Jump to content

I don't know what's wrong with my computer!


Recommended Posts

Hello MomoHaze and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please post your logs directly in your reply.
Link to post
Share on other sites

Hello,

Here's my logs:

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Casa at 19:24:16 on 2013-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.8157.6006 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\Philips\SPZ2000\GUCI_AVS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Users\Casa\AppData\Local\Skillbrains\lightshot\4.4.1.0\LightShot.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Windows\VM331_STI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\windows\system32\dmwu.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\system32\rundll32.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\windows\System32\vds.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Casa\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPGUI.dll
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: TextAloud: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll
uRun: [Google Update] "C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [LightShot] C:\Users\Casa\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [cacaoweb] "C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [Memory Cleaner] C:\Users\Casa\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe /S
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [VM331_STI] C:\windows\VM331_STI.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - D:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: D:\Program Files (x86)\FlyVPN\FlyVPNBind.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3A7B1BA7-5DE9-405B-B475-1D64ECAA68A5} : DHCPNameServer = 192.168.10.1 192.168.1.100
TCP: Interfaces\{6945B769-6E21-4DA9-90DF-F625E51C654D} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [sPZ2000_Monitor] C:\windows\Philips\SPZ2000\GUCI_AVS.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\yoqh5wpi.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Users\Casa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Casa\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Casa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Program Files (x86)\Downloader\npdd.dll
FF - ExtSQL: 2013-08-04 13:06; {8E9E3331-D360-4f87-8803-52DE43566502}; C:\Program Files\Web Assistant\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\windows\System32\drivers\AiChargerPlus.sys [2012-1-9 14464]
R0 asahci64;asahci64;C:\windows\System32\drivers\asahci64.sys [2012-1-9 36448]
R0 MDFSYSNT;MacDrive file system driver;C:\windows\System32\drivers\MDFSYSNT.SYS [2010-2-4 304232]
R0 MDPMGRNT;MacDrive Partition Driver;C:\windows\System32\drivers\MDPMGRNT.SYS [2012-8-26 32352]
R1 anodlwf;ANOD Network Security Filter driver;C:\windows\System32\drivers\anodlwfx.sys [2012-8-13 15872]
R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-8-3 28600]
R1 CBDisk;CBDisk;C:\windows\System32\drivers\CBDisk.sys [2012-8-26 70344]
R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-1-10 70928]
R2 ACPService;ACPService;C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-8-26 687104]
R2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-3 84024]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-3 108088]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2012-1-9 922240]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2012-1-9 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-1-9 586880]
R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-8-3 100712]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2012-1-9 203392]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 IBUpdaterService;IBUpdaterService;C:\windows\System32\dmwu.exe [2013-3-3 1455408]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-11-13 230416]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-7 14984480]
R2 StarWindServiceAE;StarWind AE Service;D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-28 3467768]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-1-9 247072]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-9 2656280]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-6-14 109064]
R2 Web Assistant;Web Assistant;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-8-19 188760]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-11-22 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-11-22 394216]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\windows\System32\drivers\athurx.sys [2012-8-13 1924096]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2013-8-7 39712]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-9 471144]
R3 rzendpt;rzendpt;C:\windows\System32\drivers\rzendpt.sys [2013-8-20 39096]
R3 rzudd;Razer Mouse Driver;C:\windows\System32\drivers\rzudd.sys [2013-8-21 141496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-1-10 275912]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 DRTL8192cu;D-Link DWA Wireless N USB Adapter;C:\windows\System32\drivers\RTL8192cu.sys [2012-8-13 748648]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-1-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
S3 GUCI_AVS;Philips SPZ2000 Webcam;C:\windows\System32\drivers\GUCI_AVS.sys [2012-8-24 646656]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-1-9 317440]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2011-11-22 293416]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-11-22 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-11-22 181248]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-09-05 16:41:42 -------- d-----w- C:\windows\CheckSur
2013-08-29 04:29:54 796672 ----a-w- C:\windows\SysWow64\rzdevicedll.dll
2013-08-26 16:39:25 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-26 16:39:25 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-26 16:39:24 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-26 16:39:24 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-26 16:39:24 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-26 16:39:24 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-26 16:39:24 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-26 16:39:24 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-26 16:39:19 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-26 16:39:19 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-26 16:39:11 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-08-26 16:39:10 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-08-26 16:39:10 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-08-21 07:34:32 141496 ----a-w- C:\windows\System32\drivers\rzudd.sys
2013-08-20 08:41:44 39096 ----a-w- C:\windows\System32\drivers\rzendpt.sys
2013-08-20 08:35:02 57344 ----a-w- C:\windows\SysWow64\rzdevinfo.dll
2013-08-20 08:35:02 154112 ----a-w- C:\windows\SysWow64\rztouchdll.dll
2013-08-20 08:34:58 117248 ----a-w- C:\windows\SysWow64\rzdisplaydll.dll
2013-08-20 08:34:56 296448 ----a-w- C:\windows\SysWow64\rzaudiodll.dll
2013-08-06 23:42:23 -------- d-----w- C:\NvidiaLogging
2013-08-06 23:41:33 39712 ----a-w- C:\windows\System32\drivers\nvvad64v.sys
2013-08-06 23:41:33 29984 ----a-w- C:\windows\System32\nvaudcap64v.dll
2013-08-06 23:41:33 28448 ----a-w- C:\windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M  ====================
.
2013-08-04 11:58:17 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-04 11:58:17 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-04 06:27:15 83672 ----a-w- C:\windows\System32\drivers\avnetflt.sys
2013-08-03 11:52:29 985536 ----a-w- C:\windows\PE_Rom.dll
2013-08-03 11:26:12 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2013-08-03 11:26:12 100712 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-30 15:17:02 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 15:17:02 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-06-30 15:17:02 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-06-21 10:23:10 2555680 ----a-w- C:\windows\System32\nvsvcr.dll
2013-06-21 10:23:10 237856 ----a-w- C:\windows\System32\nvmctray.dll
2013-06-21 03:16:02 566048 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2013-06-20 04:17:49 3253909 ----a-w- C:\windows\System32\nvcoproc.bin
.
============= FINISH: 19:24:58,42 ===============
 
