maktone

Members
  • Content count

    30
  • Joined

  • Last visited

About maktone

  • Rank
    New Member
  1. hi restarted internet not working, the lan is not showing disconnection but when i open browser it comes up with error
  2. As i i dragged the file into combo and its doing its blue screen completed stage again.
  3. well I just did your instructions anyway
  4. Before I could do what you wrote combo had already restarted windows and reloaded and deleted files I submitted the log just before you posted. However my internet is not connecting anymore on that.
  5. ComboFix 12-08-29.03 - Maktone 30/08/2012 16:47:38.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16360.13707 [GMT 1:00] Running from: c:\users\Maktone\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20120829083616.610798 c:\users\Maktone\AppData\Local\assembly\tmp c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56404E46-CA66-4F56-B44B-CBC5DC0A428C}.xps c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{62326664-50CA-449E-BB8C-5C3575F2EA07}.xps c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{77E438AD-4319-4F83-A6EF-8D43F0DE7C22}.xps c:\users\Maktone\Documents\~WRL0823.tmp c:\windows\SysWow64\d2d1debug1.dll c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\settings.ini c:\windows\SysWow64\System32\MASetupCleaner.exe c:\windows\SysWow64\System32\muzapp.exe c:\windows\SysWow64\tmpD98C.tmp c:\windows\SysWow64\tmpD9EA.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 ))))))))))))))))))))))))))))))) . . 2012-08-30 20:46 . 2012-08-30 21:36 -------- d-----w- C:\FRST 2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\Mala\AppData\Local\temp 2012-08-30 13:10 . 2012-08-30 15:36 151552 ----a-w- c:\windows\KMSEmulator.exe 2012-08-29 21:16 . 2012-08-29 21:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-18 09:56 . 2012-08-18 09:56 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-18 09:56 . 2012-08-18 09:56 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-18 09:56 . 2012-08-18 09:56 268784 ----a-w- c:\windows\system32\javaws.exe 2012-08-18 09:56 . 2012-08-18 09:56 189424 ----a-w- c:\windows\system32\javaw.exe 2012-08-18 09:56 . 2012-08-18 09:56 188912 ----a-w- c:\windows\system32\java.exe 2012-08-18 09:56 . 2012-08-18 09:56 -------- d-----w- c:\program files\Java 2012-08-15 21:43 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 21:43 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 21:43 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 21:43 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 21:43 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 21:43 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-13 13:14 . 2012-08-13 13:14 -------- d-----w- c:\users\Maktone\AppData\Roaming\HpUpdate 2012-08-13 13:14 . 2012-08-13 13:14 -------- d-----w- c:\windows\Hewlett-Packard 2012-08-05 09:21 . 2012-08-05 09:21 98304 ----a-r- c:\users\Maktone\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe 2012-08-02 13:00 . 2012-08-02 13:00 -------- d-----w- c:\users\Maktone\AppData\Roaming\HP 2012-08-02 08:12 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-08-02 07:46 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-08-02 07:46 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-29 23:48 . 2012-04-06 10:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-29 23:48 . 2012-04-06 10:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-29 23:48 . 2012-04-06 10:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-08-27 08:19 . 2012-03-30 16:38 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-27 08:19 . 2012-03-01 23:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 21:44 . 2012-05-17 15:15 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 12:46 . 2012-03-03 21:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-26 15:03 . 2012-04-24 14:29 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-06-26 15:02 . 2012-06-26 15:02 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-06-26 15:02 . 2012-04-24 14:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2012-06-03 09:51 . 2012-06-03 09:51 16384 ----a-w- c:\windows\system32\drivers\EIO64.sys 2012-06-02 22:19 . 2012-06-24 09:10 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-24 09:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-24 09:10 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-24 09:10 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-24 09:10 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-24 09:10 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-24 09:10 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-24 09:10 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:15 . 2012-06-24 09:10 36864 ----a-w- c:\windows\system32\wuapp.exe 2010-08-03 10:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll 2010-08-03 10:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-03-01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-03-01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}] 2012-02-14 03:43 75000 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files\Utils\Software\DAEMON Tools Pro\DTAgent.exe" [2011-03-18 839488] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016] "EADM"="c:\program files (x86)\Games\Origin\Origin.exe" [2012-08-09 3414680] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-14 286720] "THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-11 1349632] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "NBAgent"="c:\program files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288] "UpdateP2GoShortCut"="c:\program files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "LGODDFU"="c:\program files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe" [2012-07-20 27760] "RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\Utils\Sound\Apple\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe" [2012-08-03 740736] . c:\users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960] R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-14 7168] R2 MBAMService;MBAMService;c:\program files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\Utils\Internet\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-01 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-01 79360] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-25 113120] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-01 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-09-14 562456] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-09-14 23832] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-01 254528] S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-06-03 16384] S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/08 15:34];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 12:08 148976] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-03-02 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe [2012-03-02 948656] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-03-02 586880] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe [2012-03-02 1430144] S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-02 75048] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688] S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Utils\Internet\Skype\Updater\Updater.exe [2012-06-07 160944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-03-02 26136] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-08-15 56600] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder . 2012-08-30 c:\windows\Tasks\AutoKMSDaily.job - c:\windows\AutoKMS\AutoKMS.exe [2012-03-03 16:56] . 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 21:54] . 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 21:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-01 7543912] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "ROG GameFirst"="c:\program files\ASUS\ROG GameFirst\cFosSpeed.exe" [2010-11-22 1305272] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\Utils\Internet\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\Utils\Internet\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nuffieldhealth.com/Individuals/Public/Timetable/?centreId=34463|http://www.overclock.net/intel-general/858750-please-help-i7-950-temps-h70.html|http://forum.corsair.com/v3/showthread.php?t=91212|http://i56.tinypic.com/2w2or3k.jpg|http://www.techpowerup.com/downloads/1872/mirrors.php|http://forum.corsair.com/forums/forumdisplay.php?f=155|http://forum.corsair.com/v3/showthread.php?t=91212|http://forum.corsair.com/v3/showthread.php?t=88888&page=2|http://i56.tinypic.com/2w2or3k.jpg|resource:///browserconfig.properties|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1|http://www.google.co.uk/finance?q=LON:JKX . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe SafeBoot-63314297.sys AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*Ö[ÏSÏ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥JuE¥JuÖ[sT¯5Ç] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥™uE¥™uÖ[uXÏ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥ vE¥ vÖ[YbüXW] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥wÖ[øY~Ðb] "0"=hex:8a,00,36,00,00,00,00,00,00,00,00,00,80,00,49,00,6d,00,61,00,67,00,65, 00,31,00,31,00,2e,00,6a,70,67,00,45,a5,03,77,45,a5,03,77,d6,5b,f8,59,7e,d0,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:8a,00,36,00,00,00,00,00,00,00,00,00,80,00,49,00,6d,00,61,00,67,00,65, 00,31,00,32,00,2e,00,6a,70,67,00,45,a5,03,77,45,a5,03,77,d6,5b,f8,59,7e,d0,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW] "0"=hex:14,00,1f,42,25,48,1e,03,94,7b,c3,4d,b1,31,e9,46,b4,4c,8d,d5,74,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,7d,b1,0d,7b,d2,9c,93,4a,97,33,46,cc,89,02,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ÏSÏ] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ÏSÏ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥JuE¥JuÖ[sT¯5Ç] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥JuE¥JuÖ[sT¯5Ç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™uÖ[uXÏ] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™uÖ[uXÏ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ vE¥ vÖ[YbüXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ vE¥ vÖ[YbüXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥wÖ[øY~Ðb] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥wÖ[øY~Ðb\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[ÏSÏ] "0"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,31,00,2e,00,6a,70,67,00,d6, 5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\ "MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,32,00,2e,00,6a,70,67,00,d6, 5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\ "2"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,33,00,2e,00,6a,70,67,00,d6, 5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥JuE¥JuÖ[sT¯5Ç] "0"=hex:73,00,63,00,61,00,6e,00,30,00,30,00,30,00,30,00,31,00,32,00,2e,00,6a, 70,67,00,45,a5,4a,75,45,a5,4a,75,d6,5b,53,54,af,9d,35,c7,10,01,00,00,a6,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥™uE¥™uÖ[uXÏ] "0"=hex:73,00,63,00,61,00,6e,00,30,00,30,00,30,00,30,00,31,00,32,00,37,00,2e, 00,6a,70,67,00,45,a5,99,75,45,a5,99,75,d6,5b,55,58,10,06,cf,07,10,01,00,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥ vE¥ vÖ[YbüXW] "0"=hex:70,00,72,00,69,00,6e,00,63,00,65,00,73,00,73,00,72,00,6f,00,79,00,61, 00,6c,00,6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,2e,00,6a,70,67,00,45,a5,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:68,00,65,00,61,00,6c,00,74,00,68,00,63,00,65,00,6e,00,74,00,72,00,65, 00,6c,00,65,00,74,00,74,00,65,00,72,00,2e,00,6a,70,67,00,45,a5,20,76,45,a5,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥wE¥wÖ[øY~Ðb] "0"=hex:49,00,6d,00,61,00,67,00,65,00,31,00,31,00,2e,00,6a,70,67,00,45,a5,03, 77,45,a5,03,77,d6,5b,f8,59,7e,d0,1d,62,10,01,00,00,9a,00,36,00,00,00,00,00,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:49,00,6d,00,61,00,67,00,65,00,31,00,32,00,2e,00,6a,70,67,00,45,a5,03, 77,45,a5,03,77,d6,5b,f8,59,7e,d0,1d,62,10,01,00,00,9a,00,36,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW] "0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,73,00,63,00,61,00,6e,00,32, 00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW] "0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,31,00,61,00,2e,00,70,73,70, 69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,45,a5,20,76,\ "MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,66,00,6f,00,72,00,6d,00,31, 00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,\ "2"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,66,00,6f,00,72,00,6d,00,31, 00,32,00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,\ "3"=hex:77,00,61,00,72,00,77,00,69,00,63,00,6b,00,68,00,65,00,61,00,64,00,2e, 00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW] "0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,31,00,2e,00,70,73,70,69,6d, 61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,45,a5,20,76,d6,5b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\SecuROM\License information*] "datasecu"=hex:d1,f3,29,90,c2,8a,f1,a3,64,04,3b,d2,2e,1a,da,75,69,85,17,a3,43, 9f,af,f4,0f,17,7a,9e,56,1e,43,78,7c,2b,3f,b8,c6,9d,8d,9c,55,27,a7,67,8c,f3,\ "rkeysecu"=hex:fe,bc,70,b9,1d,e7,99,7e,50,0b,3b,b6,92,c6,c7,1c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\SysWOW64\ASDR.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe . ************************************************************************** . Completion time: 2012-08-30 16:54:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-30 15:54 . Pre-Run: 154,928,861,184 bytes free Post-Run: 155,130,540,032 bytes free . - - End Of File - - 24C39B34F7E19F8EB097A3285DFB00D0
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 03 Ran by SYSTEM at 2012-08-30 16:29:54 Run:2 Running from F:\ ============================================== C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55 moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\explorer.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe ==== End of Fixlog ====
  7. Thanks for helping me btw, I been struggling on this since yesterday
  8. Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 03 Ran by SYSTEM at 30-08-2012 16:09:46 Running from F:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7543912 2012-03-01] (Realtek Semiconductor) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cFosSpeed.exe [1305272 2010-11-22] (cFos Software GmbH) HKLM\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-09-14] (Intel Corporation) HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r [1349632 2010-06-11] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r [241789 2010-02-18] (Creative Technology Ltd) HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1493288 2012-01-13] (Nero AG) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe" blrun [27760 2012-07-20] (Bitleader) HKLM-x32\...\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [230696 2011-08-23] (CyberLink Corp.) HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\Utils\Sound\Apple\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S [740736 2012-08-03] (ASUS Cloud Corporation) HKU\Maktone\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe" -autorun [839488 2011-03-18] (DT Soft Ltd) HKU\Maktone\...\Run: [EADM] "C:\Program Files (x86)\Games\Origin\Origin.exe" -AutoStart [3414680 2012-08-09] (Electronic Arts) HKU\Maktone\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x] HKU\Maktone\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-16] (Samsung) HKU\Maktone\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\Maktone\...\Policies\system: [LogonHoursAction] 2 HKU\Maktone\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Mala\...\Policies\system: [LogonHoursAction] 2 HKU\Mala\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Tcpip\..\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: [NameServer]192.168.0.1 Startup: C:\Users\Maktone\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ====== 2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2012-03-01] () 2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () 2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe [948656 2012-03-01] (ASUSTeK Computer Inc.) 2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2012-03-01] () 2 AsusFanControlService; "C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe" [1430144 2012-03-01] (ASUSTeK Computer Inc.) 3 BITCOMET_HELPER_SERVICE; C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com) 2 cFosSpeedS; "C:\Program Files\ASUS\ROG GameFirst\spd.exe" -service [487096 2010-11-22] (cFos Software GmbH) 2 CLHNServiceForPowerDVD; C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-08-23] () 2 CyberLink PowerDVD 11.0 Monitor Service; "C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe" [75048 2011-09-01] (CyberLink) 2 CyberLink PowerDVD 11.0 Service; "C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe" [292136 2011-09-01] (CyberLink) 3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation) 2 MBAMService; "C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-12] () 2 SkypeUpdate; "C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies) ==================== Drivers (Whitelisted) =================== 0 AiChargerPlus; C:\Windows\System32\Drivers\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.) 0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology) 1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-03-01] () 1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2012-03-01] () 3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2012-03-01] (MCCI Corporation) 3 cFosSpeed; C:\Windows\System32\Drivers\cFosSpeed.sys [1437368 2010-11-22] (cFos Software GmbH) 3 CompFilter64; C:\Windows\System32\DRIVERS\lvbflt64.sys [25632 2012-01-17] (Logitech Inc.) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2012-03-01] (DT Soft Ltd) 1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2012-06-03] (ASUSTeK Computer Inc.) 0 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [562456 2011-09-14] (Intel Corporation) 0 iaStorF; C:\Windows\System32\Drivers\iaStorF.sys [23832 2011-09-14] (Intel Corporation) 3 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 VSPerfDrv110; \??\C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-11] (Microsoft Corporation) 2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-02] (CyberLink Corp.) 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-08-30 12:46 - 2012-08-30 13:36 - 00000000 ____D C:\FRST 2012-08-30 07:05 - 2012-08-30 07:06 - 00017576 ____A C:\Users\Maktone\Desktop\MBRCheck_08.30.12_16.05.49.txt 2012-08-30 07:05 - 2012-08-30 07:05 - 00080384 ____A C:\Users\Maktone\Desktop\MBRCheck.exe 2012-08-30 06:40 - 2012-08-30 06:40 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Maktone\Desktop\tdsskiller.exe 2012-08-30 06:21 - 2012-08-30 06:28 - 00000000 ____D C:\aws 2012-08-30 06:19 - 2012-08-30 06:19 - 00000000 ___SD C:\ComboFix 2012-08-30 06:15 - 2012-08-30 07:02 - 00000000 ___SD C:\32788R22FWJFW 2012-08-30 06:04 - 2012-08-30 06:14 - 00000000 ____D C:\Qoobox 2012-08-30 06:00 - 2012-08-30 06:00 - 04740381 ____R (Swearware) C:\Users\Maktone\Desktop\ComboFix.exe 2012-08-30 06:00 - 2012-08-30 06:00 - 00000000 ____D C:\Windows\erdnt 2012-08-30 05:52 - 2012-08-30 05:52 - 00000958 ____A C:\Windows\PFRO.log 2012-08-30 05:10 - 2012-08-30 06:42 - 00151552 ____A C:\Windows\KMSEmulator.exe 2012-08-30 05:10 - 2012-08-30 06:42 - 00000280 ____A C:\Windows\setupact.log 2012-08-30 05:10 - 2012-08-30 06:42 - 00000218 ____A C:\Windows\Tasks\AutoKMSDaily.job 2012-08-30 05:10 - 2012-08-30 06:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-30 04:00 - 2012-08-30 04:00 - 00080360 ____A C:\Users\Maktone\Desktop\Extras.Txt 2012-08-30 03:59 - 2012-08-30 06:30 - 00131762 ____A C:\Users\Maktone\Desktop\OTL.Txt 2012-08-30 03:57 - 2012-08-30 03:56 - 00598528 ____A (OldTimer Tools) C:\Users\Maktone\Desktop\OTL.exe 2012-08-30 02:54 - 2012-08-30 02:54 - 00002528 ____A C:\Users\Maktone\Desktop\RKreport[1].txt 2012-08-30 02:52 - 2012-08-30 02:54 - 00000000 ____D C:\Users\Maktone\Desktop\RK_Quarantine 2012-08-30 02:52 - 2012-08-30 02:52 - 01368576 ____A C:\Users\Maktone\Desktop\RogueKiller.exe 2012-08-30 02:48 - 2012-08-30 02:48 - 00000000 ____A C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial 2012-08-29 13:16 - 2012-08-29 13:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-24 22:52 - 2012-08-24 22:52 - 04480548 ____A C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage 2012-08-23 03:57 - 2012-08-23 03:57 - 00010240 __ASH C:\Users\Maktone\Downloads\Thumbs.db 2012-08-18 01:56 - 2012-08-18 01:56 - 21869552 ____A (Oracle Corporation) C:\Users\Maktone\Downloads\jre-7u5-windows-x64.