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 Beta
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95DE5EFF-251C-3029-6727-40C128DB02FE}" = Windows Software Development Kit for Metro style Apps DirectX x64 Remote
"{97295B04-1596-3EDE-BC2E-DF1AD6A8C667}" = Microsoft Visual Studio 11 IntelliTrace Core amd64
"{9C24951E-1D56-3835-874D-B4998F5ACD4F}" = vs_lightswitchserverprereqsmsi
"{9F95E499-93DA-41C5-8D12-6BE59C0867F6}" = Microsoft Web Deploy 3.0
"{A3559C6F-0EC4-394D-B9DD-CA728B0863A1}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{A5A8D74C-61B6-46ce-B6E7-527BDD687787}" = HP Scanjet 4800 series 9.0
"{AEAF03A5-708E-3B77-AB22-24BFFD6628ED}" = Microsoft Visual Studio Team Foundation Server 11 Beta Storyboarding Language Pack - ENU
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BDE85FB3-0E1C-3060-BD20-14E8FC5DE604}" = Microsoft Visual Studio Team Foundation Server 11 Beta Object Model Language Pack - ENU
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{C28962A1-AF7A-355D-AFD5-F8906D0971C8}" = Microsoft Visual Studio Team Foundation Server 11 Beta Object Model
"{C9D3F784-B0A4-43E8-9B51-5D4FD01BCDCE}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0
"{CCEB6199-911A-37D6-941E-CA5588F9252C}" = Microsoft Visual C++ 11 x64 Additional Runtime - 11.0.50214
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DDE5D172-4CA4-3050-AE26-6E007801ADBA}" = Microsoft Visual C++ 11 x64 Debug Runtime - 11.0.50214
"{FAF57A91-58B3-490C-9D0C-66337DAD3F11}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
"{FAFC28FA-BB18-4F01-A40C-0CA2EE80B0DC}" = Microsoft SQL Server 2012 Command Line Utilities RC0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.58.4
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"MatlabR2011a" = MATLAB R2011a
"Mem TweakIt_is1" = MemTweakIt 1.01.4
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel® Network Connections 16.5.2.0
"ROG GameFirst" = ROG GameFirst v4.53
"WinRAR archiver" = WinRAR 4.11 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01F8AB89-8953-36CA-B2D2-9277A420D253}" = Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0E6433BF-7522-303A-B241-1E0AA09E226E}" = Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer Language Pack - ENU
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16B1C956-EA06-4C26-8AE5-A4686804EDD7}" = Microsoft Web Deploy dbSqlPackage Provider Nov 2011
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{177DE40F-E744-36BC-90D1-CF4790A07686}" = Microsoft Visual C++ Core Libraries 11
"{181BD097-A91A-4F59-AA85-3C01B07A5B16}" = Microsoft System CLR Types for SQL Server 2012 RC0
"{185792A6-5E5A-4825-AA78-D2459E2010F1}" = Microsoft .NET Framework 4.5 Beta SDK
"{1867A9CA-17B3-8CC2-C97A-3A26D0C00F9C}" = Windows Runtime Intellisense Content - English
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1BD66FF7-3808-3726-BEDE-C9D63C82C8F4}" = Microsoft Visual Studio 11 SharePoint Developer Tools Beta
"{1D2F87F3-452E-BEA7-289A-D497CA405D46}" = Windows Software Development Kit for Metro style Apps DirectX x86 Remote
"{1DFFD802-349E-4756-8449-5569473824AB}" = vs_minshellcore
"{1E305909-7050-4D9E-BC5E-E5B8A50FD6CC}" = Microsoft Web Tooling Extensions - Visual Studio 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE5F23D-88B8-40B4-9B6B-2F84F3808BDC}" = SQL Server Data Framework Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20720B17-82F9-4AA8-916E-FF9674C36B12}" = Microsoft Visual Studio 11 Beta Tools for .Net 3.5
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{2797220A-918D-33AE-9736-0D8F9659EC91}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}" = IIS 7.5 Express
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3BE6FFBC-742A-4AF0-B8C6-F0549AA21DF5}" = Microsoft SQL Server Data Tools Build Utilities Mar 2012
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C2BF3-D8B6-4205-A2AD-BCB0A1E360A4}" = Microsoft Expression Encoder 4
"{3F835874-1C6A-CD11-D369-7D6D1BB15CBC}" = Windows Software Development Kit
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{46869DE6-AF4A-0D11-F1D5-5692D1B66289}" = Windows Software Development Kit Redistributables