 
___________________________________________________________________________________________________________________
 
ATTACH:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 13/08/2012 12:15:17
System Uptime: 05/09/2013 18:53:55 (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | CM6330_CM6630_CM6730_CM6830
Processor: Intel® Core i5-2320 CPU @ 3.00GHz | LGA1155 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 373 GiB total, 230,993 GiB free.
D: is FIXED (NTFS) - 540 GiB total, 471,34 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP257: 03/08/2013 13:13:04 - Configured Microsoft Flight Simulator X
RP258: 03/08/2013 13:16:18 - Removed AVG 2013
RP259: 03/08/2013 13:17:31 - Removed AVG 2013
RP260: 03/08/2013 13:37:58 - Configured ASUS Smart Doctor
RP261: 26/08/2013 18:48:32 - Windows Update
RP262: 05/09/2013 18:41:15 - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Photoshop CS6
Adobe Reader X (10.1.7) MUI
Aggiornamenti NVIDIA 7.2.17
AI Manager
AI Suite II
Akamai NetSession Interface
Apple Mobile Device Support
Apple Software Update
applicationupdater
ASUS Backup Wizard
ASUS Easy Update
ASUS Instant On
ASUS Music Maker
ASUS WebStorage
AsusVibe2.0
µTorrent
aTube Catcher
Avira Free Antivirus
BabylonObjectInstaller
Bing Bar
Bonjour
Canon MP495 series MP Drivers
CCleaner
Chunky
CoffeeCup Web Form Builder
CoffeeCup Web Form Builder Lite
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Counter-Strike: Source Beta
CPUID HWMonitor 1.23
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Downloader
Dual-Core Optimizer
eM Client
Facebook Video Calling 1.2.0.287
FileZilla Client 3.5.3
Firebird SQL Server - MAGIX Edition
FlyVPN
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
gamelauncher-ps2-psg
Google Chrome
Hideman
IB Updater Service
IIS URL Rewrite Module 2
Intel® Management Engine Components
IP Sniffer 1.99.3.1
iTunes
Java 7 Update 25
Java Auto Updater
Java 7 Update 1 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
LG United Mobile Driver
lightshot-4.4.1.0
Loquendo TTS: Luca (Italian)
Loquendo TTS: Paola (Italian)
Loquendo TTS: Roberto (Italian)
MacDrive 8
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Italian) 2010
Microsoft Office Excel MUI (Italian) 2010
Microsoft Office Groove MUI (Italian) 2010
Microsoft Office InfoPath MUI (Italian) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Italian) 2010
Microsoft Office Outlook MUI (Italian) 2010
Microsoft Office PowerPoint MUI (Italian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (Italian) 2010
Microsoft Office Publisher MUI (Italian) 2010
Microsoft Office Shared 32-bit MUI (Italian) 2010
Microsoft Office Shared MUI (Italian) 2010
Microsoft Office Word MUI (Italian) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Native Client 
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Web Platform Installer 4.5
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 it)
Mozilla Thunderbird 17.0.7 (x86 it)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MySQL Connector Net 6.5.4
MySQL Server 5.1
Nexon Game Manager
Nitro Reader 3
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA Driver 3D Vision 320.49
NVIDIA Driver audio HD 1.3.24.2
NVIDIA Driver del controller 3D Vision 320.49
NVIDIA Driver grafico 320.49
NVIDIA GeForce Experience 1.6
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.1
Offline Downloader
Opera 12.12
Outlook Setup Tool
Paint.NET v3.5.10
Pannello di controllo NVIDIA 320.49
Parser MSXML 4.0 SP2 e SDK
PDF Settings CS6
Philips CamSuite
Philips Intelligent Agent
Philips SPZ2500, SPZ2000 WebCam
PHP Manager 1.2 for IIS 7
PlanetSide 2 PSG
Portal: First Slice
Postal 2 Share The Pain
QuadSucker/Web v3.5
Quake Live Mozilla Plugin
Quest4Bush
QuickTime
Raccolta foto di Windows Live
Razer Synapse 2.0
Real Environment Xtreme
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RegClean Pro
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
SHIELD Streaming
Skype™ 6.5
Slendytubbies
SmartSteam 1.41-Fix BuNDl3
SpeedFan (remove only)
Steam
Supporto applicazioni Apple
SurfOffline Professional 2
System Requirements Lab CYRI
TeamSpeak 3 Client
TeamViewer 8
Techne
TextAloud
Toolbar Cleaner 1.1
Trend Micro Titanium
Trend Micro Titanium Internet Security 2012
Ubisoft Game Launcher
UltraISO Premium V9.52
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.1
VPNAutoconnect
Wajam
Web Assistant 2.0.0.603
WebSite Extractor
Website Ripper Copier
Win Web Crawler 3.0
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
Zamzom Wireless
.
==== End Of File ===========================
 
Link to post
Share on other sites

Step 1

I notice that you are using more than one antivirus program.

  • Avira Free Antivirus
  • Trend Micro Titanium
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them.

Also, please uninstall the following applications:

µTorrent

BabylonObjectInstaller

IB Updater Service

Wajam

Web Assistant 2.0.0.603

When you are ready, reboot your system.

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Hello,

Thanks for your help, here's the logs:

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Casa on 07/09/2013 at 15:06:00,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-153906111-2582773194-59742116-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-153906111-2582773194-59742116-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-153906111-2582773194-59742116-1000\Software\Wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_installer_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_installer_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_per_camtasia-studio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_per_camtasia-studio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_per_ultraiso_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_per_ultraiso_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_per_camtasia-studio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_per_camtasia-studio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_per_ultraiso_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_per_ultraiso_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{58CD9A65-A184-41E0-8D74-4E56DC3F171E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Casa\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Casa\AppData\Roaming\babylon"
Failed to delete: [Folder] "C:\Users\Casa\AppData\Roaming\cacaoweb"
Successfully deleted: [Folder] "C:\Users\Casa\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Casa\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Casa\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Program Files (x86)\perion"
Successfully deleted: [Folder] "C:\Program Files (x86)\regclean pro"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Casa\AppData\Roaming\mozilla\firefox\profiles\yoqh5wpi.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Casa\AppData\Roaming\mozilla\firefox\profiles\yoqh5wpi.default\searchplugins\mystart search.xml
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{8e9e3331-d360-4f87-8803-52de43566502}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{fe1deeea-db6d-44b8-83f0-34fc0f9d1052}
Successfully deleted the following from C:\Users\Casa\AppData\Roaming\mozilla\firefox\profiles\yoqh5wpi.default\prefs.js
 
user_pref("extensions.crossrider.bic", "13d8eaffe7e99a5a0b53830d8fd8b312");
user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.
Emptied folder: C:\Users\Casa\AppData\Roaming\mozilla\firefox\profiles\yoqh5wpi.default\minidumps [89 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/09/2013 at 15:10:10,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
AdwCleaner[s0]

# AdwCleaner v3.003 - Report created 07/09/2013 at 15:14:11
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Casa - CASA-PC
# Running from : C:\Users\Casa\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Users\Casa\AppData\Local\Tiger Savings
Folder Deleted : C:\Users\Casa\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Casa\AppData\Roaming\cacaoweb
Folder Deleted : C:\Users\Aicha\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Aicha\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\yoqh5wpi.default\Extensions\cacaoweb@cacaoweb.org
Folder Deleted : C:\Users\Aicha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Naima\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Casa\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Casa\AppData\Roaming\BabMaint.exe
File Deleted : C:\Users\Casa\Desktop\cacaoweb.exe
File Deleted : C:\Users\Naima\AppData\Roaming\Mozilla\Firefox\Profiles\18yhig79.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Administrator.Casa-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5rgqahcb.default\searchplugins\MyStart Search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\windows\System32\Tasks\RegClean Pro_UPDATES
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\yoqh5wpi.default\prefs.js ]
 
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
 
[ File : C:\Users\Aicha\AppData\Roaming\Mozilla\Firefox\Profiles\x7s96jj8.default\prefs.js ]
 
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
 
[ File : C:\Users\Naima\AppData\Roaming\Mozilla\Firefox\Profiles\18yhig79.default\prefs.js ]
 
Line Deleted : user_pref("extensions.crossrider.bic", "13d8eea4eebdf66e02959c836a92eb82");
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
 
[ File : C:\Users\Administrator.Casa-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5rgqahcb.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Aicha\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Naima\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10344 octets] - [07/09/2013 15:12:53]
AdwCleaner[s0].txt - [10208 octets] - [07/09/2013 15:14:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10269 octets] ##########

 
MalwareBytes anti-malware:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versione database: v2013.09.07.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Casa :: CASA-PC [amministratore]
 
07/09/2013 15:21:34
mbam-log-2013-09-07 (15-21-34).txt
 
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 387832
Tempo impiegato: 8 minuti, 59 secondi
 
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
 
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Chiavi di registro rilevate: 3
HKCR\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Spostato in quarantena ed eliminato con successo.
HKCR\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Spostato in quarantena ed eliminato con successo.
HKCR\thunder (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
 
