Jump to content


Photo
- - - - -

PUP.BitMiner Removal


  • This topic is locked This topic is locked
23 replies to this topic

#1 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 04 August 2012 - 11:59 PM

Hi,

My laptop was recently infected and I can't remove this file after running Malwarebytes a number of times. Can someone help me in removing this? Thanks

Here's the log from my latest mb run:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912080410

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/5/2012 12:36:17 PM
mbam-log-2012-08-05 (12-36-11).txt

Scan type: Quick scan
Objects scanned: 226819
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\64784 (Trojan.Agent) -> Value: 64784 -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Frederic\AppData\Local\Temp\qxwkxquos.exe (PUP.BitMiner) -> No action taken.

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 August 2012 - 06:03 AM

Hello kijell! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your Malwarebytes' Anti-Malware database and program versions are very old. Please uninstall it, reboot your PC, download the latest version from here:
http://www.malwareby...am-download.php

Next, install the latest version.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 05 August 2012 - 08:22 AM

Hi Maniac,

Thank you so much for taking the time to help me. Here's the log from the latest Malwarebytes run:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frederic :: FREDERIC-PC [administrator]

8/5/2012 9:13:44 PM
mbam-log-2012-08-05 (21-13-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227315
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440144134417} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550155135517} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0011317.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|64784 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mscyqeqz.com -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Users\Frederic\AppData\Local\Temp\ksqbdwvnq.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Frederic\AppData\Local\Temp\niuehvbti.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Frederic\AppData\Local\Temp\oclkjuaow.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Frederic\AppData\Local\Temp\qftqhsdsv.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Frederic\AppData\Local\Temp\raurvcenb.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Frederic\AppData\Local\Temp\tvlucsqqo.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Frederic\C_XAud.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Frederic\Downloads\SoftonicDownloader_for_bitcomet.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\ProgramData\Local Settings\Temp\mscyqeqz.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Rss light+\Rss light+.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

(end)

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 August 2012 - 08:30 AM

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 05 August 2012 - 08:51 AM

OTL.txt:
OTL logfile created on: 8/5/2012 9:38:47 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 75.71% Memory free
11.58 Gb Paging File | 10.06 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 21.20 Gb Free Space | 14.22% Space Free | Partition Type: NTFS
Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 21:36:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frederic\Downloads\OTL.exe
PRC - [2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/11 06:07:16 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/11/20 20:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/11/20 20:17:34 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\runonce.exe
PRC - [2010/11/20 20:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/10/08 01:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/10/01 07:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/08/18 06:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/05/12 16:47:18 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2009/11/03 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/01 02:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/20 02:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 09:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe
MOD - [2011/08/13 22:14:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/13 00:45:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/13 00:44:37 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/13 00:44:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/13 00:44:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/13 00:44:09 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/13 00:43:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/13 00:43:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/13 00:43:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/13 00:43:45 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/06/28 12:53:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2010/10/01 07:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/10/01 07:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/10/01 07:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010/10/01 07:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2009/11/03 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/09 17:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/10/01 02:50:30 | 000,377,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/23 19:56:42 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2010/02/23 19:56:40 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/08/07 06:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/25 15:46:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 21:57:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 08:59:46 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/28 16:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009/12/16 02:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/10 23:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/11 06:07:11 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/12/15 19:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/12/15 19:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/05 23:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/12 09:49:15 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/09/23 16:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/08 19:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/08/26 10:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/31 01:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/31 01:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/31 01:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/04/16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/03/02 16:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/26 16:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/23 19:57:30 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/02/03 06:38:29 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 17:45:49 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 10:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/18 16:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/08/07 06:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 17:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/19 04:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/11 04:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 04:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 01:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 09:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/24 09:33:30 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125obex.sys -- (s125obex)
DRV:64bit: - [2007/04/24 09:33:28 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mgmt.sys -- (s125mgmt)
DRV:64bit: - [2007/04/24 09:33:26 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdm.sys -- (s125mdm)
DRV:64bit: - [2007/04/24 09:33:24 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdfl.sys -- (s125mdfl)
DRV:64bit: - [2007/04/24 09:33:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125bus.sys -- (s125bus)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>



IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3128

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Frederic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 21:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/10 18:27:43 | 000,000,000 | ---D | M]