"{46CC4B6E-F46A-3091-BF43-BC7972BD1DEC}" = Microsoft Visual Studio 11 Professional Beta
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A613A09-8F96-4F7E-BD71-69A89F37150D}" = hpg4850QFolder
"{5C902D1A-D95A-E32B-1C2D-2B8DA8DC074E}" = LocalESPC
"{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11
"{5E9D875A-B32C-4C61-9315-7314F26309C8}" = ultimate_finalizer
"{606D6AB4-B985-43DD-ABA5-469EE9D66AD0}" = Microsoft Blend for Visual Studio ENU resources
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{64C12304-7010-43F3-A25B-BDC38DE41E46}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6F187617-80E6-3D65-8FE5-85D73472EC6E}" = Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{749A9F57-C98E-41CE-AF30-FFFFF9AB260B}" = Microsoft Blend for Visual Studio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75983112-D431-3DE7-AB7C-2A09D18BF7AC}" = Microsoft Visual Studio 11 LightSwitch Beta Core
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79701A48-EB19-E3B2-A400-5E7C0BA2DC48}" = LocalESPCui for en-us
"{7977F710-8ECD-4E2A-B38E-4AF910EC02DB}" = Microsoft ASP.NET Web Pages 2
"{7DA6B630-FD96-3CC7-B9E1-14A745007AA0}" = Microsoft Visual Studio 11 IntelliTrace Core x86
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{852647F7-061B-4BC4-B8AB-DBCF1CF7E256}" = Microsoft Visual Studio 11 Tools for SQL Server Compact 4.0 SP1 Beta ENU
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89588050-62EA-4CAB-A86D-22558460AF58}" = Microsoft ASP.NET Web Pages - Visual Studio 11 Tools
"{89F922D6-E3E0-4303-AF8E-CE18412E3A18}" = Sound Blaster X-Fi MB 2
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel® Rapid Storage Technology enterprise
"{8DC88245-5E9D-33AB-A0CA-8CBF0567D580}" = Microsoft Visual Studio 11 LightSwitch Beta CoreRes - ENU
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE4CB68-DE71-385F-B188-023E37B8101F}" = Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer Core
"{905DD6C0-B6B1-4759-88A3-7132A1146927}" = Microsoft ASP.NET MVC 4
"{907FFBDC-8CFC-4C98-AFD1-BE1B6872FC1D}" = Microsoft SQL Server 2012 T-SQL Language Service RC0
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91C2ACC8-0AC7-3BAA-ABA3-38D6BD6E71DC}" = Microsoft Visual Studio 11 IntelliTrace Front End x86
"{9487340a-1abd-45e4-83f4-2c7fb32f9dbd}" = Microsoft Visual Studio 11 Developer Preview Language Pack - ENU
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A277769-D04C-41DC-A303-6030AD503DA4}" = vs_devenvLP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9d5aa00c-ed4f-4a09-9d04-b517c948bc45}" = Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EA1D36F-C482-34A0-B2C5-24FC77CFD95F}" = Microsoft Visual Studio 11 Ultimate Beta - ENU
"{a0836d27-1605-4699-8ec1-db8a366e3d23}" = Microsoft Visual Studio 11 Ultimate Beta
"{A436E15E-5C33-30B4-943A-9A7EFD4184D9}" = Microsoft Visual Studio 11 Premium Beta - ENU
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8D0D986-2552-3925-8A4D-1ECB22EA94E2}" = Microsoft Visual C++ Microsoft Foundation Class Libraries 11
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A975AAA7-081E-35A1-80E1-430FDECC944A}" = Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.50214
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABB7A63D-EAF1-4965-BF12-933E4D8FF3E2}" = Microsoft ASP.NET MVC 3 - Visual Studio 11 Tools Update
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95T9A00-40176-4AC6-N973-5A8AB71A09DJ}_is1" = GTA IV + EFLC version 1.5
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA11ADC7-B1E7-4BB8-B1C7-EA4080C57ABB}" = vslp_finalizer
"{BB2AB72C-D8BD-3489-8F74-5C71E6BEBCE1}" = Microsoft Visual Studio 11 Professional Beta - ENU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C34B429D-BC54-4F04-B1DB-9DE39FB07548}" = Prerequisites for SSDT RC0
"{C3B73112-EAD9-393B-8450-C3A2A7C35908}" = Microsoft Portable Library Multi-Targeting Pack
"{C96C69BB-0771-4D94-8CEC-5141EA418228}" = Microsoft Visual C++ Compilers 11
"{CBAFC269-7D4B-4E00-9CB0-E6FF2AA81412}" = Microsoft ASP.NET MVC 4 - Visual Studio 11 Tools
"{CC1AC03A-6251-4263-A415-EF69F08E83DB}" = Microsoft SQL Server 2012 Management Objects RC0