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
 
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
 
File rilevati: 12
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\+b1lFwh9.exe.part (PUP.Optional.SweetIM) -> Nessuna azione intrapresa.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\2wvq3f6x.exe.part (PUP.Optional.SweetIM) -> Nessuna azione intrapresa.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\65+aIhYf.exe.part (PUP.Optional.SweetIM) -> Nessuna azione intrapresa.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\lDp5cf4M.exe.part (PUP.Optional.SweetIM) -> Nessuna azione intrapresa.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\sF0KeaGN.exe.part (PUP.Optional.SweetIM) -> Nessuna azione intrapresa.
C:\Users\Casa\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Nessuna azione intrapresa.
C:\Users\Casa\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> Nessuna azione intrapresa.
C:\$Recycle.Bin\S-1-5-21-153906111-2582773194-59742116-1003\$R8069VF.exe (PUP.Optional.SweetIM) -> Nessuna azione intrapresa.
C:\$Recycle.Bin\S-1-5-21-153906111-2582773194-59742116-1003\$RB1NZS1.exe (PUP.Optional.SweetIM) -> Nessuna azione intrapresa.
C:\Users\Casa\AppData\Local\Temp\rninst~0\ui_data\stubinst_pkg_en-eu.cab (PUP.Optional.OpenCandy) -> Nessuna azione intrapresa.
C:\Users\Casa\AppData\Local\Temp\rninst~0\ui_data\inst_config\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Nessuna azione intrapresa.
C:\Users\Casa\Downloads\guiminer-scrypt_win32_binaries_v0.03.zip (PUP.BitCoinMiner) -> Nessuna azione intrapresa.
 
(fine)

 
Link to post
Share on other sites

New MalwareBytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versione database: v2013.09.07.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Casa :: CASA-PC [amministratore]
 
07/09/2013 15:44:15
mbam-log-2013-09-07 (15-44-15).txt
 
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 387914
Tempo impiegato: 8 minuti, 43 secondi
 
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
 
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
 
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
 
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
 
File rilevati: 12
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\+b1lFwh9.exe.part (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\2wvq3f6x.exe.part (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\65+aIhYf.exe.part (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\lDp5cf4M.exe.part (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Administrator.Casa-PC\AppData\Local\Temp\sF0KeaGN.exe.part (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Casa\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Casa\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> Spostato in quarantena ed eliminato con successo.
C:\$Recycle.Bin\S-1-5-21-153906111-2582773194-59742116-1003\$R8069VF.exe (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\$Recycle.Bin\S-1-5-21-153906111-2582773194-59742116-1003\$RB1NZS1.exe (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Casa\AppData\Local\Temp\rninst~0\ui_data\stubinst_pkg_en-eu.cab (PUP.Optional.OpenCandy) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Casa\AppData\Local\Temp\rninst~0\ui_data\inst_config\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Casa\Downloads\guiminer-scrypt_win32_binaries_v0.03.zip (PUP.BitCoinMiner) -> Spostato in quarantena ed eliminato con successo.
 
(fine)

Link to post
Share on other sites

Much better.

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
How are things now?
Link to post
Share on other sites

Hello and good morning!

RogueKiller report:

RogueKiller V8.6.9 _x64_ [sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Casa [Admin rights]
Mode : Scan -- Date : 09/08/2013 13:12:36
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 5 ¤¤¤
[bLPATH] cacaoweb.exe -- C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe [-] -> Chiuso [TermProc]
[sUSP PATH] Lightshot.exe -- C:\Users\Casa\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe [7] -> Chiuso [TermProc]
[sUSP PATH] VM331_STI.exe -- C:\Windows\VM331_STI.exe [-] -> Chiuso [TermProc]
[sUSP PATH] MemClean.exe -- C:\Users\Casa\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe [7] -> Chiuso [TermProc]
[sERVICE] IBUpdaterService -- C:\Windows\System32\dmwu.exe [x] -> ERROR [1052]
 
¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> Trovato
[RUN][sUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\Casa\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> Trovato
[RUN][bLPATH] HKCU\[...]\Run : cacaoweb ("C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> Trovato
[RUN][sUSP PATH] HKCU\[...]\Run : Memory Cleaner (C:\Users\Casa\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot [7]) -> Trovato
[RUN][sUSP PATH] HKUS\S-1-5-21-153906111-2582773194-59742116-1000\[...]\Run : Google Update ("C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> Trovato
[RUN][sUSP PATH] HKUS\S-1-5-21-153906111-2582773194-59742116-1000\[...]\Run : LightShot (C:\Users\Casa\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> Trovato
[RUN][bLPATH] HKUS\S-1-5-21-153906111-2582773194-59742116-1000\[...]\Run : cacaoweb ("C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> Trovato
[RUN][sUSP PATH] HKUS\S-1-5-21-153906111-2582773194-59742116-1000\[...]\Run : Memory Cleaner (C:\Users\Casa\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot [7]) -> Trovato
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : VM331_STI (C:\windows\VM331_STI.exe [-]) -> Trovato
[sERVICE][bLVALUE] HKLM\[...]\CCSet\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> Trovato
[sERVICE][bLVALUE] HKLM\[...]\CS001\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> Trovato
[sERVICE][bLVALUE] HKLM\[...]\CS002\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> Trovato
[sERVICE][bLVALUE] HKLM\[...]\CS003\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> Trovato
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato
 
¤¤¤ Le attività pianificate : 12 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002UA.job : C:\Users\Aicha\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> Trovato
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002Core.job : C:\Users\Aicha\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> Trovato
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1000UA.job : C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> Trovato
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1000Core.job : C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> Trovato
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1003UA.job : C:\Users\Naima\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> Trovato
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1003Core.job : C:\Users\Naima\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> Trovato
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1000Core : C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> Trovato
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1000UA : C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> Trovato
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002Core : C:\Users\Aicha\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> Trovato
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002UA : C:\Users\Aicha\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> Trovato
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1003Core : C:\Users\Naima\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> Trovato
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1003UA : C:\Users\Naima\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> Trovato
 
¤¤¤ voci di avvio : 0 ¤¤¤
 
¤¤¤ I browser Web : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ Extern Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 1e1332132f75395f6d52b704e4b7c75d
[bSP] c83b6bde9460465965e44d936f8e1335 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 206848 | Size: 19024 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 39168000 | Size: 381546 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09082013_131236.txt >>
 
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

An alternative of this tool?

I don't wanna risk.

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Hi,

OTL.TXT:

OTL logfile created on: 09/09/2013 13:58:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Casa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
7,97 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,16% Memory free
15,93 Gb Paging File | 13,47 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,60 Gb Total Space | 240,63 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive D: | 442,57 Gb Total Space | 376,66 Gb Free Space | 85,11% Space Free | Partition Type: NTFS
Drive I: | 18,58 Gb Total Space | 2,87 Gb Free Space | 15,44% Space Free | Partition Type: NTFS
Drive K: | 97,66 Gb Total Space | 71,36 Gb Free Space | 73,07% Space Free | Partition Type: NTFS
 