[2012/02/06 18:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Extensions
[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/08/05 16:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions
[2012/07/26 23:20:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/13 15:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/05 16:09:32 | 000,000,000 | ---D | M] ("Rss light+") -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com
[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\OneClickDownload@OneClickDownload.com
[2012/02/06 18:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/19 21:57:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/11/03 14:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/06/18 22:17:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 22:17:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/09 20:19:23 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()
O4 - HKLM..\Run: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [egkepxcackaofrwsjvh] C:\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe ()
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Facebook Update] C:\Users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [GarenaMessenger] C:\Program Files (x86)\Garena Messenger\GarenaMessenger.exe ()
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Steam] C:\Program Files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKLM..\RunOnceEx: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()
O4 - HKLM..\RunOnceEx: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKLM..\RunServices: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()
O4 - HKLM..\RunServices: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunServices: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKLM..\RunServicesOnce: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()
O4 - HKLM..\RunServicesOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunServicesOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O4 - Startup: C:\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe ()
O4 - Startup: C:\Users\makul!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64784 = C:\PROGRA~3\LOCALS~1\Temp\mscyqeqz.com
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Sony Corporation = C:\Users\Frederic\AppData\Roaming\BBC32A.exe ()
O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: A-1457317536 = C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.us.lawso...,2010,1215,1100 (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.us.lawso...,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.us.lawso...llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.us.lawso...1,2010,617,2010 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lawson.webex...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.us.lawso...31,2010,902,806 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.106.6.2 124.106.5.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317CE8A7-C426-43D2-A325-7A67AE47DF9C}: DhcpNameServer = 124.106.7.2 124.106.5.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D06F4B4-3C96-4D55-AD83-0194A44274B3}: DhcpNameServer = 124.106.6.2 124.106.5.2
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 21:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 21:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/04 20:37:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/04 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Local\Rss light+
[2012/08/04 19:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rss light+
[2012/08/04 19:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/07/25 15:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\Garena
[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Garena
[2012/07/13 23:15:12 | 000,000,000 | ---D | C] -- C:\Users\Frederic\Desktop\Lawson Work
[2012/07/12 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\LolClient
[2012/07/09 23:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaLoLPH
[2008/08/12 13:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 21:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 21:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 21:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 21:23:41 | 370,438,143 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 21:23:07 | 000,007,997 | ---- | M] () -- C:\Windows\uedit32.INI
[2012/08/05 21:11:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 21:01:36 | 000,002,376 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/05 20:54:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 19:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job
[2012/08/05 19:35:30 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/05 19:35:30 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/05 19:35:30 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/05 19:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job
[2012/08/05 19:25:28 | 000,415,744 | -HS- | M] () -- C:\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe
[2012/08/05 17:00:23 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/08/05 16:58:09 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job
[2012/08/05 13:00:22 | 000,000,057 | ---- | M] () -- C:\Users\Frederic\Desktop\malwarebytes error log
[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe
[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe
[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe
[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe
[2012/08/04 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job
[2012/07/25 17:03:16 | 000,001,280 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/25 15:46:34 | 000,001,163 | ---- | M] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/07/25 15:46:34 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/07/09 23:48:34 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2012/07/09 20:19:23 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/09 20:19:20 | 000,002,004 | -H-- | M] () -- C:\Users\Frederic\Documents\Default.rdp
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 21:11:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 16:11:39 | 000,084,480 | RHS- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe
[2012/08/05 13:00:22 | 000,000,057 | ---- | C] () -- C:\Users\Frederic\Desktop\malwarebytes error log
[2012/08/05 12:25:34 | 000,084,480 | RHS- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe
[2012/08/04 19:55:19 | 000,415,744 | -HS- | C] () -- C:\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe
[2012/08/04 19:54:46 | 000,084,480 | RHS- | C] () -- C:\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe
[2012/08/04 19:54:46 | 000,084,480 | RHS- | C] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe
[2012/07/25 15:46:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 15:46:34 | 000,001,163 | ---- | C] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/07/25 15:46:34 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/07/09 23:48:34 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2012/02/26 12:35:26 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/25 01:17:31 | 000,000,859 | ---- | C] () -- C:\Windows\SysWow64\dsth.dll
[2011/09/12 09:52:20 | 000,007,997 | ---- | C] () -- C:\Windows\uedit32.INI
[2011/08/24 11:32:20 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/22 12:04:18 | 000,066,560 | -HS- | C] () -- C:\Users\Frederic\AppData\Roaming\BBC32A.exe
[2011/06/10 13:37:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/08 12:50:50 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/06 09:12:45 | 000,045,286 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room_v3.dat
[2011/05/25 05:15:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/22 07:40:53 | 000,046,742 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room.dat
[2011/03/11 05:45:59 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/26 10:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/26 10:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/04/09 02:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/23 00:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2011/05/22 07:23:51 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Asus WebStorage
[2012/08/05 17:01:31 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\BitComet
[2011/09/20 00:25:31 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\calibre
[2012/07/14 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Garena
[2012/08/05 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\GarenaPlus
[2012/07/09 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\ICAClient
[2012/07/12 16:43:46 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\LolClient
[2011/06/22 09:00:03 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Nuance
[2011/12/31 12:16:28 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Red Kawa
[2011/07/30 12:25:17 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Rovio
[2011/08/02 08:39:18 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\webex
[2011/06/22 08:59:57 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Zeon
[2011/10/27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Asus WebStorage
[2011/10/27 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Azureus
[2012/04/10 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Babylon
[2012/07/31 22:19:29 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\BitComet
[2011/09/03 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\EeeStorageUploader
[2012/05/28 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\FreeFLVConverter
[2012/08/05 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\GarenaPlus
[2012/01/10 12:54:10 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\ICAClient
[2012/07/19 13:44:52 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient
[2012/07/09 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient2
[2011/09/03 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Nuance
[2012/06/07 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Red Kawa
[2012/07/02 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\uTorrent
[2011/09/02 15:13:48 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Zeon
[2012/08/05 16:58:09 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job
[2012/08/05 19:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job
[2012/08/04 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job
[2012/08/05 19:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job
[2012/07/17 00:11:49 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >

#6 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 05 August 2012 - 08:51 AM