"{CC1D409D-1E7D-42BE-BD67-73BC2C47C68C}" = vs_devenv
"{CC77E110-0ACB-4E15-9A92-6AEB96DA8C06}" = hpg4850
"{CD450A78-9CC9-3D82-88C3-3A36344DCAEB}" = Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer enu Resources
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D24E110A-CEDA-3170-A02B-6BB408B6E650}" = Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D31700E2-428B-4A1F-8A6E-1A38DD53F9B7}" = Visual Studio Extensions for Windows Library for JavaScript
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D994F3E5-94D6-40E3-83A3-35DEDCAD973F}" = vs_minshellinterop
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{dbf56337-7459-4a20-9a7f-1d39bde9b436}" = Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
"{DBF9E65D-5045-45DB-AF46-8990C3DE42D6}" = Microsoft Report Viewer Add-On for Visual Studio 11 - Beta
"{DC50D000-D49D-5729-82CB-C429A7EC5AEF}" = Windows Software Development Kit DirectX x86 Remote
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E043568C-1745-4C69-9D52-43F6E79EB03B}" = Joulemeter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E287CD67-9542-4B20-A091-6BA114861DB2}" = WCF RIA Services V1.0 SP2
"{E28E9456-8B0C-382B-9DF0-AB98868760F4}" = Microsoft Visual Studio 11 Premium Beta
"{E3B82F29-A209-7006-5652-3B91D08BC6FE}" = Windows Software Development Kit for Metro style Apps
"{E3FFF274-0139-3EAE-A00D-36045E3F6C20}" = Microsoft Visual C++ Extended Libraries 11
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E655093E-93CB-4477-84F2-97A964D55834}" = Microsoft Visual C++ Compilers 11 - ENU Resources
"{E6D3DA87-8062-3FDB-B588-C6C7D5A2D9DD}" = Microsoft Visual C++ 11 x86 Minimum Runtime - 11.0.50214
"{E71191F2-3B9E-447C-9999-C71556F10089}" = vs_minshellres
"{E7BEEE1A-9219-49DA-BD22-34D401A9B708}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{E7FD1122-5B27-3636-834D-A709BDAF28C8}" = Microsoft Help Viewer 2.0 Beta
"{EAD78496-2A02-457A-8564-878006F5433C}" = Microsoft® SQL Server Data Tools, RC0 - enu
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EC986FBE-0EB0-3347-9A7D-F0F54424B29B}" = Microsoft Visual Studio 11 Ultimate Beta
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F8D8BD82-168D-31DD-9A07-C365A7A84F07}" = Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.50214
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FD082E9B-8FF6-4328-AAFA-1B730CD83957}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 11 Tools
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF88D506-0CB0-4609-8022-C0C974D5D7E1}" = VitalSource Bookshelf
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASUS WebStorage" = ASUS WebStorage
"ASUS_ROG_THEME" = ASUS_ROG_THEME
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitComet_x64" = BitComet 1.31 64-bit
"Blend_5.0.30129.0" = Microsoft Blend for Visual Studio
"DAEMON Tools Pro" = DAEMON Tools Pro
"Encoder_4.0.4276.0" = Microsoft Expression Encoder 4
"ESN Sonar-0.70.4" = ESN Sonar
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Help Viewer 2.0 Beta" = Microsoft Help Viewer 2.0 Beta
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MpcStar" = MpcStar 5.4
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office Password Recovery Magic_is1" = Office Password Recovery Magic v6.1.1.190
"Origin" = Origin
"PicPick" = PicPick
"PrtScr_is1" = PrtScr 1.5
"QUICKfind" = QUICKfind server v1.1
"Rockstar Games Social Club" = Rockstar Games Social Club
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30/08/2012 07:29:23 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0017b461 Faulting process
id: 0x2bc Faulting application start time: 0x01cd86a2b4484379 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
f1f4ce59-f295-11e1-a700-5404a648b35c
Error - 30/08/2012 07:30:23 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0129b461 Faulting process
id: 0x127c Faulting application start time: 0x01cd86a2d819e579 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
15c67059-f296-11e1-a700-5404a648b35c
Error - 30/08/2012 07:31:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0013b461 Faulting process
id: 0x15e4 Faulting application start time: 0x01cd86a2fc9540c5 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