Computer Name: CASA-PC | User Name: Casa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/09 13:57:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Casa\Desktop\OTL.exe
PRC - [2013/09/09 13:12:12 | 001,992,328 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
PRC - [2013/09/08 16:23:38 | 000,452,608 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe
PRC - [2013/08/22 12:56:30 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\Casa\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe
PRC - [2013/08/15 11:09:30 | 000,606,040 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2013/08/03 13:25:55 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/08/03 13:25:17 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/08/03 13:25:15 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/07/27 10:41:25 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/27 10:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/06/30 16:36:56 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/10/08 20:30:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/06/14 17:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/21 09:08:48 | 000,188,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
PRC - [2011/11/01 03:29:02 | 001,084,032 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
PRC - [2011/06/13 10:36:54 | 000,922,240 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
PRC - [2011/05/25 06:54:46 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011/02/25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 02:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010/11/27 07:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/11/09 01:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010/09/25 07:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010/08/26 15:53:46 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe
PRC - [2010/08/26 15:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPGUI.dll
PRC - [2010/01/15 19:38:46 | 000,536,576 | ---- | M] (Vimicro) -- C:\Windows\VM331_STI.exe
PRC - [2009/12/23 23:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 000,148,112 | ---- | M] (Apache Friends) -- C:\xampp\xampp-control.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPZ2000\GUCI_AVS.exe
PRC - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/09 13:12:12 | 001,992,328 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
MOD - [2013/09/08 16:23:38 | 000,452,608 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe
MOD - [2013/09/05 22:19:18 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/09/05 22:18:40 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/09/05 22:18:29 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d82770dc4e5fee30ca8a7244bf7f613a\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/09/05 22:18:29 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/09/05 22:18:28 | 002,647,552 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\420022aad3481c670eb86a4ca72d5b43\System.Runtime.Serialization.ni.dll
MOD - [2013/09/05 22:18:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c389533f1477363803e53dce01560d12\System.Xml.Linq.ni.dll
MOD - [2013/08/26 18:53:46 | 018,003,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\56a1feb800860a3bc5d8a45ee92a77ec\PresentationFramework.ni.dll
MOD - [2013/08/26 18:53:37 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\001aeb860d7f2ba416e0fedc606fee98\PresentationCore.ni.dll
MOD - [2013/08/26 18:53:35 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/08/26 18:53:32 | 007,070,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\c25ede0d0127774c504c4fc41d4de273\System.Core.ni.dll
MOD - [2013/08/26 18:53:31 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b3ed31a444f444325ddb64b290ed2f1e\WindowsBase.ni.dll
MOD - [2013/08/26 18:53:29 | 005,628,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/26 18:53:29 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/26 18:53:27 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/26 18:53:26 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/26 18:53:26 | 001,014,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/07/12 03:05:21 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/06/13 19:53:24 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Instant On\MSPowerLib.dll
MOD - [2011/05/20 19:12:18 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2011/05/17 03:35:56 | 000,965,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011/05/12 00:01:40 | 001,264,640 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011/05/07 02:53:38 | 001,036,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2011/04/08 03:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011/02/24 20:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011/02/09 19:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/01/08 02:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011/01/06 20:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010/08/26 15:54:14 | 000,358,400 | ---- | M] () -- C:\PROGRAM FILES (X86)\PHILIPS\CAMSUITE\2.0.15.0\Resources.dll
MOD - [2010/08/26 15:53:34 | 000,898,048 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPPlugins.dll
MOD - [2010/08/26 15:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPGUI.dll
MOD - [2010/08/26 15:52:02 | 000,470,016 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACP_Lib.dll
MOD - [2010/08/26 15:51:32 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPSharedTypes.dll
MOD - [2010/08/26 15:51:22 | 000,315,904 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\Common.dll
MOD - [2010/08/23 04:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
MOD - [2010/08/07 04:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010/08/07 04:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010/06/22 01:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010/06/22 01:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009/08/13 06:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2005/10/25 02:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Easy Update\AsMultiLang.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/07/27 10:49:33 | 014,984,480 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/06/30 16:36:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2012/11/13 15:50:50 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/07 10:16:32 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2013/09/06 22:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/04 13:58:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/03 17:30:13 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/03 13:25:55 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/03 13:25:17 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/07/27 10:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/10/08 20:30:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/06/14 17:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/13 10:36:54 | 000,922,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011/03/02 07:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/08/26 15:53:46 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Philips\CamSuite\2.0.15.0\ACPService.exe -- (ACPService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/08/21 09:34:32 | 000,141,496 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/08/20 10:41:44 | 000,039,096 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/08/03 13:26:12 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/08/03 13:26:12 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/08/03 13:26:12 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/05/14 21:28:40 | 000,039,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/02/25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/09/05 13:28:52 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/09 23:04:21 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/09 23:04:21 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/09/14 11:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 11:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/08/23 15:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/23 12:17:06 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/14 01:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/21 20:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/23 09:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2010/12/10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 00:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 19:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/11 01:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/08/19 23:27:40 | 000,748,648 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (DRTL8192cu)
DRV:64bit: - [2010/07/02 12:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/06/10 17:57:10 | 000,646,656 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2010/06/07 14:42:40 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2010/02/04 09:14:20 | 000,304,232 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/01/13 11:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/09/23 13:23:08 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 23:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=102876&gct=hp
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111304&tt=201208_mnt_n_3412_4&babsrc=SP_ss&mntrId=a6a52f07000000000000e0469a1904ea
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..\SearchScopes\{58CD9A65-A184-41E0-8D74-4E56DC3F171E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^IT&apn_uid=00bf545b-7a36-44b5-9fd7-cfdfe6a0dc8c&apn_sauid=02A87BC4-2680-4AA9-AA7E-7495677E5F2F
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyLsJUOOM&i=26
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-153906111-2582773194-59742116-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:2.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: D:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Casa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Casa\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Casa\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Casa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\autodesk.com/Autodesk123DShapes: C:\Users\Casa\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.111\npAutodesk123DShapes32.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/09/08 22:12:04 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/09/08 22:12:04 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/09/08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/09/08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/09/08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Web Assistant\Firefox [2013/09/08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013/07/05 11:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013/07/05 11:56:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/12/23 20:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Casa\AppData\Roaming\mozilla\Extensions
[2013/09/08 23:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Casa\AppData\Roaming\mozilla\Firefox\Profiles\yoqh5wpi.default\extensions
[2013/09/08 22:12:22 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Casa\AppData\Roaming\mozilla\Firefox\Profiles\yoqh5wpi.default\extensions\cacaoweb@cacaoweb.org
[2013/09/08 23:22:08 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Casa\AppData\Roaming\mozilla\firefox\profiles\yoqh5wpi.default\extensions\client@anonymox.net.xpi
[2013/08/03 17:36:09 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\Casa\AppData\Roaming\mozilla\firefox\profiles\yoqh5wpi.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/08/03 17:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/08/03 17:30:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No CLSID value found.