Extras.txt:
OTL Extras logfile created on: 8/5/2012 9:38:47 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 75.71% Memory free
11.58 Gb Paging File | 10.06 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 21.20 Gb Free Space | 14.22% Space Free | Partition Type: NTFS
Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.ini[@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.txt[@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0278D9CB-D036-44CF-8E6D-7B4B100E9667}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0538B564-5127-46A9-94D7-77AFFB86E0E8}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{0BC7CEBF-6E2F-4C8C-8706-0437D2093F62}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher |
"{1D04DF2C-E736-4093-ABA1-89D267D14630}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E463E93-0714-47F2-9838-9EC46DDCC007}" = lport=138 | protocol=17 | dir=in | app=system |
"{20E463CA-7A04-4A18-BDBB-B4A7D4349F1C}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher |
"{21F33C60-2F5B-47C8-BD55-2BE048DE3310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2285F530-F51C-4D6E-9F8C-BF563BCF664E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25C0152E-F521-4CCD-8806-9D99534D7D78}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |
"{2BB67282-E137-4B3E-A4A1-DC592BC6C746}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2C947C06-1A64-4BA5-9863-6A6AC518A910}" = rport=139 | protocol=6 | dir=out | app=system |
"{32ED7A88-93FE-46DD-A0B1-8F95FF4FC507}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher |
"{37698B20-94DF-4C7A-BE22-B7B4035710A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44354155-405C-43C8-98AE-6FBC7CA4D2D0}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{474978C2-4791-4571-92CE-35370DB96830}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{494C07F8-C6CB-4073-BFA3-7B89BC461335}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{4AECF141-7A48-4ACA-B586-51824BE28711}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{4BB73345-3E66-4C3A-9BC3-1D76466B09BB}" = lport=445 | protocol=6 | dir=in | app=system |
"{54DB8F9A-302F-4DAC-B629-0F20F4A54366}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |
"{623D80ED-57C6-4A18-8B96-93814B19403C}" = lport=14808 | protocol=17 | dir=in | name=bitcomet 14808 udp |
"{62CA730A-1688-4305-9941-AEF163056F97}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher |
"{66D6EABD-289F-4522-AAEC-B39B55976412}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |
"{671A9F52-60FA-4ED0-B0E2-5C9EC2637734}" = lport=14808 | protocol=6 | dir=in | name=bitcomet 14808 tcp |
"{67325282-95B9-46F5-BBC1-9E83932F71E6}" = lport=10016 | protocol=6 | dir=in | name=bitcomet 10016 tcp |
"{79F481E6-DBF9-4ED4-99B9-17E7676238F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B30BE7C-CCA6-4278-8D5E-E995AC06C1A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{81804EA6-DFF4-40B1-A99B-E2FCC259E2CD}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{854E5576-C158-4F67-873D-E342FF3C6E82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{881AA1B1-7CB4-4A5F-8B9F-3627EE4C3641}" = lport=49512 | protocol=6 | dir=in | name=akamai netsession interface |
"{8884301F-9C49-49D8-BCC7-500AB0B9BC2C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8C4C2E38-61F5-4C70-B0B0-66482AFBB205}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{8DA0C703-09C3-43A3-BE29-B307E35051B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{969982B8-3796-43C7-9865-CD87D0CF9B8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9703A5F5-9200-40CC-A4F2-7950D7184C86}" = rport=445 | protocol=6 | dir=out | app=system |
"{9728F914-6807-43F0-A1BA-158086FED5F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{97E48405-148B-440C-BBE0-C30E9DB8E451}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AB599B5-4575-4522-8358-764968A0B026}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F81548A-32C3-427F-803E-498B177059D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A30E8EA1-51A7-41F3-9A5F-1729C7EE6150}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3608652-DB2E-4DF6-9508-5C8CE9CBFBBD}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{A483C50F-FB6B-4348-8F41-BAE9353C4647}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{A83E6831-A700-4F0B-952E-E3B56A17BFDE}" = lport=137 | protocol=17 | dir=in | app=system |
"{ADDFEBA3-1BC5-480F-A48A-0CC6AB3A192B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AE51A8C6-0364-4561-BDE6-9F822130FACD}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
"{B4922B80-EABD-4D7A-93D9-40A30B72EE6D}" = lport=10016 | protocol=17 | dir=in | name=bitcomet 10016 udp |
"{C8AF9F15-5A84-4178-A6B2-6EF953837C27}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |
"{DA5467E2-A50A-44BE-86BD-25C85B53BB0E}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{EA29555C-1A89-4FFB-8FC6-A3D9B1C1A195}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE5B1D3F-5AC3-4ADD-BAA9-51E111E7E881}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE9D61F6-19A9-4768-BE5B-93B75029DDD1}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{FC6C003E-CD6A-44C3-B067-FD9C3C90A84A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FDB205E3-19FF-499B-A1D6-81FD458AB024}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005EAA30-1811-42DD-B785-67ECF28E73BA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0773BB79-6BC7-48ED-8249-EA612C9EE042}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{0809DC6F-7105-4AF1-AFBD-299792A6195A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{08A9F208-02FD-4B41-BAEB-85B1F66CD113}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FC4F261-FDD4-44F1-91F4-DB0CF137C83D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15F48B2D-8C02-420B-9405-CB83F221D9D5}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{1E626A91-B6EC-4B90-9390-5CED841241F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1F094CA0-6838-482F-9219-4EB3FF648D34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{27E8DE1C-9EFB-4232-9190-E442A09254DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28E33026-8C05-4C56-8CBA-7DCF7CB7ABC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{29BC6AA8-7E8F-423A-B268-E0BA8BB20758}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B9E2BF7-FBF6-4759-8D68-DE0FE462930C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30AEA214-7275-4847-970A-690998DB5F21}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{33A9F0DC-20DB-4891-9558-2A2A4392B7A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3948DB04-6174-4429-A3AF-195179C35ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{3AFA9B32-952C-44CF-B9FB-FFB159A871BA}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{3B7639B6-B453-480B-A4B7-BAF149C3B32A}" = protocol=6 | dir=out | app=system |
"{4340B6DE-DDB9-4392-A755-70EEADFA4C4C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{4C23F040-829E-4F3E-83D9-0C837C156446}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{510D41D3-2DE9-4C52-B174-00C87FE40DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{57166C5E-65D0-430B-959F-E0A6A415F504}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59590024-55E8-4B08-8CD8-B0EB9D0C95B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{5A00E03A-945D-451E-9403-D8FE495B154A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5A553D5F-4E9C-4FB2-9DBC-1A8E9ED602A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5D31210A-7473-42AE-8BB7-A017C25032AF}" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |
"{662D15C0-FABF-4272-80A3-5A1AC91EE9A7}" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |
"{6886475C-A1C6-46B9-B537-BA35F68F4D8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69DD0F98-A500-4030-9D43-875135A79C53}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C519AB9-90E3-495B-BB8F-BE0D6BB4EAA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CB3BC69-0AB7-4E3F-8C49-79FD5EF58252}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6CF6FE2A-BE68-4F14-8318-34167D8B0358}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{6FA96DBB-5D49-48AD-90B1-7334FDE0B7AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{766833A3-B4E2-45BC-B990-1A0C24BCDE45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7714A37C-1347-4704-B256-961505BBD189}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{79AFD2F0-E22B-4811-ABDD-8611A9D4557C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{8A06A20F-A529-44A2-859E-9D15D2C67A95}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A3EA3A1-E52F-439C-9F59-3E7D698D3277}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{8C0F984D-0D6F-47B8-902E-4C41C50AC346}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D98F047-5F3D-4B5D-B1FC-326FB7AB1792}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{915FF07A-AA21-4D99-886B-3D58D98100DB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{919AD1D9-F1D5-473C-82A7-8219FA726BA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98AF1A64-4E56-4DA7-B11F-E606EE0CFFF8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9E9B5E2B-0F4F-40FF-BD53-D09DE8730898}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A0B5E78A-6D1C-4013-97ED-F623EEE0DA08}" = dir=in | app=c:\users\frederic\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A6ACEBB1-5606-4480-A4B7-C9F3347FE1E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A73E6B4C-97BF-4380-8A72-4FA8EE4B4F04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B02F95B5-78B9-4C34-9523-2CCE92A55EC0}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{B2F653EF-59A9-425A-A41A-01B8E53095E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4413CF2-3031-4AAF-8BA7-73C4EC35C450}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BCC8A061-38C3-4C89-B7FA-BC54E0952117}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C19BBA4C-F58D-4838-943C-1740B29316ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C1D27827-5BBA-4689-BE69-FAD4FCB51B4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C6B3FE2F-FF3F-4CC9-9F05-EC351EC84760}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D2B89B07-1E93-485E-8927-BB022CC73A6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3BF642E-3854-48C8-9D8A-DA35F864AE50}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{DF3FDEDA-2F0D-4211-BA5B-2DA1EFBAAE94}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{E0CE7AFB-DE2B-4E34-8872-1BC00B6D9E44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E749F3A3-D270-4C27-BB8B-5DCA00E2D3B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9C7D739-DE27-46D5-AB21-B7DC5B49D5FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBD28769-85CD-4294-A2BB-FCA549CA4DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{FCDE0A56-58AF-41D2-8D76-FF9B7363BAC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{17A5C34C-B1A8-440B-97E3-114B9AC1CCD1}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |
"TCP Query User{21F49C04-B277-4428-BC7F-76518AC17EB2}C:\users\makul!\downloads\honinstaller.exe" = protocol=6 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |
"TCP Query User{2C4A63C7-9C0B-47CC-A3C1-74D2853A020F}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |
"TCP Query User{4B3FCB01-285C-4606-9BC5-7DF773EC7709}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |
"TCP Query User{65D829DC-1169-4277-8827-76F381F6DEE5}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{80A86514-76C9-4665-93F3-A9258CADACC8}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |
"TCP Query User{8343F9A8-4574-4CF5-B283-E213690F9971}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{9488429B-DBB5-4672-BD2C-7DEC2D302772}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F787F72D-BFF9-45C4-8FAB-9BB73E114C53}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{254B9A00-C996-4509-8181-2352ECDCF1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{606CCBF6-FACD-4277-9426-C76242D66F97}C:\users\makul!\downloads\honinstaller.exe" = protocol=17 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |
"UDP Query User{7A772ED6-85BA-47B9-BBEB-E05F31F8B897}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |
"UDP Query User{7AA0BEAD-5B05-4052-80BF-7EE26BF15A5A}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{8348A68B-92B5-4170-82DF-267615F9D415}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{919D2FA5-2C42-42E7-B74B-95F06C2B492A}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |
"UDP Query User{AD4C89C5-6DE5-4E0E-B29A-AA0632440376}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |
"UDP Query User{BDB03DEB-EDC7-4AAD-A97F-8986DA7ED84C}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{F21D8272-CDFF-4796-89A8-6A56E491F199}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)
"{51B83C3B-4D5D-490A-87E0-12B497DA941B}" = calibre
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix online plug-in (PNA)
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix online plug-in (SSON)
"{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Content Manager Assistant for PlayStation®
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Akamai" = Akamai NetSession Interface Service
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AviSynth" = AviSynth 2.5
"BitComet" = BitComet 1.30
"CCleaner" = CCleaner
"CitrixOnlinePluginFull" = Citrix online plug-in
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Garena" = Garena 2010
"Google Chrome" = Google Chrome
"HoN" = Garena - Heroes of Newerth
"iLivid" = iLivid
"im" = Garena Messenger
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"LoLPH" = Garena - League of Legends PH
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network MagicUninstall" = Network Magic
"Rss light+" = Rss light+
"Steam App 570" = Dota 2
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip Self-Extractor" = WinZip Self-Extractor
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2012 4:11:29 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FBAgent.exe, version: 1.0.7.0, time stamp:
0x4ca3faac Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process
id: 0x488 Faulting application start time: 0x01cd72e1bc11dee2 Faulting application
path: C:\Windows\system32\FBAgent.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 2830d09e-ded5-11e1-ae24-463500000031