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00000000 ____D C:\Program Files\Java 2012-08-15 13:46 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-15 13:46 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-15 13:46 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-15 13:46 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-15 13:46 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-15 13:46 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-15 13:46 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-15 13:46 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-15 13:46 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-15 13:46 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-15 13:46 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-15 13:46 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-15 13:46 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-15 13:46 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-15 13:46 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-15 13:46 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-15 13:46 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-15 13:46 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-15 13:46 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-15 13:46 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-15 13:46 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-15 13:46 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-15 13:46 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-15 13:46 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-15 13:46 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-15 13:46 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-15 13:46 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-15 13:46 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 13:43 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-15 13:43 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-15 13:43 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-15 13:43 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-15 13:43 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-08-15 13:43 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-08-15 13:43 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-15 12:39 - 2012-08-15 12:41 - 00000000 ____D C:\Users\Maktone\Documents\Google Sketchup 2012-08-15 11:30 - 2012-08-15 11:30 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qgmcd7q.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.uwm8ndt.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qf0qnn3.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.f6u4cl9.partial 2012-08-13 05:14 - 2012-08-13 05:14 - 00000000 ____D C:\Windows\Hewlett-Packard 2012-08-13 05:14 - 2012-08-13 05:14 - 00000000 ____D C:\Users\Maktone\AppData\Roaming\HpUpdate 2012-08-05 01:23 - 2012-08-05 01:23 - 00000000 ____D C:\Users\Maktone\Desktop\New folder (2) 2012-08-05 01:21 - 2012-08-05 01:21 - 00002535 ____A C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk 2012-08-05 01:21 - 2012-08-05 01:21 - 00000000 ____D C:\Users\Maktone\AppData\Local\Apps\Windows 7 USB DVD Download Tool 2012-08-02 05:00 - 2012-08-02 05:00 - 00000000 ____D C:\Users\Maktone\AppData\Roaming\HP 2012-08-02 00:12 - 2010-02-23 00:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe 2012-08-01 23:59 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-08-01 23:59 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-08-01 23:59 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-08-01 23:59 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-08-01 23:59 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-08-01 23:59 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-08-01 23:59 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-08-01 23:59 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-08-01 23:59 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-08-01 23:59 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-08-01 23:59 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-08-01 23:59 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-08-01 23:59 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-08-01 23:59 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-08-01 23:59 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-08-01 23:59 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-08-01 23:59 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-08-01 23:59 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-08-01 23:59 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-08-01 23:46 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2012-08-01 23:46 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys 2012-08-01 23:44 - 2012-08-01 23:45 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Maktone\Downloads\Kies_2.3.2.12064_10_1 (1).exe ==================== 3 Months Modified Files ================================ 2012-08-30 12:47 - 2012-08-30 12:47 - 00000167 ____A C:\file.txt 2012-08-30 07:06 - 2012-08-30 07:05 - 00017576 ____A C:\Users\Maktone\Desktop\MBRCheck_08.30.12_16.05.49.txt 2012-08-30 07:05 - 2012-08-30 07:05 - 00080384 ____A C:\Users\Maktone\Desktop\MBRCheck.exe 2012-08-30 06:46 - 2009-07-13 21:13 - 00782078 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-30 06:43 - 2012-03-06 17:54 - 00001649 ____A C:\Users\Maktone\Desktop\MySyncFolder.lnk 2012-08-30 06:42 - 2012-08-30 05:10 - 00151552 ____A C:\Windows\KMSEmulator.exe 2012-08-30 06:42 - 2012-08-30 05:10 - 00000280 ____A C:\Windows\setupact.log 2012-08-30 06:42 - 2012-08-30 05:10 - 00000218 ____A C:\Windows\Tasks\AutoKMSDaily.job 2012-08-30 06:42 - 2012-08-30 05:10 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-30 06:42 - 2012-03-01 13:54 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-30 06:40 - 2012-08-30 06:40 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Maktone\Desktop\tdsskiller.exe 2012-08-30 06:30 - 2012-08-30 03:59 - 00131762 ____A C:\Users\Maktone\Desktop\OTL.Txt 2012-08-30 06:23 - 2012-03-08 05:55 - 00000386 ____A C:\Windows\lgfwup.ini 2012-08-30 06:00 - 2012-08-30 06:00 - 04740381 ____R (Swearware) C:\Users\Maktone\Desktop\ComboFix.exe 2012-08-30 05:52 - 2012-08-30 05:52 - 00000958 ____A C:\Windows\PFRO.log 2012-08-30 05:15 - 2012-03-01 13:54 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-30 04:00 - 2012-08-30 04:00 - 00080360 ____A C:\Users\Maktone\Desktop\Extras.Txt 2012-08-30 03:56 - 2012-08-30 03:57 - 00598528 ____A (OldTimer Tools) C:\Users\Maktone\Desktop\OTL.exe 2012-08-30 02:54 - 2012-08-30 02:54 - 00002528 ____A C:\Users\Maktone\Desktop\RKreport[1].txt 2012-08-30 02:52 - 2012-08-30 02:52 - 01368576 ____A C:\Users\Maktone\Desktop\RogueKiller.exe 2012-08-30 02:48 - 2012-08-30 02:48 - 00000000 ____A C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial 2012-08-30 02:28 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-29 15:48 - 2012-04-06 02:56 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-08-29 15:48 - 2012-04-06 02:56 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-08-29 15:48 - 2012-04-06 02:56 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-08-29 13:11 - 2012-03-01 13:19 - 01487231 ____A C:\Windows\WindowsUpdate.log 2012-08-27 00:19 - 2012-03-30 08:38 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-27 00:19 - 2012-03-01 15:20 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-26 16:10 - 2009-07-13 20:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-26 16:10 - 2009-07-13 20:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-24 22:52 - 2012-08-24 22:52 - 04480548 ____A C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage 2012-08-23 03:57 - 2012-08-23 03:57 - 00010240 __ASH C:\Users\Maktone\Downloads\Thumbs.db 2012-08-21 16:18 - 2012-03-01 13:55 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-08-19 05:21 - 2012-03-06 17:52 - 00001242 ____A C:\Users\Public\Desktop\ASUS WebStorage.lnk 2012-08-18 01:56 - 2012-08-18 01:56 - 21869552 ____A (Oracle Corporation) C:\Users\Maktone\Downloads\jre-7u5-windows-x64.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-15 13:58 - 2009-07-13 20:45 - 00352032 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-15 13:44 - 2012-05-17 07:15 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-15 11:30 - 2012-08-15 11:30 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qgmcd7q.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.uwm8ndt.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qf0qnn3.