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [sPZ2000_Monitor] C:\Windows\Philips\SPZ2000\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VM331_STI] C:\Windows\VM331_STI.exe (Vimicro)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-153906111-2582773194-59742116-1000..\Run: [cacaoweb] C:\Users\Casa\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKU\S-1-5-21-153906111-2582773194-59742116-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-153906111-2582773194-59742116-1000..\Run: [LightShot] C:\Users\Casa\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-153906111-2582773194-59742116-1000..\Run: [Memory Cleaner] C:\Users\Casa\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com)
O4 - HKU\S-1-5-21-153906111-2582773194-59742116-1001..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-153906111-2582773194-59742116-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Aicha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk =  File not found
O4 - Startup: C:\Users\Naima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1001\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1001\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1001\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-153906111-2582773194-59742116-1001\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A7B1BA7-5DE9-405B-B475-1D64ECAA68A5}: DhcpNameServer = 192.168.10.1 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6945B769-6E21-4DA9-90DF-F625E51C654D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/09 13:57:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Casa\Desktop\OTL.exe
[2013/09/08 20:15:29 | 000,000,000 | ---D | C] -- C:\xampp
[2013/09/07 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Casa\AppData\Roaming\Malwarebytes
[2013/09/07 15:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/07 15:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/07 15:12:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/05 19:49:13 | 000,000,000 | ---D | C] -- C:\Users\Casa\Desktop\NerdKeys
[2013/09/05 18:41:42 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[2013/08/29 06:29:54 | 000,796,672 | ---- | C] (Razer Inc) -- C:\windows\SysWow64\rzdevicedll.dll
[2013/08/27 22:53:27 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/27 22:53:27 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/08/26 18:54:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/26 18:54:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/26 18:54:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/26 18:54:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/26 18:54:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/26 18:54:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/26 18:54:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/26 18:54:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/26 18:54:00 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/26 18:54:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/26 18:54:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/26 18:53:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/26 18:53:59 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/26 18:53:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/26 18:53:58 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/26 18:39:25 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/26 18:39:24 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/26 18:39:24 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/26 18:39:11 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/08/26 18:37:00 | 000,000,000 | ---D | C] -- C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitMinter
[2013/08/21 09:34:32 | 000,141,496 | ---- | C] (Razer Inc) -- C:\windows\SysNative\drivers\rzudd.sys
[2013/08/20 10:41:44 | 000,039,096 | ---- | C] (Razer Inc) -- C:\windows\SysNative\drivers\rzendpt.sys
[2013/08/20 10:35:02 | 000,154,112 | ---- | C] (Razer Inc) -- C:\windows\SysWow64\rztouchdll.dll
[2013/08/20 10:35:02 | 000,057,344 | ---- | C] (Razer Inc) -- C:\windows\SysWow64\rzdevinfo.dll
[2013/08/20 10:34:58 | 000,117,248 | ---- | C] (Razer Inc) -- C:\windows\SysWow64\rzdisplaydll.dll
[2013/08/20 10:34:56 | 000,296,448 | ---- | C] (Razer Inc) -- C:\windows\SysWow64\rzaudiodll.dll
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/09 13:57:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Casa\Desktop\OTL.exe
[2013/09/09 13:56:00 | 000,001,156 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1000UA.job
[2013/09/09 13:51:00 | 000,001,160 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002UA.job
[2013/09/09 13:12:09 | 000,452,608 | ---- | M] () -- C:\Users\Casa\Desktop\cacaoweb.exe
[2013/09/09 13:12:00 | 000,001,160 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1003UA.job
[2013/09/09 13:12:00 | 000,000,978 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/09 12:37:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002UA.job
[2013/09/09 12:08:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1000UA.job
[2013/09/09 10:54:00 | 000,000,386 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-153906111-2582773194-59742116-1000.job
[2013/09/09 10:50:49 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 10:50:49 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 10:43:14 | 000,000,198 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2013/09/09 10:43:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/09 10:43:01 | 2119,864,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/09 02:29:00 | 000,000,386 | ---- | M] () -- C:\windows\tasks\update-sys.job
[2013/09/08 22:56:00 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1000Core.job
[2013/09/08 21:52:57 | 000,041,555 | ---- | M] () -- C:\Users\Casa\Desktop\3pycqn.jpg
[2013/09/08 21:06:10 | 007,826,944 | ---- | M] () -- C:\Users\Casa\Desktop\game_angryAS3mrX.tar
[2013/09/08 21:05:14 | 000,001,348 | ---- | M] () -- C:\Users\Casa\Desktop\angryAS3mrX.php
[2013/09/08 20:18:26 | 000,001,452 | ---- | M] () -- C:\Users\Casa\Desktop\XAMPP Control Panel.lnk
[2013/09/08 18:37:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002Core.job
[2013/09/08 15:02:13 | 000,000,274 | ---- | M] () -- C:\windows\tasks\RegClean Pro_DEFAULT.job
[2013/09/08 14:51:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-153906111-2582773194-59742116-1002Core.job
[2013/09/08 14:49:33 | 001,765,158 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/08 14:49:33 | 000,783,872 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2013/09/08 14:49:33 | 000,692,134 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/08 14:49:33 | 000,159,168 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2013/09/08 14:49:33 | 000,132,420 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/08 13:10:55 | 003,787,264 | ---- | M] () -- C:\Users\Casa\Desktop\RogueKillerX64.exe
[2013/09/08 12:13:57 | 606,466,668 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/09/07 22:37:16 | 001,185,298 | ---- | M] () -- C:\Users\Casa\Desktop\opencart seo pack pro v4.21.rar
[2013/09/07 14:55:42 | 000,000,270 | R-S- | M] () -- C:\ProgramData\ntuser.pol
[2013/09/06 10:58:04 | 000,002,358 | ---- | M] () -- C:\Users\Casa\Desktop\Google Chrome.lnk
[2013/09/05 22:52:13 | 000,000,438 | ---- | M] () -- C:\Users\Casa\AppData\Local\UserProducts.xml
[2013/09/05 19:18:02 | 000,031,946 | ---- | M] () -- C:\Users\Casa\Desktop\559250_155016604697962_1863030912_n.jpg
[2013/09/02 12:27:50 | 000,512,146 | ---- | M] () -- C:\Users\Casa\Desktop\machete-theme.xml
[2013/08/29 06:29:54 | 000,796,672 | ---- | M] (Razer Inc) -- C:\windows\SysWow64\rzdevicedll.dll
[2013/08/21 09:34:32 | 000,141,496 | ---- | M] (Razer Inc) -- C:\windows\SysNative\drivers\rzudd.sys
[2013/08/20 10:41:44 | 000,039,096 | ---- | M] (Razer Inc) -- C:\windows\SysNative\drivers\rzendpt.sys
[2013/08/20 10:35:02 | 000,154,112 | ---- | M] (Razer Inc) -- C:\windows\SysWow64\rztouchdll.dll
[2013/08/20 10:35:02 | 000,057,344 | ---- | M] (Razer Inc) -- C:\windows\SysWow64\rzdevinfo.dll
[2013/08/20 10:34:58 | 000,117,248 | ---- | M] (Razer Inc) -- C:\windows\SysWow64\rzdisplaydll.dll
[2013/08/20 10:34:56 | 000,296,448 | ---- | M] (Razer Inc) -- C:\windows\SysWow64\rzaudiodll.dll
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/08 21:52:57 | 000,041,555 | ---- | C] () -- C:\Users\Casa\Desktop\3pycqn.jpg
[2013/09/08 21:07:12 | 000,001,122 | ---- | C] () -- C:\Users\Casa\Desktop\angryAS3mrX2.gif
[2013/09/08 21:07:11 | 000,001,348 | ---- | C] () -- C:\Users\Casa\Desktop\angryAS3mrX.php
[2013/09/08 21:07:10 | 000,003,055 | ---- | C] () -- C:\Users\Casa\Desktop\angryAS3mrX1.gif
[2013/09/08 21:07:09 | 007,817,929 | ---- | C] () -- C:\Users\Casa\Desktop\angryAS3mrX.swf
[2013/09/08 21:06:29 | 007,826,944 | ---- | C] () -- C:\Users\Casa\Desktop\game_angryAS3mrX.tar
[2013/09/08 20:36:03 | 000,512,146 | ---- | C] () -- C:\Users\Casa\Desktop\machete-theme.xml
[2013/09/08 20:36:01 | 000,009,735 | ---- | C] () -- C:\Users\Casa\Desktop\logo.png
[2013/09/08 20:17:55 | 000,001,452 | ---- | C] () -- C:\Users\Casa\Desktop\XAMPP Control Panel.lnk
[2013/09/08 13:10:56 | 003,787,264 | ---- | C] () -- C:\Users\Casa\Desktop\RogueKillerX64.exe
[2013/09/07 22:37:11 | 001,185,298 | ---- | C] () -- C:\Users\Casa\Desktop\opencart seo pack pro v4.21.rar
[2013/09/05 19:18:02 | 000,031,946 | ---- | C] () -- C:\Users\Casa\Desktop\559250_155016604697962_1863030912_n.jpg
[2013/08/03 14:57:14 | 000,000,020 | ---- | C] () -- C:\windows\SysWow64\pub_store.dat
[2013/08/03 01:19:16 | 000,007,634 | ---- | C] () -- C:\Users\Casa\AppData\Local\Resmon.ResmonCfg
[2013/05/27 15:45:47 | 001,051,072 | ---- | C] () -- C:\windows\PE_File.dll
[2013/05/27 15:45:09 | 000,985,536 | ---- | C] () -- C:\windows\PE_Rom.dll
[2013/05/10 17:21:32 | 000,000,438 | ---- | C] () -- C:\Users\Casa\AppData\Local\UserProducts.xml
[2013/03/29 02:46:15 | 000,000,049 | ---- | C] () -- C:\Users\Casa\AppData\Roaming\TheHunterSettings_live.cfg
[2013/03/29 02:40:08 | 000,011,865 | ---- | C] () -- C:\Users\Casa\AppData\Roaming\TheHunterSettings_live.bin
[2013/02/18 22:57:46 | 000,034,308 | ---- | C] () -- C:\windows\SysWow64\bassmod.dll
[2013/02/08 16:38:18 | 000,601,088 | ---- | C] () -- C:\Users\Casa\AppData\Roaming\SharedSettings.ccs
[2013/02/07 14:29:35 | 000,119,888 | ---- | C] () -- C:\Users\Casa\AppData\Roaming\BabMaint.exe
[2012/10/26 19:28:25 | 000,582,661 | ---- | C] () -- C:\Users\Casa\AppData\Roaming\technic-launcher.jar
[2012/10/24 13:53:54 | 000,000,120 | ---- | C] () -- C:\Users\Casa\AppData\Roaming\2297c858.dat
[2012/08/27 03:26:13 | 000,005,120 | ---- | C] () -- C:\Users\Casa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/24 03:09:17 | 000,000,263 | ---- | C] () -- C:\ProgramData\CamSuite.ini
[2012/08/24 03:08:50 | 000,001,337 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2012/08/22 13:15:41 | 001,742,604 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/22 13:12:56 | 000,281,688 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/08/22 13:12:54 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/08/22 13:12:53 | 003,130,440 | ---- | C] () -- C:\windows\SysWow64\pbsvc_blr.exe
[2012/08/17 00:57:16 | 000,027,520 | ---- | C] () -- C:\Users\Casa\AppData\Local\dt.dat
[2012/08/15 22:04:54 | 000,000,132 | ---- | C] () -- C:\Users\Casa\AppData\Roaming\Preferenze Adobe Formato PNG CS6
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2012/01/10 00:09:12 | 000,000,270 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/09 23:39:31 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2012/01/09 23:38:34 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2012/01/09 23:38:28 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\drivers\ServiceHelp.dll
[2012/01/09 23:38:28 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2012/01/09 23:38:28 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2012/01/09 23:27:40 | 000,013,417 | ---- | C] () -- C:\windows\Ascd_log.ini
[2012/01/09 23:27:34 | 000,010,296 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2012/01/09 23:27:34 | 000,008,063 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2012/01/09 23:27:34 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2012/01/09 22:48:22 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/01/09 22:48:21 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/01/09 22:48:20 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
 