Error - 8/5/2012 4:11:42 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/5/2012 5:08:19 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:
0x1354 Faulting application start time: 0x01cd72e909ed73cd Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 191057f9-dedd-11e1-b262-463500000031

Error - 8/5/2012 5:49:57 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:
0x1660 Faulting application start time: 0x01cd72efa4ad23a8 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: ea0225fa-dee2-11e1-b262-463500000031

Error - 8/5/2012 5:50:13 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:
0xd28 Faulting application start time: 0x01cd72e9df3b60b7 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: f366fdb5-dee2-11e1-b262-463500000031

Error - 8/5/2012 5:50:26 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:
0x10d0 Faulting application start time: 0x01cd72efb7d9055e Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: fae9402a-dee2-11e1-b262-463500000031

Error - 8/5/2012 5:50:48 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:
0x980 Faulting application start time: 0x01cd72efc525e8c9 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 087b6906-dee3-11e1-b262-463500000031

Error - 8/5/2012 5:51:01 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:
0xc64 Faulting application start time: 0x01cd72efccd58d37 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 102ae856-dee3-11e1-b262-463500000031

Error - 8/5/2012 5:51:39 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: jscript9.dll, version: 9.0.8112.16434,
time stamp: 0x4e28e66c Exception code: 0xc0000005 Fault offset: 0x0004c153 Faulting
process id: 0xcb8 Faulting application start time: 0x01cd72efb8de9252 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\jscript9.dll Report Id: 2661c65f-dee3-11e1-b262-463500000031

Error - 8/5/2012 9:04:22 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 8/5/2012 4:06:58 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/5/2012 4:06:58 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/5/2012 4:07:40 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10005
Description =

Error - 8/5/2012 4:10:11 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/5/2012 4:11:30 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7034
Description = The AFBAgent service terminated unexpectedly. It has done this 1
time(s).

Error - 8/5/2012 4:59:59 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/5/2012 8:56:40 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/5/2012 9:06:46 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2012 9:07:22 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/5/2012 9:23:48 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.


< End of report >

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 August 2012 - 03:07 PM

Thanks! :)

Please uninstall the following applications:

BitComet 1.30
SweetIM Toolbar for Internet Explorer 4.2
SweetIM for Messenger 3.6


Then:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 06 August 2012 - 09:59 AM

Thanks for the reply. Sorry it took me so long to reply. Here's the log from ComboFix:

ComboFix 12-08-05.02 - Frederic 08/06/2012 22:31:41.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5932.4733 [GMT 8:00]
Running from: c:\users\Frederic\Downloads\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe
c:\users\Frederic\AppData\Roaming\A-1457317536.exe
c:\users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe
c:\users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome.manifest
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\background.html
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\browser.xul
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\crossrider.js
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\crossriderapi.js
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\dialog.js
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\options.js
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\options.xul
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\search_dialog.xul
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\update.html
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\defaults\preferences\prefs.js
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\install.rdf
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\locale\en-US\translations.dtd
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button1.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button2.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button3.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button4.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button5.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\crossrider_statusbar.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon128.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon16.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon24.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon48.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\panelarrow-up.png
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\popup.css
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\popup.html
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\popup_binding.xml
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\skin.css
c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\update.css
c:\users\makul!\AppData\Roaming\A-1124404718.exe
c:\users\makul!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe
c:\windows\msvcr71.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 14:40 . 2012-08-06 14:40 -------- d-----w- c:\users\makul!\AppData\Local\temp
2012-08-06 14:40 . 2012-08-06 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 12:41 . 2012-08-06 14:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C96EA9C9-350D-45F6-834D-00E8F5C87A56}\offreg.dll
2012-08-04 12:37 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-08-04 12:37 . 2012-08-06 09:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 12:37 . 2010-12-20 10:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 11:55 . 2012-08-04 11:55 -------- d-----w- c:\users\Frederic\AppData\Local\Rss light+
2012-08-04 11:55 . 2012-08-06 09:31 -------- d-----w- c:\program files (x86)\Rss light+
2012-08-04 11:54 . 2012-08-06 09:30 -------- d-----w- c:\programdata\Local Settings
2012-07-25 07:46 . 2012-07-25 07:46 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-19 05:44 . 2012-07-19 05:44 -------- d-----w- c:\users\makul!\AppData\Roaming\LolClient
2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\users\Frederic\AppData\Roaming\Garena
2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\programdata\Garena
2012-07-12 08:43 . 2012-07-12 08:43 -------- d-----w- c:\users\Frederic\AppData\Roaming\LolClient
2012-07-09 15:49 . 2012-07-09 15:49 -------- d-----w- c:\users\makul!\AppData\Local\LoLPHLauncher
2012-07-09 15:44 . 2012-07-09 15:49 -------- d-----w- c:\program files (x86)\GarenaLoLPH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 10:05 . 2012-01-22 10:46 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-25 07:46 . 2011-06-24 02:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110111131117}]
2012-07-28 03:37 484864 ----a-w- c:\program files (x86)\Rss light+\Rss light+.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 10:21 1299248 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarenaMessenger"="c:\program files (x86)\Garena Messenger\GarenaMessenger.exe" [2012-07-31 7123320]
"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2011-11-11 11292464]
"Facebook Update"="c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Steam"="c:\program files (x86)\steam\Steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-07 472112]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"64784"="c:\progra~3\LOCALS~1\Temp\mscyqeqz.com" [2009-07-14 35840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-11 548528]
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-11 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-3-11 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-09-30 377264]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-12-15 18512]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-10-12 131552]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-12-15 41424]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 07:46]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job
- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]
.
2012-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job
- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job
- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]
.
2012-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job
- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:3128
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 124.106.6.2 124.106.5.2
FF - ProfilePath - c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Messenger (Yahoo!) - ~c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe
Wow6432Node-HKCU-Run-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe
Wow6432Node-HKCU-Run-egkepxcackaofrwsjvh - c:\users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe
Wow6432Node-HKCU-RunServices-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe
Wow6432Node-HKCU-RunServicesOnce-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe
Wow6432Node-HKLM-Run-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe
Wow6432Node-HKLM-Run-A-1124404718 - c:\users\makul!\AppData\Roaming\A-1124404718.exe
Wow6432Node-HKLM-RunOnce-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe
Wow6432Node-HKLM-RunServicesOnce-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe
Wow6432Node-HKLM-RunServicesOnce-A-1124404718 - c:\users\makul!\AppData\Roaming\A-1124404718.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-06 22:42:59
ComboFix-quarantined-files.txt 2012-08-06 14:42
.
Pre-Run: 24,330,379,264 bytes free
Post-Run: 23,625,838,592 bytes free
.
- - End Of File - - E9AAE2EC0D0DB5FA3A71702DD081273C