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.f6u4cl9.partial 2012-08-05 01:21 - 2012-08-05 01:21 - 00002535 ____A C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk 2012-08-01 23:46 - 2012-04-24 07:10 - 00001961 ____A C:\Users\Public\Desktop\Samsung Kies.lnk 2012-08-01 23:45 - 2012-08-01 23:44 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Maktone\Downloads\Kies_2.3.2.12064_10_1 (1).exe 2012-08-01 23:36 - 2012-04-24 06:21 - 00001901 ____A C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk 2012-07-25 08:24 - 2012-07-25 08:22 - 00001908 ____A C:\Windows\diagwrn.xml 2012-07-25 08:24 - 2012-07-25 08:22 - 00001908 ____A C:\Windows\diagerr.xml 2012-07-25 08:22 - 2012-03-09 01:36 - 00000000 ____A C:\Windows\setuperr.log 2012-07-20 04:00 - 2012-03-03 13:52 - 00001354 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-18 10:15 - 2012-08-15 13:43 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-09 06:27 - 2012-07-09 06:27 - 00000103 ____A C:\Users\Maktone\Documents\passport.txt 2012-07-04 14:16 - 2012-08-15 13:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-15 13:43 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-15 13:43 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-15 13:43 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-15 13:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-07-03 04:46 - 2012-03-03 13:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-02 08:05 - 2012-07-02 08:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-07-02 08:05 - 2012-07-02 08:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-07-01 00:31 - 2012-07-01 00:32 - 00001250 ____A C:\Users\Maktone\Desktop\PlayMaxPayne3 - Shortcut.lnk 2012-06-28 20:55 - 2012-08-15 13:46 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 20:09 - 2012-08-15 13:46 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 19:56 - 2012-08-15 13:46 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 19:49 - 2012-08-15 13:46 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 19:49 - 2012-08-15 13:46 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 19:48 - 2012-08-15 13:46 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 19:47 - 2012-08-15 13:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 19:45 - 2012-08-15 13:46 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 19:44 - 2012-08-15 13:46 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 19:43 - 2012-08-15 13:46 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 19:42 - 2012-08-15 13:46 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 19:40 - 2012-08-15 13:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 19:39 - 2012-08-15 13:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 19:35 - 2012-08-15 13:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-28 16:52 - 2012-08-15 13:46 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-28 16:27 - 2012-08-15 13:46 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-28 16:16 - 2012-08-15 13:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-28 16:09 - 2012-08-15 13:46 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-28 16:09 - 2012-08-15 13:46 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-28 16:08 - 2012-08-15 13:46 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-28 16:07 - 2012-08-15 13:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-28 16:06 - 2012-08-15 13:46 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-28 16:04 - 2012-08-15 13:46 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-28 16:04 - 2012-08-15 13:46 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-28 16:01 - 2012-08-15 13:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-28 16:01 - 2012-08-15 13:46 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-28 16:00 - 2012-08-15 13:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-28 15:57 - 2012-08-15 13:46 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-26 12:58 - 2012-06-26 12:58 - 00000078 ____A C:\Users\Maktone\Documents\michael.txt 2012-06-26 07:03 - 2012-04-24 06:29 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2012-06-26 07:02 - 2012-06-26 07:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll 2012-06-26 07:02 - 2012-04-24 06:57 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll 2012-06-22 10:42 - 2012-06-22 10:42 - 00020628 ____A C:\Users\Maktone\Downloads\579023.zip 2012-06-13 09:53 - 2012-06-13 09:53 - 00088856 ____A C:\Users\Mala\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-13 09:53 - 2012-06-13 09:53 - 00001008 _RASH C:\Users\Mala\ntuser.pol 2012-06-13 09:53 - 2012-06-13 09:53 - 00000020 ___SH C:\Users\Mala\ntuser.ini 2012-06-13 09:53 - 2012-03-01 16:51 - 00000632 _RASH C:\Users\Maktone\ntuser.pol 2012-06-13 00:30 - 2012-06-13 00:30 - 00002039 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-13 00:28 - 2012-06-13 00:28 - 00001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-06-08 21:43 - 2012-08-01 23:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-08-01 23:59 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-08-01 23:59 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-08-01 23:59 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-08-01 23:59 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-08-01 23:59 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-08-01 23:59 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-08-01 23:59 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 14:47 - 2012-06-05 14:47 - 22717310 ____A C:\Users\Maktone\Downloads\GPUTweakVer2150.zip 2012-06-05 14:45 - 2012-06-05 14:45 - 00524928 ____A C:\Users\Maktone\Downloads\560UpdateBIOS (1).rar 2012-06-05 14:42 - 2012-06-05 14:42 - 00524928 ____A C:\Users\Maktone\Downloads\560UpdateBIOS.rar 2012-06-05 14:20 - 2012-06-05 14:20 - 00283362 ____A C:\Windows\msxml4-KB973688-enu.LOG 2012-06-05 03:25 - 2012-06-05 03:25 - 00008714 ____A C:\Users\Maktone\Documents\PaKi.txt 2012-06-05 03:08 - 2012-06-05 03:08 - 00000009 ____A C:\Users\Maktone\Documents\PaKi.m3u 2012-06-03 23:59 - 2012-08-01 23:46 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2012-06-03 23:59 - 2012-08-01 23:46 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys 2012-06-03 02:02 - 2012-06-03 02:02 - 00291440 ____A C:\Windows\Minidump\060312-29218-01.dmp 2012-06-03 02:02 - 2012-06-03 01:57 - 805135207 ____A C:\Windows\MEMORY.DMP 2012-06-03 01:57 - 2012-06-03 01:57 - 00290832 ____A C:\Windows\Minidump\060312-20373-01.dmp 2012-06-03 01:53 - 2012-06-03 01:53 - 22232105 ____A C:\Users\Maktone\Downloads\GPUTweakVer2124.zip 2012-06-03 01:51 - 2012-06-03 01:51 - 00016384 ____A (ASUSTeK Computer Inc.) C:\Windows\System32\Drivers\EIO64.sys 2012-06-03 01:51 - 2012-03-01 14:07 - 00019170 ____A C:\Windows\DPINST.LOG 2012-06-03 01:50 - 2012-06-03 01:50 - 19243963 ____A C:\Users\Maktone\Downloads\SmartDoc_5_82.zip 2012-06-02 16:31 - 2012-06-02 16:31 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2012-06-02 14:19 - 2012-06-24 01:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-24 01:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-24 01:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-24 01:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-24 01:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-24 01:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-24 01:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 06:19 - 2012-06-24 01:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 06:15 - 2012-06-24 01:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2012-03-01 15:08] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16360.36 MB Available physical RAM: 15149.21 MB Total Pagefile: 16358.56 MB Available Pagefile: 15145.06 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================ 1 Drive c: (Azmo) (Fixed) (Total:223.56 GB) (Free:144.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive f: () (Removable) (Total:7.47 GB) (Free:3.18 GB) NTFS 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (NoToRiOuS) (Fixed) (Total:1862.89 GB) (Free:1205.04 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 0 B * Disk 1 Online 223 GB 6144 KB Disk 2 Online 7652 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Reserved 128 MB 17 KB Partition 2 Primary 1862 GB 129 MB ================================================================================== Disk: 0 Partition 1 Type : e3c9e316-0b5c-4db8-817d-f92df00215ae Hidden : Yes Required: No Attrib : 0000000000000000 There is no volume associated with this partition. ================================================================================== Disk: 0 Partition 2 Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Hidden : No Required: No Attrib : 0000000000000000 Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y NoToRiOuS NTFS Partition 1862 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 223 GB 4096 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Azmo NTFS Partition 223 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7651 MB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F NTFS Removable 7651 MB Healthy ================================================================================== Last Boot: 2012-08-27 05:38 ==================== End Of Log =============================
  9. post too long so attached it TDSSKiller.2.8.8.0_30.08.2012_15.51.08_log.txt