< End of report >
 
Link to post
Share on other sites

Extras.txt:

OTL Extras logfile created on: 09/09/2013 13:58:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Casa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
7,97 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,16% Memory free
15,93 Gb Paging File | 13,47 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,60 Gb Total Space | 240,63 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive D: | 442,57 Gb Total Space | 376,66 Gb Free Space | 85,11% Space Free | Partition Type: NTFS
Drive I: | 18,58 Gb Total Space | 2,87 Gb Free Space | 15,44% Space Free | Partition Type: NTFS
Drive K: | 97,66 Gb Total Space | 71,36 Gb Free Space | 73,07% Space Free | Partition Type: NTFS
 
Computer Name: CASA-PC | User Name: Casa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17C4A394-9A5C-466B-9FA8-139B78B2CEB6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4A12216F-ABC7-49F6-B9D4-2DCD1DF8E9AB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5B0AED45-8F81-4FB0-A679-C5ECB9DFFE5C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65FD8825-6735-4CD2-9680-37CA3DEBF9DB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{76647998-BAAD-40A8-A3F2-5E57BE0D20F8}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{7916E1A6-5D73-4376-A8F9-532ECF2C9625}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{81ACBA2C-6A69-457C-81EA-B787E851B711}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{8D1CE2C3-4FF9-4DC0-B447-4EADE953B8FC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{90E12D9D-B1DF-4756-92D5-3251A1C3A9D5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{940F2D40-CF2B-4AA3-BD4F-6B7D68ACF619}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A5133463-BBEC-4DF6-8AA9-6BCFD6413F6C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AB2DC9AE-09F2-448F-8AED-354AAEDB0FAA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BF146AA9-844F-4747-86ED-D81B031186F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C15956B7-2FF4-44DC-BC93-38BA0672FAE9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CC53C3AE-76EF-41C0-BF94-0EE6EA931200}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3127C61-0516-4FE0-977F-DBD18D5130CC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ED23E3D4-4F24-4A7E-AE34-A445D35037F2}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{FDC465F5-90D0-48A4-95CC-C4AA68F1A956}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FDE9E308-886F-4AE4-AB86-598B6DAA0AB2}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05837DD6-5052-469E-9947-CC424ED5E8F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{0DFAEA68-6B6E-4336-8DA8-4B57E5F1BB62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{0E3B715B-4712-49D6-BB67-ED162D1631A6}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{0EC98A17-EEAB-4BF9-A7F6-30B62F897065}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe | 
"{122DFE1B-3C67-4CE9-85E0-9B0AF498EC0C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{12BAE3BF-5E26-4DBD-A3B3-FB17909D7C6C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{13AAF591-090D-497F-ADAE-73C020788CCE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{13FEB47D-DF32-4151-9665-5ED6ABE45E54}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{16933B01-65D1-48EB-869A-CF18B418D414}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{1A3CC28D-6A23-457B-91C6-EBD5F1EA6F07}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1A4F9441-6ECA-41E4-AEA8-98160CBA79EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{1AEF67E3-170A-48E9-94CD-A6B1585A6E12}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderexternal\thunderplatform.exe | 
"{203954F3-1B7E-4493-9308-141E9AA589B2}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{22C06B30-9220-42B4-846A-FEF7B7083A1E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{292917B2-BFF1-4DF8-8CBC-B39288452EA8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\primal_carnage\binaries\win32\primalcarnagegame.exe | 
"{2A7D96EE-DD2A-4277-89B3-516900753946}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2A998FEC-9EFC-4585-A297-CCBE91D0BE18}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{2B74ABEC-34D3-40FA-AC8F-0598C1211FB5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2D022090-9E7F-48F3-8FDD-F4B28DEB9746}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe | 
"{2DB7635B-3CF5-4DE2-A610-25DAEC1ABFD0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{32589E30-F2F8-424B-BEE0-A140597AC0B9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{33951A97-89C2-48B9-AECE-F675E8DE1815}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{39AD047D-4F95-44E5-942F-3287D5A6F8B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{39C8FF5E-48B3-4F08-8F2F-C7C8444E4626}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe | 
"{3EE4C563-36D9-42F6-AC5E-8DFD257F485E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{4B47F4DC-762A-4F5B-98EC-8E8F56E2390E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{52019017-3A61-4C88-9FBE-222DFBD0D150}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{53B951DE-F0B9-44B2-A611-0AA33C1BBEFC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5CB9115A-0ED3-4C4F-AEDE-6A053F7DFEE1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5E77B229-2D7B-4FA9-9E63-C2655E850757}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | 
"{62953AE8-214A-49D1-94ED-E55B034921F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{65ACF093-8C5D-4B1B-8946-D3AC28C79205}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6A1E9ADE-80BA-4F87-A055-8D3088E5713B}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderexternal\thunderplatform.exe | 
"{70B6DEE4-C418-474C-BE56-2904285DB975}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fray\fray.exe | 
"{71F4905E-E057-46F3-84F5-84BD6DC99F53}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{77125E86-257B-4CD4-845B-364FDA206B9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7949FDB8-CF7B-400B-89F0-60B09E31CB49}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderexternal\thunderplatform.exe | 
"{7ACC9F7C-A8A6-4C6B-8662-A87678E65104}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7B1E2EC2-9258-4523-A3C9-77F5AAEC2B81}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7E2142C4-F1D3-459C-8FCA-85D2D915B760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{80C499F9-7E1F-492D-B519-79E410D86086}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{82F5A22A-D034-4288-A12A-BB4AA7B34AF8}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{8600BF88-6599-4482-96A9-44B5C41376D7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{86CDB460-D661-435F-86F5-9765365B1E05}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{882A1BD4-DE25-482B-BDF1-AFC92702A93F}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{89B93A78-2501-4A4D-AFA4-6B15718C4C6F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8AC5AB71-337E-45C3-B804-72C3A5B56E68}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8C648494-64FF-4730-952B-E7F11DC5C041}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{8FD102C7-2722-4F67-8AA5-851799DBCE02}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{991D1D98-8289-40F1-AE1D-962757093ADB}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{A4593F39-78E7-4DCC-A843-B54349293F06}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A5DEFA33-3251-44D5-9FAA-510031ED2CFA}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{A6060874-2197-4B83-BE80-104DD4301582}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\microvolts\launcher.exe | 
"{B84029E3-BA67-456C-B12E-546956B261E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B844A329-0509-4B25-9D17-E138AE895D85}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B9971666-B6E2-43DB-B9D2-99EB437AB2ED}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BEE87870-D59E-4E67-9949-15399379A52D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\microvolts\launcher.exe | 
"{C2F0C71F-ABDF-4EF1-AE86-8D3EB79CBF1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C60963B6-5CF8-47B2-AB85-6A0FF700D1D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C919F8C4-17AF-427E-AE59-09EB874694BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CB46C6AA-4CF6-4C24-A2BA-2BF5E25744E1}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | 