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 August 2012 - 11:03 AM

We have some progress.

Please open www.virustotal.com and upload this file:
c:\program files (x86)\Rss light+\Rss light+.dll

Wait until scan finished and then copy/paste the URL in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 06 August 2012 - 10:20 PM

https://www.virustot...sis/1344309479/

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 August 2012 - 05:09 AM

Thanks!

Why you have not yet uninstalled applications from step 1 of my previous instructions?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 07 August 2012 - 05:38 AM

Hi, I was sure I uninstalled it last time. Should I scan it again on the website after I uninstall it?

#13 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 07 August 2012 - 06:08 AM

My brother did a system restore without asking me. Should I start all over again?

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 August 2012 - 11:21 AM

Yes, I need a new ComboFix log.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 08 August 2012 - 12:10 AM

Here's the log from Malwarebytes:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frederic :: FREDERIC-PC [administrator]

8/8/2012 1:07:38 PM
mbam-log-2012-08-08 (13-07-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218455
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#16 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 08 August 2012 - 12:17 AM

from OTL.txt:

OTL logfile created on: 8/8/2012 1:11:22 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 70.17% Memory free
11.58 Gb Paging File | 9.64 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 16.41 Gb Free Space | 11.01% Space Free | Partition Type: NTFS
Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 19:15:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frederic\Downloads\OTL.exe
PRC - [2012/07/19 21:57:00 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/26 19:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012/01/26 19:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/11 06:07:16 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/10/08 06:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/10/08 01:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/10/01 07:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/09/24 08:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/18 06:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/05/12 16:47:18 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2009/11/03 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/01 02:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/07/07 06:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/25 04:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/20 02:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 02:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 09:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 21:57:00 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/13 22:14:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/13 00:45:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/13 00:44:37 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/13 00:44:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/13 00:44:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/13 00:44:09 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/13 00:43:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/13 00:43:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/13 00:43:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/13 00:43:45 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/06/28 12:53:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2010/10/01 07:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/10/01 07:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/10/01 07:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010/10/01 07:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/09/24 08:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/03 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/09 17:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/10/01 02:50:30 | 000,377,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/23 19:56:42 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2010/02/23 19:56:40 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/08/07 06:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/25 15:46:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 21:57:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 08:59:46 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/16 02:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/10 23:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/11 06:07:11 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/12/15 19:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/12/15 19:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/05 23:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/12 09:49:15 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/09/23 16:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/08 19:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/08/26 10:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/31 01:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/31 01:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/31 01:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/04/16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/03/02 16:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/26 16:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/23 19:57:30 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/02/03 06:38:29 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 17:45:49 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 10:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/18 16:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/08/07 06:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 17:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/19 04:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/11 04:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 04:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 01:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 09:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/24 09:33:30 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125obex.sys -- (s125obex)
DRV:64bit: - [2007/04/24 09:33:28 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mgmt.sys -- (s125mgmt)
DRV:64bit: - [2007/04/24 09:33:26 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdm.sys -- (s125mdm)
DRV:64bit: - [2007/04/24 09:33:24 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdfl.sys -- (s125mdfl)
DRV:64bit: - [2007/04/24 09:33:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125bus.sys -- (s125bus)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.ChatVibes.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>



IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3128

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Frederic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 21:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/10 18:27:43 | 000,000,000 | ---D | M]