  10. 15:40:34.0580 5328 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 15:40:34.0596 5328 ============================================================ 15:40:34.0596 5328 Current date / time: 2012/08/30 15:40:34.0596 15:40:34.0596 5328 SystemInfo: 15:40:34.0596 5328 15:40:34.0596 5328 OS Version: 6.1.7601 ServicePack: 1.0 15:40:34.0596 5328 Product type: Workstation 15:40:34.0596 5328 ComputerName: AZMOSIS 15:40:34.0596 5328 UserName: Maktone 15:40:34.0596 5328 Windows directory: C:\Windows 15:40:34.0596 5328 System windows directory: C:\Windows 15:40:34.0596 5328 Running under WOW64 15:40:34.0596 5328 Processor architecture: Intel x64 15:40:34.0596 5328 Number of processors: 8 15:40:34.0596 5328 Page size: 0x1000 15:40:34.0596 5328 Boot type: Normal boot 15:40:34.0596 5328 ============================================================ 15:40:35.0157 5328 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:40:35.0157 5328 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:40:35.0376 5328 Drive \Device\Harddisk2\DR5 - Size: 0x1DE400000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:40:35.0391 5328 ============================================================ 15:40:35.0391 5328 \Device\Harddisk0\DR0: 15:40:35.0391 5328 MBR partitions: 15:40:35.0391 5328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x1BF20000 15:40:35.0391 5328 \Device\Harddisk1\DR1: 15:40:35.0391 5328 GPT partitions: 15:40:35.0391 5328 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8A15E5D0-050B-454A-A928-1664B8B62AF8}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000 15:40:35.0391 5328 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DA340C0D-2945-4151-B7E5-126FFCA47ED6}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000 15:40:35.0391 5328 MBR partitions: 15:40:35.0391 5328 \Device\Harddisk2\DR5: 15:40:35.0391 5328 MBR partitions: 15:40:35.0391 5328 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEF1FC1 15:40:35.0391 5328 ============================================================ 15:40:35.0391 5328 C: <-> \Device\Harddisk0\DR0\Partition1 15:40:35.0407 5328 D: <-> \Device\Harddisk1\DR1\Partition2 15:40:35.0407 5328 ============================================================ 15:40:35.0407 5328 Initialize success 15:40:35.0407 5328 ============================================================ 15:41:08.0541 1712 Deinitialize success
  11. This is the quickscan after the internet was activated: OTL logfile created on: 30/08/2012 15:29:00 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.98 Gb Total Physical Memory | 13.52 Gb Available Physical Memory | 84.61% Memory free 31.95 Gb Paging File | 29.28 Gb Available in Paging File | 91.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223.56 Gb Total Space | 144.39 Gb Free Space | 64.58% Space Free | Partition Type: NTFS Drive D: | 1862.89 Gb Total Space | 1205.04 Gb Free Space | 64.69% Space Free | Partition Type: NTFS Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe PRC - [2012/08/03 10:38:54 | 000,740,736 | ---- | M] (ASUS Cloud Corporation) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/20 12:10:43 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\fwupdate.exe PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe PRC - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe PRC - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe PRC - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Suite II.exe PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/09/19 17:17:24 | 001,119,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe PRC - [2011/09/14 16:41:58 | 000,286,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe PRC - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe PRC - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2011/09/07 16:13:06 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\EPU\EPUHelp.exe PRC - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/08/24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe PRC - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/18 12:40:50 | 000,839,488 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe PRC - [2011/03/18 12:40:46 | 000,377,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AsRoutineController.exe PRC - [2010/11/21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010/11/08 16:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe PRC - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe PRC - [2002/03/15 22:43:00 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe ========== Modules (No Company Name) ========== MOD - [2012/07/23 15:10:28 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2012/06/13 09:21:03 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll MOD - [2012/06/13 09:17:54 | 000,335,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6fdaf4d2968973c0667f94c5bdeb0b9f\IAStorUtil.ni.dll MOD - [2012/06/13 08:50:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/13 08:50:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/13 08:50:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/18 17:49:14 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll MOD - [2012/05/17 16:25:58 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll MOD - [2012/05/17 16:25:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll MOD - [2012/05/17 16:25:56 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll MOD - [2012/05/17 16:25:56 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll MOD - [2012/05/17 16:25:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\c8c86990be4c601bba900fe50a82f829\IAStorDataMgrSvcInterfaces.ni.dll MOD - [2012/05/17 16:25:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/17 16:25:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b251e1073d227047cbbf9771cb194910\IAStorCommon.ni.dll MOD - [2012/05/17 16:21:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012/05/17 16:21:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/17 16:21:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/17 16:21:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/17 16:21:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/03/09 16:26:33 | 000,039,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll MOD - [2012/03/02 01:12:07 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMLib.dll MOD - [2011/12/28 12:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\Sensor.dll MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/10/14 21:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\TabGadget\TabGadget.dll MOD - [2011/10/13 16:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ASUS Update\Update.dll MOD - [2011/09/29 12:36:54 | 001,046,016 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Probe_II\ProbeII.dll MOD - [2011/09/26 20:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011/09/26 19:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011/09/20 19:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\BarGadget\BarGadget.dll MOD - [2011/09/19 21:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Settings\Settings.dll MOD - [2011/09/05 08:19:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll MOD - [2011/08/23 17:19:52 | 001,294,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\MyLogo\MyLogo.dll MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/07/21 10:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Splitter\Splitter.dll MOD - [2011/07/12 20:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AssistFunc.dll MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/10/05 09:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\pngio.dll MOD - [2010/10/05 09:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ImageHelper.dll MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\pngio.dll MOD - [2007/03/13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll MOD - [2007/02/28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/02/09 21:05:56 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV:64bit: - [2011/06/29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/11/22 15:56:12 | 000,487,096 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\ROG GameFirst\spd.exe -- (cFosSpeedS) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/25 17:04:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe -- (AsusFanControlService) SRV - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe -- (asHmComSvc) SRV - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc) SRV - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012/03/01 23:05:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012/03/01 23:04:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/01/30 19:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/04 08:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012/06/04 08:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012/06/03 10:51:58 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64) DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/02 01:12:51 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2012/03/02 00:30:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/01/18 07:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64) DRV:64bit: - [2011/12/12 05:32:04 | 000,067,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011/09/21 11:25:52 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011/09/14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/09/14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/09/14 16:43:30 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011/09/14 16:43:30 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011/08/15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/07/20 02:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/03/23 16:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/22 15:56:14 | 001,437,368 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed) DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010/02/22 16:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011/09/02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/03/08 15:34:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 A8 28 64 93 83 CD 01 [binary data] IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.nuffieldhealth.com/Individuals/Public/Timetable/?centreId=34463|http://www.overclock.net/intel-general/858750-please-help-i7-950-temps-h70.html|http://forum.corsair.com/v3/showthread.php?t=91212|http://i56.tinypic.com/2w2or3k.jpg|http://www.techpowerup.com/downloads/1872/mirrors.php|http://forum.corsair.com/forums/forumdisplay.php?f=155|http://forum.corsair.com/v3/showthread.php?t=91212|http://forum.corsair.com/v3/showthread.php?t=88888&page=2|http://i56.tinypic.com/2w2or3k.jpg|resource:///browserconfig.properties|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1|http://www.google.co.uk/finance?q=LON:JKX" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] [2012/03/02 01:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Extensions [2012/07/25 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\extensions [2012/05/31 21:48:34 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012/07/25 17:04:18 | 000,670,738 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Skype Click to Call = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [EADM] C:\Program Files (x86)\Games\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/30 21:46:47 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/30 15:21:42 | 000,000,000 | ---D | C] -- C:\aws [2012/08/30 15:19:14 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/08/30 15:15:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/08/30 15:04:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/30 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/30 15:00:42 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 12:57:17 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\RK_Quarantine [2012/08/29 22:16:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/18 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/08/15 21:39:00 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Documents\Google Sketchup [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HpUpdate [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012/08/05 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\New folder (2) [2012/08/05 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2012/08/02 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HP [2012/08/02 08:46:21 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012/08/02 08:46:21 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/30 15:25:54 | 000,782,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/30 15:25:54 | 000,666,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/30 15:25:54 | 000,126,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/30 15:23:27 | 000,000,386 | ---- | M] () -- C:\Windows\lgfwup.ini [2012/08/30 15:21:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 15:21:42 | 000,001,649 | ---- | M] () -- C:\Users\Maktone\Desktop\MySyncFolder.lnk [2012/08/30 15:21:37 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2012/08/30 15:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/30 15:21:22 | 4276,375,550 | -HS- | M] () -- C:\hiberfil.sys [2012/08/30 15:00:10 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 14:15:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | M] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | M] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/08/30 00:48:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/08/29 15:43:16 | 000,052,662 | ---- | M] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:08 | 000,074,709 | ---- | M] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:34 | 000,050,324 | ---- | M] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:50:00 | 000,095,160 | ---- | M] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:35 | 000,050,727 | ---- | M] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:19 | 000,056,240 | ---- | M] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:43:13 | 000,066,044 | ---- | M] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/25 07:52:27 | 004,480,548 | ---- | M] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/22 01:18:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/19 14:21:48 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk [2012/08/15 22:58:57 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/15 15:55:38 | 000,021,608 | ---- | M] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | M] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | M] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | M] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | M] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/08/02 08:46:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/08/02 08:46:07 | 000,001,985 | ---- | M] () -- C:\Users\Maktone\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2012/08/02 08:36:43 | 000,001,901 | ---- | M] () -- C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/30 14:10:14 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 14:10:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | C] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | C] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/29 15:43:16 | 000,052,662 | ---- | C] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:19 | 000,074,709 | ---- | C] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:24 | 000,050,324 | ---- | C] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:49:39 | 000,095,160 | ---- | C] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:21 | 000,050,727 | ---- | C] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:10 | 000,056,240 | ---- | C] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:42:59 | 000,066,044 | ---- | C] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/25 07:52:26 | 004,480,548 | ---- | C] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/15 15:55:38 | 000,021,608 | ---- | C] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:23:55 | 000,594,525 | ---- | C] () -- C:\Users\Maktone\Desktop\projectthesis2.pdf [2012/08/05 10:23:50 | 003,314,736 | ---- | C] () -- C:\Users\Maktone\Desktop\graphs.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | C] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | C] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | C] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | C] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/05/13 13:31:19 | 000,115,406 | ---- | C] () -- C:\Windows\hpgins28.dat [2012/05/13 13:31:19 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat [2012/04/27 17:48:12 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/04/27 17:48:12 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/04/06 11:56:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/04/06 11:56:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/03/08 15:45:41 | 000,007,598 | ---- | C] () -- C:\Users\Maktone\AppData\Local\Resmon.ResmonCfg [2012/03/08 14:55:20 | 000,000,386 | ---- | C] () -- C:\Windows\lgfwup.ini [2012/03/03 12:35:39 | 032,461,312 | ---- | C] () -- C:\Windows\SysWow64\Office 2010 Toolkit.exe [2012/03/03 12:35:39 | 000,000,751 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini [2012/03/02 02:40:58 | 005,472,848 | ---- | C] () -- C:\Windows\PE_File.dll [2012/03/02 02:36:15 | 005,412,720 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012/03/02 02:27:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012/03/02 01:51:30 | 000,000,632 | RHS- | C] () -- C:\Users\Maktone\ntuser.pol [2012/03/02 00:48:54 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012/03/02 00:48:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012/03/02 00:48:52 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012/03/01 23:06:11 | 000,765,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/01 23:06:07 | 000,007,594 | ---- | C] () -- C:\Windows\SysWow64\xFiMB2CfgUninstall32.ini [2012/03/01 23:06:07 | 000,005,135 | ---- | C] () -- C:\Windows\SysWow64\cfgfx.ini [2012/03/01 23:06:07 | 000,002,775 | ---- | C] () -- C:\Windows\FF08_Render_Spk.ini [2012/03/01 23:06:07 | 000,002,411 | ---- | C] () -- C:\Windows\FF08_Render_Hp.ini [2012/03/01 23:06:07 | 000,002,267 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2012/03/01 23:06:07 | 000,001,542 | ---- | C] () -- C:\Windows\FF08_Render.ini [2012/03/01 23:06:03 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/03/01 23:06:00 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/03/01 23:06:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/03/01 22:51:04 | 000,056,512 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012/03/01 22:38:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/03/01 22:38:42 | 000,040,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config ========== LOP Check ========== [2012/08/30 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\ASUS WebStorage [2012/08/30 00:46:57 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\BitComet [2012/04/06 21:37:49 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\CometPlayer [2012/03/02 00:30:33 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\DAEMON Tools Pro [2012/03/09 02:09:02 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Leadertech [2012/04/25 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\oald8 [2012/08/26 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Origin [2012/04/19 11:10:12 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\picpick [2012/08/02 08:45:50 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Samsung [2012/03/11 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\tigerplayer [2012/05/13 13:14:27 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Ulead Systems [2012/06/13 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Mala\AppData\Roaming\ASUS WebStorage [2012/06/13 18:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mala\AppData\Roaming\DAEMON Tools Pro [2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job [2012/08/30 11:28:50 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/08/02 15:23:27 | 000,015,453 | ---- | M] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,015,453 | ---- | C] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | M] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | C] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx < End of report >