"{D065FEE9-80E4-44C0-BD1A-DE1A2BF19CDB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D295F098-0993-4878-9186-186C086A1CEA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{D65D6847-9CC7-46E2-8E30-AB3AF855C80E}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | 
"{D7D798B2-26BD-41D7-BC50-4DA0151B13F6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\primal_carnage\binaries\win32\primalcarnagegame.exe | 
"{D9CD8048-815C-4EAE-8D10-186B1C0E5C65}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{E101E0CA-F4B3-4C2D-B61B-99D9A6B5D54E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E29A4E46-864A-430B-BCB7-D23394A15437}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{ECED7CA8-DCDE-429A-824B-13C9FEBC7230}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{EF771110-DEB5-462F-B661-DE86A0725DE7}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe | 
"{F20D0A99-E55F-40A4-95AE-F6D3E8B6D1D5}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | 
"{F5B9AE8E-6FB3-403E-B41D-FBCCE6D4D037}" = dir=in | app=c:\users\casa\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{F68C94FA-F49B-4B6B-ABDD-48DC8E61B73B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F8A9D410-7437-4F0D-AC39-4506B0D5DD49}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fray\fray.exe | 
"{F906B515-5E80-4B28-A7B6-70BB515627B6}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderexternal\thunderplatform.exe | 
"TCP Query User{03779D59-25AD-49FC-BD26-DDDD8A638DA8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{04CCA6FA-96C1-450C-B438-3D5D7DAEC0D3}C:\users\casa\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\casa\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{06128AAA-144F-49A5-B91B-B453C9A560E3}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"TCP Query User{0A401060-C59B-4017-82A6-CC12311D2BA6}D:\program files (x86)\surfoffline professional 2\so_pro.exe" = protocol=6 | dir=in | app=d:\program files (x86)\surfoffline professional 2\so_pro.exe | 
"TCP Query User{14EB1463-B953-4C24-9447-AA8727A186C7}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{168308E0-EECA-4F08-BEA8-0878E946F375}C:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe | 
"TCP Query User{21531B36-DC5F-4DCC-AC85-4465677E3ACD}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{27C8DF48-25B8-4082-96CF-4CB27F33FE51}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{2D0DCBBD-0CDD-407A-BE45-3DAC8C8B0E76}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"TCP Query User{4E8ED584-AA0D-4F05-867A-63CB54E10289}C:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe | 
"TCP Query User{6572B0C2-090E-48FE-8D77-61BD29195BE9}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{7686CC7F-0E2C-49F9-856F-0D55CBC233BE}C:\users\aicha\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\aicha\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{7EEA12A4-048D-497D-A672-F11017066AF2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{84B4AA86-E432-4A8E-85EE-A91AF411519D}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe | 
"TCP Query User{8BE2A6F1-4B68-46B2-B5E5-920E87E4F9FB}C:\users\casa\appdata\local\apps\2.0\9zlewdyd.vtd\lqzen09x.0zo\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe" = protocol=6 | dir=in | app=c:\users\casa\appdata\local\apps\2.0\9zlewdyd.vtd\lqzen09x.0zo\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe | 
"TCP Query User{90D6072A-A0EE-41B2-9FF5-0873212935BA}C:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe | 
"TCP Query User{9FC23F64-8523-462D-BD30-800141C9D69E}C:\users\casa\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\casa\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{A701BE95-0AE6-44B9-94D6-B82DAEE50D92}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{B1B59EB3-F5D7-4243-8CAD-11ED0697D460}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{C60B1A06-EBD7-42BA-8BFF-A62321F5D712}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{CC4DDCFF-C76F-4975-9FDA-01AB65146F72}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{CD9F8908-1614-4EC9-AC68-01375A6789C2}D:\program files (x86)\zeoworks\slendytubbies\slendytubbies 32bit.exe" = protocol=6 | dir=in | app=d:\program files (x86)\zeoworks\slendytubbies\slendytubbies 32bit.exe | 
"TCP Query User{D4DF454E-507C-4FD8-9D4A-0684B5A0C383}C:\users\casa\games\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\users\casa\games\tom clancy's h.a.w.x\hawx.exe | 
"TCP Query User{DFA9E8E6-C398-447C-8EF3-242B3BF2BE64}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{E51DE8CE-F181-4BD7-8A2D-CCD441F2EA6E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{EF35259F-52AF-414D-B89B-90B94CFEE489}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{0CB7B3BC-81B5-431F-92A0-032D97642E48}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{0F452F2D-5133-49A6-92FC-3305D0F7DC41}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{377225F5-58C1-4138-AF7B-D549EA74C416}D:\program files (x86)\zeoworks\slendytubbies\slendytubbies 32bit.exe" = protocol=17 | dir=in | app=d:\program files (x86)\zeoworks\slendytubbies\slendytubbies 32bit.exe | 
"UDP Query User{3CCF5896-6D2F-44B3-B2C9-B28B749221F2}C:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe | 
"UDP Query User{48228DD4-DD56-41FB-8FF6-8BD9F9E900E2}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{4886209B-4B7A-47D3-9FAB-E84B5C97571E}D:\program files (x86)\surfoffline professional 2\so_pro.exe" = protocol=17 | dir=in | app=d:\program files (x86)\surfoffline professional 2\so_pro.exe | 
"UDP Query User{4C9F48A6-0911-4590-AB64-393B3CE5F9D8}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{54782A67-41E0-4C1A-B366-E8972F5C1A89}C:\users\casa\appdata\local\apps\2.0\9zlewdyd.vtd\lqzen09x.0zo\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe" = protocol=17 | dir=in | app=c:\users\casa\appdata\local\apps\2.0\9zlewdyd.vtd\lqzen09x.0zo\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe | 
"UDP Query User{65D2EC4E-8805-4D94-A82B-884CB656824C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{6B997CE4-16AA-4523-BACA-48E434FBC241}C:\users\casa\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\casa\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{77DF3E58-3775-4D2B-B8FF-B95743FD4A10}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{80508976-24B9-43E0-B354-345AD8C940E2}C:\users\casa\games\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\users\casa\games\tom clancy's h.a.w.x\hawx.exe | 
"UDP Query User{9D46A709-9017-4FB9-86CC-94C4848F2B7E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A7C7351B-69F6-4AC8-97F0-86BDE0E75C9E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{B203ACE4-D413-4719-9C9C-D570DCD75B0B}C:\users\casa\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\casa\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B609E961-78AA-419D-996F-49E0BE45EE09}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{B795C641-9AE6-4270-A01F-1C6C8D69D712}C:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\casa\appdata\roaming\cacaoweb\cacaoweb.exe | 
"UDP Query User{BDCC3AF2-5695-4CDB-ABA4-CE351B9AF3F4}C:\users\aicha\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\aicha\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{C1B87D2B-12D6-40CE-926F-8F4626AFDCD2}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"UDP Query User{C8892E5F-7EA0-409B-966D-2A931B000DCD}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"UDP Query User{CA3B8A7F-EB49-4749-B44B-40E006B87257}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{D59D8129-5B7C-43D5-BB2B-0299922914E1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{D80E0098-2316-4E3F-85E3-519CDD205BE6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{D84046CB-DA80-47AB-92D7-10181D983A93}C:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe | 
"UDP Query User{D969E3D0-7D08-4088-BA3B-BD7989DA2CC1}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{F87145B8-108F-4CFF-A4F5-C73BD95ABB52}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java 7 Update 1 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.603