[2012/02/06 18:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Extensions
[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/26 23:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions
[2012/07/26 23:20:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/13 15:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\OneClickDownload@OneClickDownload.com
[2012/02/06 18:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/19 21:57:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/11/03 14:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/06/18 22:17:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 22:17:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/08 12:43:36 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray File not found
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Facebook Update] C:\Users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [GarenaMessenger] C:\Program Files (x86)\Garena Messenger\GarenaMessenger.exe ()
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Steam] C:\Program Files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.us.lawso...,2010,1215,1100 (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.us.lawso...,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.us.lawso...llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.us.lawso...1,2010,617,2010 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lawson.webex...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.us.lawso...31,2010,902,806 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317CE8A7-C426-43D2-A325-7A67AE47DF9C}: DhcpNameServer = 124.106.7.2 124.106.5.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D06F4B4-3C96-4D55-AD83-0194A44274B3}: DhcpNameServer = 124.106.6.2 124.106.5.2
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 20:00:18 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Local\LoLPHLauncher
[2012/08/07 19:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/07 19:14:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/06 22:43:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/06 22:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/06 09:50:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/04 20:37:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/08/04 20:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/04 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Local\Rss light+
[2012/08/04 19:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rss light+
[2012/08/04 19:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/07/25 15:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\Garena
[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Garena
[2012/07/13 23:15:12 | 000,000,000 | ---D | C] -- C:\Users\Frederic\Desktop\Lawson Work
[2012/07/12 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\LolClient
[2012/07/09 23:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaLoLPH
[2008/08/12 13:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 12:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 12:44:13 | 000,002,004 | -H-- | M] () -- C:\Users\Frederic\Documents\Default.rdp
[2012/08/08 12:43:36 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/08 12:41:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 12:41:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 12:35:00 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/08/08 12:34:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 12:34:22 | 370,438,143 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 22:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job
[2012/08/07 22:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job
[2012/08/07 20:23:48 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2012/08/07 20:13:30 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/07 20:13:30 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/07 20:13:30 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/07 19:14:45 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 13:00:22 | 000,000,057 | ---- | M] () -- C:\Users\Frederic\Desktop\malwarebytes error log
[2012/07/27 16:33:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job
[2012/07/25 17:03:16 | 000,001,280 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/25 15:46:34 | 000,001,163 | ---- | M] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/07/25 15:46:34 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/07/23 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job
[2012/07/09 20:19:23 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/07 20:23:48 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk
[2012/08/07 20:18:19 | 1809,004,211 | ---- | C] () -- C:\Users\Frederic\Desktop\LoLPH_Install_120613v2.exe
[2012/08/07 19:14:45 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 13:00:22 | 000,000,057 | ---- | C] () -- C:\Users\Frederic\Desktop\malwarebytes error log
[2012/07/25 15:46:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 15:46:34 | 000,001,163 | ---- | C] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/07/25 15:46:34 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/02/26 12:35:26 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/25 01:17:31 | 000,000,859 | ---- | C] () -- C:\Windows\SysWow64\dsth.dll
[2011/09/12 09:52:20 | 000,008,049 | ---- | C] () -- C:\Windows\uedit32.INI
[2011/08/24 11:32:20 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/10 13:37:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/08 12:50:50 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/06 09:12:45 | 000,045,286 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room_v3.dat
[2011/05/25 05:15:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/22 07:40:53 | 000,046,742 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room.dat
[2011/03/11 05:45:59 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/26 10:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/26 10:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/04/09 02:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/23 00:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2011/05/22 07:23:51 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Asus WebStorage
[2012/08/07 19:06:38 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\BitComet
[2011/09/20 00:25:31 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\calibre
[2012/07/14 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Garena
[2012/08/07 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\GarenaPlus
[2012/07/09 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\ICAClient
[2012/07/12 16:43:46 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\LolClient
[2011/06/22 09:00:03 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Nuance
[2011/12/31 12:16:28 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Red Kawa
[2011/07/30 12:25:17 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Rovio
[2011/08/02 08:39:18 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\webex
[2011/06/22 08:59:57 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Zeon
[2011/10/27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Asus WebStorage
[2011/10/27 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Azureus
[2012/04/10 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Babylon
[2012/08/07 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\BitComet
[2011/09/03 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\EeeStorageUploader
[2012/05/28 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\FreeFLVConverter
[2012/08/07 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\GarenaPlus
[2012/01/10 12:54:10 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\ICAClient
[2012/07/19 13:44:52 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient
[2012/07/09 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient2
[2011/09/03 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Nuance
[2012/06/07 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Red Kawa
[2012/07/02 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\uTorrent
[2011/09/02 15:13:48 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Zeon
[2012/07/27 16:33:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job
[2012/08/07 22:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job
[2012/07/23 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job
[2012/08/07 22:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job
[2012/07/17 00:11:49 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >

#17 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 08 August 2012 - 12:18 AM

from Extras,txt:

OTL Extras logfile created on: 8/8/2012 1:11:22 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 70.17% Memory free
11.58 Gb Paging File | 9.64 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 16.41 Gb Free Space | 11.01% Space Free | Partition Type: NTFS
Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.ini[@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.txt[@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0278D9CB-D036-44CF-8E6D-7B4B100E9667}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D04DF2C-E736-4093-ABA1-89D267D14630}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E463E93-0714-47F2-9838-9EC46DDCC007}" = lport=138 | protocol=17 | dir=in | app=system |
"{21F33C60-2F5B-47C8-BD55-2BE048DE3310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2285F530-F51C-4D6E-9F8C-BF563BCF664E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25C0152E-F521-4CCD-8806-9D99534D7D78}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |
"{2BB67282-E137-4B3E-A4A1-DC592BC6C746}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2C947C06-1A64-4BA5-9863-6A6AC518A910}" = rport=139 | protocol=6 | dir=out | app=system |
"{37698B20-94DF-4C7A-BE22-B7B4035710A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44354155-405C-43C8-98AE-6FBC7CA4D2D0}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{46DC7C4C-EB4B-4E58-8BD9-E26CFD219942}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{474978C2-4791-4571-92CE-35370DB96830}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{496064B3-77B7-4DFD-98C5-D1CB4471F199}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |
"{4BB73345-3E66-4C3A-9BC3-1D76466B09BB}" = lport=445 | protocol=6 | dir=in | app=system |
"{54DB8F9A-302F-4DAC-B629-0F20F4A54366}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |
"{623D80ED-57C6-4A18-8B96-93814B19403C}" = lport=14808 | protocol=17 | dir=in | name=bitcomet 14808 udp |
"{66D6EABD-289F-4522-AAEC-B39B55976412}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |
"{670946BB-5AB6-48EE-B86C-C4E9ED449F32}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{671A9F52-60FA-4ED0-B0E2-5C9EC2637734}" = lport=14808 | protocol=6 | dir=in | name=bitcomet 14808 tcp |
"{67325282-95B9-46F5-BBC1-9E83932F71E6}" = lport=10016 | protocol=6 | dir=in | name=bitcomet 10016 tcp |
"{79F481E6-DBF9-4ED4-99B9-17E7676238F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B30BE7C-CCA6-4278-8D5E-E995AC06C1A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{81804EA6-DFF4-40B1-A99B-E2FCC259E2CD}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{854E5576-C158-4F67-873D-E342FF3C6E82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{881AA1B1-7CB4-4A5F-8B9F-3627EE4C3641}" = lport=49512 | protocol=6 | dir=in | name=akamai netsession interface |
"{8884301F-9C49-49D8-BCC7-500AB0B9BC2C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8DA0C703-09C3-43A3-BE29-B307E35051B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{969982B8-3796-43C7-9865-CD87D0CF9B8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9703A5F5-9200-40CC-A4F2-7950D7184C86}" = rport=445 | protocol=6 | dir=out | app=system |
"{9728F914-6807-43F0-A1BA-158086FED5F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{97E48405-148B-440C-BBE0-C30E9DB8E451}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AB599B5-4575-4522-8358-764968A0B026}" = lport=139 | protocol=6 | dir=in | app=system |
"{9BD9F6AF-EDED-4099-839C-45BEC0FFF568}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |
"{9F81548A-32C3-427F-803E-498B177059D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A30E8EA1-51A7-41F3-9A5F-1729C7EE6150}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3608652-DB2E-4DF6-9508-5C8CE9CBFBBD}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{A483C50F-FB6B-4348-8F41-BAE9353C4647}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{A83E6831-A700-4F0B-952E-E3B56A17BFDE}" = lport=137 | protocol=17 | dir=in | app=system |
"{ADDFEBA3-1BC5-480F-A48A-0CC6AB3A192B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{B4922B80-EABD-4D7A-93D9-40A30B72EE6D}" = lport=10016 | protocol=17 | dir=in | name=bitcomet 10016 udp |
"{B97EA06F-57E9-409C-93E1-15F15354F34C}" = lport=53242 | protocol=6 | dir=in | name=akamai netsession interface |
"{C8AF9F15-5A84-4178-A6B2-6EF953837C27}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |
"{DA5467E2-A50A-44BE-86BD-25C85B53BB0E}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{E8576B01-3336-432D-86FC-668354A76DED}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{EA29555C-1A89-4FFB-8FC6-A3D9B1C1A195}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE5B1D3F-5AC3-4ADD-BAA9-51E111E7E881}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC6C003E-CD6A-44C3-B067-FD9C3C90A84A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FDB205E3-19FF-499B-A1D6-81FD458AB024}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005EAA30-1811-42DD-B785-67ECF28E73BA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0773BB79-6BC7-48ED-8249-EA612C9EE042}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{0809DC6F-7105-4AF1-AFBD-299792A6195A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{08A9F208-02FD-4B41-BAEB-85B1F66CD113}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FC4F261-FDD4-44F1-91F4-DB0CF137C83D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1338B30E-93FC-40F3-A845-F6C321A553C4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{15F48B2D-8C02-420B-9405-CB83F221D9D5}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{1E626A91-B6EC-4B90-9390-5CED841241F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1F094CA0-6838-482F-9219-4EB3FF648D34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{27E8DE1C-9EFB-4232-9190-E442A09254DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28E33026-8C05-4C56-8CBA-7DCF7CB7ABC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{29BC6AA8-7E8F-423A-B268-E0BA8BB20758}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B9E2BF7-FBF6-4759-8D68-DE0FE462930C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30AEA214-7275-4847-970A-690998DB5F21}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{33A9F0DC-20DB-4891-9558-2A2A4392B7A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3948DB04-6174-4429-A3AF-195179C35ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{3AFA9B32-952C-44CF-B9FB-FFB159A871BA}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{3B7639B6-B453-480B-A4B7-BAF149C3B32A}" = protocol=6 | dir=out | app=system |
"{4C23F040-829E-4F3E-83D9-0C837C156446}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{510D41D3-2DE9-4C52-B174-00C87FE40DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{57166C5E-65D0-430B-959F-E0A6A415F504}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59590024-55E8-4B08-8CD8-B0EB9D0C95B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{5A00E03A-945D-451E-9403-D8FE495B154A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5A553D5F-4E9C-4FB2-9DBC-1A8E9ED602A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5D31210A-7473-42AE-8BB7-A017C25032AF}" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |
"{662D15C0-FABF-4272-80A3-5A1AC91EE9A7}" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |
"{6886475C-A1C6-46B9-B537-BA35F68F4D8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69DD0F98-A500-4030-9D43-875135A79C53}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C519AB9-90E3-495B-BB8F-BE0D6BB4EAA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CB3BC69-0AB7-4E3F-8C49-79FD5EF58252}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6CF6FE2A-BE68-4F14-8318-34167D8B0358}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{6FA96DBB-5D49-48AD-90B1-7334FDE0B7AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{766833A3-B4E2-45BC-B990-1A0C24BCDE45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7714A37C-1347-4704-B256-961505BBD189}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{79AFD2F0-E22B-4811-ABDD-8611A9D4557C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{854A2081-3582-4D4E-A2B8-2E4CC861B9E6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{8A06A20F-A529-44A2-859E-9D15D2C67A95}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A3EA3A1-E52F-439C-9F59-3E7D698D3277}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{8C0F984D-0D6F-47B8-902E-4C41C50AC346}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D98F047-5F3D-4B5D-B1FC-326FB7AB1792}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{919AD1D9-F1D5-473C-82A7-8219FA726BA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98AF1A64-4E56-4DA7-B11F-E606EE0CFFF8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9E9B5E2B-0F4F-40FF-BD53-D09DE8730898}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A0B5E78A-6D1C-4013-97ED-F623EEE0DA08}" = dir=in | app=c:\users\frederic\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A6ACEBB1-5606-4480-A4B7-C9F3347FE1E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A73E6B4C-97BF-4380-8A72-4FA8EE4B4F04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B02F95B5-78B9-4C34-9523-2CCE92A55EC0}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{B2F653EF-59A9-425A-A41A-01B8E53095E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4413CF2-3031-4AAF-8BA7-73C4EC35C450}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BCC8A061-38C3-4C89-B7FA-BC54E0952117}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C19BBA4C-F58D-4838-943C-1740B29316ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C1D27827-5BBA-4689-BE69-FAD4FCB51B4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C6B3FE2F-FF3F-4CC9-9F05-EC351EC84760}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D2B89B07-1E93-485E-8927-BB022CC73A6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3BF642E-3854-48C8-9D8A-DA35F864AE50}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{DF3FDEDA-2F0D-4211-BA5B-2DA1EFBAAE94}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{E0CE7AFB-DE2B-4E34-8872-1BC00B6D9E44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E749F3A3-D270-4C27-BB8B-5DCA00E2D3B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9C7D739-DE27-46D5-AB21-B7DC5B49D5FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBD28769-85CD-4294-A2BB-FCA549CA4DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{FCDE0A56-58AF-41D2-8D76-FF9B7363BAC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{17A5C34C-B1A8-440B-97E3-114B9AC1CCD1}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |
"TCP Query User{21F49C04-B277-4428-BC7F-76518AC17EB2}C:\users\makul!\downloads\honinstaller.exe" = protocol=6 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |
"TCP Query User{2C4A63C7-9C0B-47CC-A3C1-74D2853A020F}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |
"TCP Query User{4B3FCB01-285C-4606-9BC5-7DF773EC7709}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |
"TCP Query User{65D829DC-1169-4277-8827-76F381F6DEE5}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{80A86514-76C9-4665-93F3-A9258CADACC8}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |
"TCP Query User{8343F9A8-4574-4CF5-B283-E213690F9971}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{9488429B-DBB5-4672-BD2C-7DEC2D302772}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F787F72D-BFF9-45C4-8FAB-9BB73E114C53}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{254B9A00-C996-4509-8181-2352ECDCF1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{606CCBF6-FACD-4277-9426-C76242D66F97}C:\users\makul!\downloads\honinstaller.exe" = protocol=17 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |
"UDP Query User{7A772ED6-85BA-47B9-BBEB-E05F31F8B897}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |
"UDP Query User{7AA0BEAD-5B05-4052-80BF-7EE26BF15A5A}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{8348A68B-92B5-4170-82DF-267615F9D415}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{919D2FA5-2C42-42E7-B74B-95F06C2B492A}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |
"UDP Query User{AD4C89C5-6DE5-4E0E-B29A-AA0632440376}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |
"UDP Query User{BDB03DEB-EDC7-4AAD-A97F-8986DA7ED84C}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{F21D8272-CDFF-4796-89A8-6A56E491F199}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)
"{51B83C3B-4D5D-490A-87E0-12B497DA941B}" = calibre
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix online plug-in (PNA)
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix online plug-in (SSON)
"{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Content Manager Assistant for PlayStation®
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Akamai" = Akamai NetSession Interface Service
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CitrixOnlinePluginFull" = Citrix online plug-in
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Garena" = Garena 2010
"Google Chrome" = Google Chrome
"HoN" = Garena - Heroes of Newerth
"iLivid" = iLivid
"im" = Garena Messenger
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"LoLPH" = Garena - League of Legends PH
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network MagicUninstall" = Network Magic
"Steam App 570" = Dota 2
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip Self-Extractor" = WinZip Self-Extractor
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2012 5:27:27 AM | Computer Name = Frederic-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\trend micro\internet
security\component\framework\200\UfUpdUi.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/7/2012 5:27:48 AM | Computer Name = Frederic-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/7/2012 7:08:55 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Yahoo! Messenger Tray' could not be shut down.