  12. OTL logfile created on: 30/08/2012 15:23:55 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.98 Gb Total Physical Memory | 13.85 Gb Available Physical Memory | 86.70% Memory free 31.95 Gb Paging File | 29.62 Gb Available in Paging File | 92.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223.56 Gb Total Space | 144.39 Gb Free Space | 64.59% Space Free | Partition Type: NTFS Drive D: | 1862.89 Gb Total Space | 1205.04 Gb Free Space | 64.69% Space Free | Partition Type: NTFS Drive F: | 7.47 Gb Total Space | 3.18 Gb Free Space | 42.59% Space Free | Partition Type: NTFS Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe PRC - [2012/08/03 10:38:54 | 000,740,736 | ---- | M] (ASUS Cloud Corporation) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/20 12:10:43 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\fwupdate.exe PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe PRC - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe PRC - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe PRC - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Suite II.exe PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/09/19 17:17:24 | 001,119,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe PRC - [2011/09/14 16:41:58 | 000,286,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe PRC - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe PRC - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2011/09/07 16:13:06 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\EPU\EPUHelp.exe PRC - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/08/24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe PRC - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/18 12:40:50 | 000,839,488 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe PRC - [2011/03/18 12:40:46 | 000,377,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AsRoutineController.exe PRC - [2010/11/21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010/11/08 16:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe PRC - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe PRC - [2002/03/15 22:43:00 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe ========== Modules (No Company Name) ========== MOD - [2012/07/23 15:10:28 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2012/06/13 09:21:03 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll MOD - [2012/06/13 09:17:54 | 000,335,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6fdaf4d2968973c0667f94c5bdeb0b9f\IAStorUtil.ni.dll MOD - [2012/06/13 08:50:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/13 08:50:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/13 08:50:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/18 17:49:14 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll MOD - [2012/05/17 16:25:58 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll MOD - [2012/05/17 16:25:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll MOD - [2012/05/17 16:25:56 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll MOD - [2012/05/17 16:25:56 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll MOD - [2012/05/17 16:25:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\c8c86990be4c601bba900fe50a82f829\IAStorDataMgrSvcInterfaces.ni.dll MOD - [2012/05/17 16:25:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/17 16:25:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b251e1073d227047cbbf9771cb194910\IAStorCommon.ni.dll MOD - [2012/05/17 16:21:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012/05/17 16:21:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/17 16:21:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/17 16:21:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/17 16:21:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/03/09 16:26:33 | 000,039,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll MOD - [2012/03/02 01:12:07 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMLib.dll MOD - [2011/12/28 12:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\Sensor.dll MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/10/14 21:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\TabGadget\TabGadget.dll MOD - [2011/10/13 16:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ASUS Update\Update.dll MOD - [2011/09/29 12:36:54 | 001,046,016 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Probe_II\ProbeII.dll MOD - [2011/09/26 20:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011/09/26 19:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011/09/20 19:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\BarGadget\BarGadget.dll MOD - [2011/09/19 21:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Settings\Settings.dll MOD - [2011/09/05 08:19:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll MOD - [2011/08/23 17:19:52 | 001,294,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\MyLogo\MyLogo.dll MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/07/21 10:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Splitter\Splitter.dll MOD - [2011/07/12 20:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AssistFunc.dll MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/10/05 09:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\pngio.dll MOD - [2010/10/05 09:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ImageHelper.dll MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\pngio.dll MOD - [2007/03/13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll MOD - [2007/02/28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/02/09 21:05:56 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV:64bit: - [2011/06/29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/11/22 15:56:12 | 000,487,096 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\ROG GameFirst\spd.exe -- (cFosSpeedS) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/25 17:04:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe -- (AsusFanControlService) SRV - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe -- (asHmComSvc) SRV - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc) SRV - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012/03/01 23:05:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012/03/01 23:04:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/01/30 19:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/04 08:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012/06/04 08:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012/06/03 10:51:58 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64) DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/02 01:12:51 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2012/03/02 00:30:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/01/18 07:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64) DRV:64bit: - [2011/12/12 05:32:04 | 000,067,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011/09/21 11:25:52 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011/09/14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/09/14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/09/14 16:43:30 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011/09/14 16:43:30 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011/08/15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/07/20 02:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/03/23 16:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/22 15:56:14 | 001,437,368 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed) DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010/02/22 16:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011/09/02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/03/08 15:34:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 A8 28 64 93 83 CD 01 [binary data] IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.nuffieldhealth.com/Individuals/Public/Timetable/?centreId=34463|http://www.overclock.net/intel-general/858750-please-help-i7-950-temps-h70.html|http://forum.corsair.com/v3/showthread.php?t=91212|http://i56.tinypic.com/2w2or3k.jpg|http://www.techpowerup.com/downloads/1872/mirrors.php|http://forum.corsair.com/forums/forumdisplay.php?f=155|http://forum.corsair.com/v3/showthread.php?t=91212|http://forum.corsair.com/v3/showthread.php?t=88888&page=2|http://i56.tinypic.com/2w2or3k.jpg|resource:///browserconfig.properties|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1|http://www.google.co.uk/finance?q=LON:JKX" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] [2012/03/02 01:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Extensions [2012/07/25 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\extensions [2012/05/31 21:48:34 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012/07/25 17:04:18 | 000,670,738 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Skype Click to Call = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [EADM] C:\Program Files (x86)\Games\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/08/30 12:16:22 | 000,000,100 | ---- | M] () - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/30 21:46:47 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/30 15:21:42 | 000,000,000 | ---D | C] -- C:\aws [2012/08/30 15:19:14 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/08/30 15:15:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/08/30 15:04:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/30 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/30 15:00:42 