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{458707CD-9D7A-477F-B925-02242A29673B}" = Microsoft Web Platform Installer 4.5
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client 
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F6D780C-53B8-4385-98BC-62F78F9E4C38}" = MacDrive 8
"{8FFA29B1-9AF5-45A7-8C38-DDB6CD672BEC}" = Nitro Reader 3
"{90140000-0015-0410-1000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010
"{90140000-0015-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0410-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010
"{90140000-0016-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0410-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010
"{90140000-0018-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0410-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010
"{90140000-0019-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0410-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010
"{90140000-001A-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0410-1000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010
"{90140000-001B-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0410-1000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010
"{90140000-002C-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{523690F3-BE14-4E76-BAF0-A017FCBBE69A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0410-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Italian) 2010
"{90140000-0043-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{77D63520-BF2D-47CF-BFE4-3D16EA6E7839}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0410-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010
"{90140000-0044-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0410-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010
"{90140000-006E-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{11F278BE-B9CF-4C45-92C2-63BF94AEA3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0410-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010
"{90140000-00A1-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0410-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010
"{90140000-00BA-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{720299F5-E1B4-440F-B91D-321ADB853507}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A8BDBCC8-0C63-4151-AE06-AA3F1AB0F952}" = MySQL Server 5.1
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver 3D Vision 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver del controller 3D Vision 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 7.2.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver audio HD 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.1
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E851486F-1FE2-44F0-85ED-F969088A68EE}" = PHP Manager 1.2 for IIS 7
"{EB675D0A-2C95-405B-BEE8-B42A65D23E11}" = IIS URL Rewrite Module 2
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Chunky" = Chunky
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.23
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.0
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56E670F3-592B-47B8-9159-265E5CF3F753}" = ASUS Music Maker
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Supporto applicazioni Apple
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75F6C4E0-05CB-45D0-B22F-17130CFE8628}" = Philips SPZ2500, SPZ2000 WebCam
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FCBED5C-8C0F-43FA-9880-E3BBCE81FEF0}" = CoffeeCup Web Form Builder
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DE30D0-AEC8-4799-A56A-14267C421A76}" = CoffeeCup Web Form Builder Lite
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E19B5A-1985-49BF-9022-9CF4AD652C72}" = MySQL Connector Net 6.5.4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0BF25BA-276A-4385-BD61-99B763B714D7}" = eM Client
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCC4652E-F5E0-498A-84F3-5DDBEF84642B}" = ASUS Instant On
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0D7FF19-F218-4783-B79F-01CD1EF19900}" = VPNAutoconnect
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DC4146FB-0F29-4276-91CC-1B0CAC6AECAF}_is1" = SmartSteam 1.41-Fix BuNDl3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6C773DF-41C4-4A4F-B6C5-7830FF10342F}" = Philips CamSuite
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
"{E7AA854E-6756-424E-84C2-4E47D5729AFF}" = ASUS Easy Update
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Downloader" = Downloader
"FileZilla Client" = FileZilla Client 3.5.3
"FlyVPN" = FlyVPN
"Hideman" = Hideman
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"IP Sniffer 1.99.3.1" = IP Sniffer 1.99.3.1
"LoqTTS-Luca_is1" = Loquendo TTS: Luca (Italian)
"LoqTTS-Paola_is1" = Loquendo TTS: Paola (Italian)
"LoqTTS-Roberto_is1" = Loquendo TTS: Roberto (Italian)
"MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"Mozilla Thunderbird 17.0 (x86 it)" = Mozilla Thunderbird 17.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Offline Downloader" = Offline Downloader
"outlookset" = Outlook Setup Tool
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"QuadSucker/Web_is1" = QuadSucker/Web v3.5
"Quest4Bush" = Quest4Bush
"RegClean Pro_is1" = RegClean Pro
"Slendytubbies" = Slendytubbies
"SpeedFan" = SpeedFan (remove only)
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 410" = Portal: First Slice
"SurfOffline Professional 2" = SurfOffline Professional 2
"TeamViewer 8" = TeamViewer 8
"TextAloud MP3_is1" = TextAloud
"Toolbar Cleaner" = Toolbar Cleaner 1.1
"UltraISO_is1" = UltraISO Premium V9.52
"VLC media player" = VLC media player 2.0.1
"Wajam" = Wajam
"WebSite Extractor" = WebSite Extractor
"Website Ripper Copier" = Website Ripper Copier
"Win Web Crawler_is1" = Win Web Crawler 3.0
"WinLiveSuite" = Windows Live Essentials
"WNLT" = IB Updater Service
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-153906111-2582773194-59742116-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"244a1e8693fd9c7e" = Techne
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Mozilla Thunderbird 17.0.7 (x86 it)" = Mozilla Thunderbird 17.0.7 (x86 it)
"Opera 12.12.1707" = Opera 12.12
"SOE-C:/Users/Casa/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"SOE-D:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2 PSG
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/09/2013 06:14:55 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 08/09/2013 06:15:17 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 08/09/2013 06:15:17 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 08/09/2013 06:15:17 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 08/09/2013 06:15:42 | Computer Name = Casa-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09/09/2013 04:43:23 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 09/09/2013 04:43:45 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 09/09/2013 04:43:45 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 09/09/2013 04:43:45 | Computer Name = Casa-PC | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 09/09/2013 04:44:48 | Computer Name = Casa-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 07/09/2013 09:39:37 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 07/09/2013 09:39:37 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 07/09/2013 09:56:26 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 07/09/2013 09:56:26 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 07/09/2013 09:59:34 | Computer Name = Casa-PC | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio NVIDIA Stereoscopic 3D Driver Service.
 Questo evento si è già verificato 1 volta(e).
 
Error - 07/09/2013 10:10:56 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 08/09/2013 06:14:40 | Computer Name = Casa-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 08/09/2013 06:15:08 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 09/09/2013 04:43:46 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 09/09/2013 04:43:46 | Computer Name = Casa-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >

(I had to make 2 posts because it was too long)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.