Error - 8/7/2012 7:08:55 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'CyberLink MediaLibray Service' could not be
shut down.

Error - 8/7/2012 7:12:23 AM | Computer Name = Frederic-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Frederic\Downloads\SoftonicDownloader_for_bitcomet.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 8/7/2012 10:59:47 PM | Computer Name = Frederic-PC | Source = Google Update | ID = 20
Description =

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 11:00:04 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 8/7/2012 6:52:00 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/7/2012 6:52:00 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/7/2012 6:52:01 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10005
Description =

Error - 8/7/2012 6:54:27 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10005
Description =

Error - 8/7/2012 7:02:04 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/7/2012 7:19:48 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/7/2012 10:59:00 PM | Computer Name = Frederic-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:21:26 PM on ?8/?7/?2012 was unexpected.

Error - 8/7/2012 10:59:00 PM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/8/2012 12:34:27 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
This service might not be installed.

Error - 8/8/2012 12:43:02 AM | Computer Name = Frederic-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{9B9C7278-23A5-4B56-A5C6-B0F5D40A45A1}
because another computer on the network has the same name. The server could not
start.


< End of report >

#18 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 08 August 2012 - 12:38 AM

Combofix log:

ComboFix 12-08-07.05 - Frederic 08/08/2012 13:21:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5932.4041 [GMT 8:00]
Running from: c:\users\Frederic\Downloads\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-07 12:00 . 2012-08-07 12:00 -------- d-----w- c:\users\Frederic\AppData\Local\LoLPHLauncher
2012-08-07 11:14 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 12:37 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-08-04 12:37 . 2012-08-07 11:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 11:55 . 2012-08-04 11:55 -------- d-----w- c:\users\Frederic\AppData\Local\Rss light+
2012-08-04 11:55 . 2012-08-07 11:00 -------- d-----w- c:\program files (x86)\Rss light+
2012-08-04 11:54 . 2012-08-06 09:30 -------- d-----w- c:\programdata\Local Settings
2012-07-25 07:46 . 2012-07-25 07:46 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-19 05:44 . 2012-07-19 05:44 -------- d-----w- c:\users\makul!\AppData\Roaming\LolClient
2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\users\Frederic\AppData\Roaming\Garena
2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\programdata\Garena
2012-07-12 08:43 . 2012-07-12 08:43 -------- d-----w- c:\users\Frederic\AppData\Roaming\LolClient
2012-07-09 15:49 . 2012-07-09 15:49 -------- d-----w- c:\users\makul!\AppData\Local\LoLPHLauncher
2012-07-09 15:44 . 2012-08-07 12:19 -------- d-----w- c:\program files (x86)\GarenaLoLPH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 04:35 . 2012-01-22 10:46 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-25 07:46 . 2011-06-24 02:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarenaMessenger"="c:\program files (x86)\Garena Messenger\GarenaMessenger.exe" [2012-07-31 7123320]
"Facebook Update"="c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Steam"="c:\program files (x86)\steam\Steam.exe" [2012-08-07 1353080]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-07 472112]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-11 548528]
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-11 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-3-11 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-12-15 18512]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-09-30 377264]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-10-12 131552]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-12-15 41424]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 07:46]
.
2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job
- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job
- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]
.
2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job
- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]
.
2012-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job
- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.ChatVibes.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:3128
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 124.106.6.2 124.106.5.2
FF - ProfilePath - c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BitComet - c:\program files (x86)\BitComet\BitComet.exe
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Completion time: 2012-08-08 13:35:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 05:35
ComboFix2.txt 2012-08-06 14:42
.
Pre-Run: 17,505,796,096 bytes free
Post-Run: 18,578,669,568 bytes free
.
- - End Of File - - B7894A3331591AF4BAAC8347C1584B03

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 August 2012 - 06:25 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 kijell

kijell

    New Member

  • Members
  • Pip
  • 30 posts

Posted 08 August 2012 - 09:53 AM

Hi, here's the log from the ESET scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2653dd0c3178544abaa66cd02f4788eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-08 02:50:16
# local_time=2012-08-08 10:50:16 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=513 16777085 100 97 2995 77512684 0 0
# compatibility_mode=5893 16776573 100 94 11295085 96064118 0 0
# compatibility_mode=8192 67108863 100 0 34354315 34354315 0 0
# scanned=182912
# found=20
# cleaned=20
# scan_time=3147
C:\Program Files (x86)\1ClickDownload\1ClickSettingsManager.exe Win32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\1ClickDownload\ocmainpack.exe Win32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\intellidownload\torrent.exe Win32/BundleInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Frederic\AppData\Roaming\A-1457317536.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\makul!\AppData\Roaming\A-1124404718.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\makul!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Frederic\Desktop\Fred\Softwares\avi2video_install.exe Win32/Adware.MarketScore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Frederic\Downloads\Veronica_Roth_-_Divergent_Trilogy_(Book_1_&amp;_2_-_.exe Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\cnet2_free-flv-to-psp-converter_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\cnet2_nokia-c3-video-converter-5_3_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\hotelier_korean_drama_eng_sub_download.2010.mov_downloader.exe Win32/Adware.MediaFinder application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\hunger_games_blu_ray_Full_Download.exe Win32/BundleInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\iLividSetupV1(2).exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\Setup_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\makul!\Downloads\The_Hunger_Games_2012_TS_XViD_NEW_SOURCE_DTRG.exe Win32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users