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 12:57:17 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\RK_Quarantine [2012/08/29 22:16:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/18 10:56:21 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/08/18 10:56:21 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/08/18 10:56:21 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/08/18 10:56:20 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/08/18 10:56:20 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/08/18 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/08/15 22:46:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/08/15 22:46:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/08/15 22:46:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/08/15 22:46:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/08/15 22:46:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/08/15 22:46:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/08/15 22:46:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/08/15 22:46:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/08/15 22:46:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/08/15 22:46:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/08/15 22:46:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/08/15 22:46:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/08/15 22:46:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/08/15 22:43:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/08/15 22:43:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012/08/15 22:43:37 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012/08/15 22:43:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012/08/15 21:39:00 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Documents\Google Sketchup [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HpUpdate [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012/08/05 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\New folder (2) [2012/08/05 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2012/08/02 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HP [2012/08/02 09:12:31 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012/08/02 08:59:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/08/02 08:59:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/08/02 08:59:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/08/02 08:59:48 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/08/02 08:59:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/08/02 08:46:21 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012/08/02 08:46:21 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/30 15:23:27 | 000,000,386 | ---- | M] () -- C:\Windows\lgfwup.ini [2012/08/30 15:21:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 15:21:42 | 000,001,649 | ---- | M] () -- C:\Users\Maktone\Desktop\MySyncFolder.lnk [2012/08/30 15:21:37 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2012/08/30 15:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/30 15:21:22 | 4276,375,550 | -HS- | M] () -- C:\hiberfil.sys [2012/08/30 15:01:53 | 000,782,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/30 15:01:53 | 000,666,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/30 15:01:53 | 000,126,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/30 15:00:10 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 14:15:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | M] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | M] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/08/30 00:48:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/08/29 15:43:16 | 000,052,662 | ---- | M] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:08 | 000,074,709 | ---- | M] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:34 | 000,050,324 | ---- | M] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:50:00 | 000,095,160 | ---- | M] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:35 | 000,050,727 | ---- | M] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:19 | 000,056,240 | ---- | M] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:43:13 | 000,066,044 | ---- | M] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/27 09:19:28 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/27 09:19:28 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/25 07:52:27 | 004,480,548 | ---- | M] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/22 01:18:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/19 14:21:48 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk [2012/08/18 10:56:18 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/08/18 10:56:18 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/08/18 10:56:18 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/08/18 10:56:18 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/08/18 10:56:18 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/08/15 22:58:57 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/15 15:55:38 | 000,021,608 | ---- | M] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | M] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | M] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | M] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | M] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/08/02 08:46:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/08/02 08:46:07 | 000,001,985 | ---- | M] () -- C:\Users\Maktone\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2012/08/02 08:36:43 | 000,001,901 | ---- | M] () -- C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/30 14:10:14 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 14:10:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | C] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | C] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/29 15:43:16 | 000,052,662 | ---- | C] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:19 | 000,074,709 | ---- | C] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:24 | 000,050,324 | ---- | C] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:49:39 | 000,095,160 | ---- | C] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:21 | 000,050,727 | ---- | C] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:10 | 000,056,240 | ---- | C] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:42:59 | 000,066,044 | ---- | C] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/25 07:52:26 | 004,480,548 | ---- | C] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/15 15:55:38 | 000,021,608 | ---- | C] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:23:55 | 000,594,525 | ---- | C] () -- C:\Users\Maktone\Desktop\projectthesis2.pdf [2012/08/05 10:23:50 | 003,314,736 | ---- | C] () -- C:\Users\Maktone\Desktop\graphs.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | C] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | C] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | C] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | C] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/05/13 13:31:19 | 000,115,406 | ---- | C] () -- C:\Windows\hpgins28.dat [2012/05/13 13:31:19 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat [2012/04/27 17:48:12 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/04/27 17:48:12 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/04/06 11:56:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/04/06 11:56:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/03/08 15:45:41 | 000,007,598 | ---- | C] () -- C:\Users\Maktone\AppData\Local\Resmon.ResmonCfg [2012/03/08 14:55:20 | 000,000,386 | ---- | C] () -- C:\Windows\lgfwup.ini [2012/03/03 12:35:39 | 032,461,312 | ---- | C] () -- C:\Windows\SysWow64\Office 2010 Toolkit.exe [2012/03/03 12:35:39 | 000,000,751 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini [2012/03/02 02:40:58 | 005,472,848 | ---- | C] () -- C:\Windows\PE_File.dll [2012/03/02 02:36:15 | 005,412,720 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012/03/02 02:27:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012/03/02 01:51:30 | 000,000,632 | RHS- | C] () -- C:\Users\Maktone\ntuser.pol [2012/03/02 00:48:54 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012/03/02 00:48:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012/03/02 00:48:52 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012/03/01 23:06:11 | 000,765,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/01 23:06:07 | 000,007,594 | ---- | C] () -- C:\Windows\SysWow64\xFiMB2CfgUninstall32.ini [2012/03/01 23:06:07 | 000,005,135 | ---- | C] () -- C:\Windows\SysWow64\cfgfx.ini [2012/03/01 23:06:07 | 000,002,775 | ---- | C] () -- C:\Windows\FF08_Render_Spk.ini [2012/03/01 23:06:07 | 000,002,411 | ---- | C] () -- C:\Windows\FF08_Render_Hp.ini [2012/03/01 23:06:07 | 000,002,267 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2012/03/01 23:06:07 | 000,001,542 | ---- | C] () -- C:\Windows\FF08_Render.ini [2012/03/01 23:06:03 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/03/01 23:06:00 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/03/01 23:06:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/03/01 22:51:04 | 000,056,512 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012/03/01 22:38:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/03/01 22:38:42 | 000,040,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config ========== Files - Unicode (All) ========== [2012/08/02 15:23:27 | 000,015,453 | ---- | M] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,015,453 | ---- | C] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | M] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | C] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx < End of report >