3a41cba5-f296-11e1-a700-5404a648b35c
Error - 30/08/2012 07:32:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0037b461 Faulting process
id: 0x1474 Faulting application start time: 0x01cd86a3206abf0f Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
5e1749ef-f296-11e1-a700-5404a648b35c
Error - 30/08/2012 07:33:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0018b461 Faulting process
id: 0xbac Faulting application start time: 0x01cd86a34445dad8 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
81f265b8-f296-11e1-a700-5404a648b35c
Error - 30/08/2012 07:34:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0139b461 Faulting process
id: 0x530 Faulting application start time: 0x01cd86a3681bd238 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
a5c85d18-f296-11e1-a700-5404a648b35c
Error - 30/08/2012 07:35:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0139b461 Faulting process
id: 0x1464 Faulting application start time: 0x01cd86a38bf42af8 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
c9a0b5d8-f296-11e1-a700-5404a648b35c
Error - 30/08/2012 07:36:25 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time
stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0139b461 Faulting process
id: 0xe50 Faulting application start time: 0x01cd86a3afc5dc9a Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:
ed72677a-f296-11e1-a700-5404a648b35c
Error - 30/08/2012 07:50:15 | Computer Name = AzMoSiS | Source = WinMgmt | ID = 10
Description =
Error - 30/08/2012 07:56:46 | Computer Name = AzMoSiS | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
[ System Events ]
Error - 03/06/2012 06:02:33 | Computer Name = AzMoSiS | Source = BugCheck | ID = 1001
Description =
Error - 03/06/2012 06:03:16 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001
Description =
Error - 07/06/2012 19:49:54 | Computer Name = AzMoSiS | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291
Description = SAM failed to start the TCP/IP or SPX/IPX listening thread
Error - 07/06/2012 19:49:54 | Computer Name = AzMoSiS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1115
Error - 07/06/2012 19:49:54 | Computer Name = AzMoSiS | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%1062
Error - 10/06/2012 11:49:12 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001
Description =
Error - 13/06/2012 04:29:18 | Computer Name = AzMoSiS | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 17/06/2012 13:20:28 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001
Description =
Error - 23/06/2012 04:06:19 | Computer Name = AzMoSiS | Source = DCOM | ID = 10010
Description =
Error - 25/06/2012 04:54:43 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001
Description =
< End of report >
-
-
still not working. Im in safe mode with networking. There seems to be a folder called combo. When I click it I can see my hard drive and my computer??
-
There is a folder in my C directory called combofix
-
hey maniac,
I installed combo I tried it 3 times. It self extracts, but there is no combo text file or sscan or anything
-
Database version: v2012.08.30.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Maktone :: AZMOSIS [administrator]
Protection: Enabled
30/08/2012 14:36:26
mbam-log-2012-08-30 (14-46-45).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 572785
Time elapsed: 10 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55\U\000000cb.@ (Rootkit.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55\U\80000032.@ (Rootkit.0Access) -> No action taken.
(end)
-
updated it and scanning again
-
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.08.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Maktone :: AZMOSIS [administrator]
Protection: Enabled
08/03/2012 14:48:33
mbam-log-2012-03-08 (14-48-33).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 172455
Time elapsed: 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
I activated the internet and malware picked it up
-
I did quick scan and full scan nothing showed up
Infected with Trogan Dropper.BCMiner and Rootkit.0.Acces
in Resolved Malware Removal Logs
Posted