maktone

hi restarted internet not working, the lan is not showing disconnection but when i open browser it comes up with error

As i i dragged the file into combo and its doing its blue screen completed stage again.

well I just did your instructions anyway

Before I could do what you wrote combo had already restarted windows and reloaded and deleted files I submitted the log just before you posted. However my internet is not connecting anymore on that.

ComboFix 12-08-29.03 - Maktone 30/08/2012 16:47:38.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16360.13707 [GMT 1:00] Running from: c:\users\Maktone\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20120829083616.610798 c:\users\Maktone\AppData\Local\assembly\tmp c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56404E46-CA66-4F56-B44B-CBC5DC0A428C}.xps c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{62326664-50CA-449E-BB8C-5C3575F2EA07}.xps c:\users\Maktone\AppData\Local\Microsoft\Windows\Temporary Internet Files\{77E438AD-4319-4F83-A6EF-8D43F0DE7C22}.xps c:\users\Maktone\Documents\~WRL0823.tmp c:\windows\SysWow64\d2d1debug1.dll c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\settings.ini c:\windows\SysWow64\System32\MASetupCleaner.exe c:\windows\SysWow64\System32\muzapp.exe c:\windows\SysWow64\tmpD98C.tmp c:\windows\SysWow64\tmpD9EA.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 ))))))))))))))))))))))))))))))) . . 2012-08-30 20:46 . 2012-08-30 21:36 -------- d-----w- C:\FRST 2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-30 15:50 . 2012-08-30 15:50 -------- d-----w- c:\users\Mala\AppData\Local\temp 2012-08-30 13:10 . 2012-08-30 15:36 151552 ----a-w- c:\windows\KMSEmulator.exe 2012-08-29 21:16 . 2012-08-29 21:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-18 09:56 . 2012-08-18 09:56 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-18 09:56 . 2012-08-18 09:56 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-18 09:56 . 2012-08-18 09:56 268784 ----a-w- c:\windows\system32\javaws.exe 2012-08-18 09:56 . 2012-08-18 09:56 189424 ----a-w- c:\windows\system32\javaw.exe 2012-08-18 09:56 . 2012-08-18 09:56 188912 ----a-w- c:\windows\system32\java.exe 2012-08-18 09:56 . 2012-08-18 09:56 -------- d-----w- c:\program files\Java 2012-08-15 21:43 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 21:43 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 21:43 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 21:43 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 21:43 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 21:43 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-13 13:14 . 2012-08-13 13:14 -------- d-----w- c:\users\Maktone\AppData\Roaming\HpUpdate 2012-08-13 13:14 . 2012-08-13 13:14 -------- d-----w- c:\windows\Hewlett-Packard 2012-08-05 09:21 . 2012-08-05 09:21 98304 ----a-r- c:\users\Maktone\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe 2012-08-02 13:00 . 2012-08-02 13:00 -------- d-----w- c:\users\Maktone\AppData\Roaming\HP 2012-08-02 08:12 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-08-02 07:46 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-08-02 07:46 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-29 23:48 . 2012-04-06 10:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-29 23:48 . 2012-04-06 10:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-29 23:48 . 2012-04-06 10:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-08-27 08:19 . 2012-03-30 16:38 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-27 08:19 . 2012-03-01 23:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 21:44 . 2012-05-17 15:15 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 12:46 . 2012-03-03 21:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-26 15:03 . 2012-04-24 14:29 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-06-26 15:02 . 2012-06-26 15:02 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-06-26 15:02 . 2012-04-24 14:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2012-06-03 09:51 . 2012-06-03 09:51 16384 ----a-w- c:\windows\system32\drivers\EIO64.sys 2012-06-02 22:19 . 2012-06-24 09:10 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-24 09:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-24 09:10 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-24 09:10 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-24 09:10 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-24 09:10 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-24 09:10 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-24 09:10 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:15 . 2012-06-24 09:10 36864 ----a-w- c:\windows\system32\wuapp.exe 2010-08-03 10:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll 2010-08-03 10:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-03-01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-03-01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}] 2012-02-14 03:43 75000 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files\Utils\Software\DAEMON Tools Pro\DTAgent.exe" [2011-03-18 839488] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016] "EADM"="c:\program files (x86)\Games\Origin\Origin.exe" [2012-08-09 3414680] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-14 286720] "THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-11 1349632] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "NBAgent"="c:\program files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288] "UpdateP2GoShortCut"="c:\program files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "LGODDFU"="c:\program files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe" [2012-07-20 27760] "RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\Utils\Sound\Apple\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe" [2012-08-03 740736] . c:\users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960] R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-14 7168] R2 MBAMService;MBAMService;c:\program files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\Utils\Internet\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-01 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-01 79360] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-25 113120] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-01 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-09-14 562456] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-09-14 23832] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-01 254528] S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-06-03 16384] S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/08 15:34];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 12:08 148976] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-03-02 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe [2012-03-02 948656] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-03-02 586880] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe [2012-03-02 1430144] S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-02 75048] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688] S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Utils\Internet\Skype\Updater\Updater.exe [2012-06-07 160944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-03-02 26136] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-08-15 56600] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder . 2012-08-30 c:\windows\Tasks\AutoKMSDaily.job - c:\windows\AutoKMS\AutoKMS.exe [2012-03-03 16:56] . 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 21:54] . 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 21:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-01 7543912] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "ROG GameFirst"="c:\program files\ASUS\ROG GameFirst\cFosSpeed.exe" [2010-11-22 1305272] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\Utils\Internet\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\Utils\Internet\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nuffieldhealth.com/Individuals/Public/Timetable/?centreId=34463|http://www.overclock.net/intel-general/858750-please-help-i7-950-temps-h70.html|http://forum.corsair.com/v3/showthread.php?t=91212|http://i56.tinypic.com/2w2or3k.jpg|http://www.techpowerup.com/downloads/1872/mirrors.php|http://forum.corsair.com/forums/forumdisplay.php?f=155|http://forum.corsair.com/v3/showthread.php?t=91212|http://forum.corsair.com/v3/showthread.php?t=88888&page=2|http://i56.tinypic.com/2w2or3k.jpg|resource:///browserconfig.properties|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1|http://www.google.co.uk/finance?q=LON:JKX . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe SafeBoot-63314297.sys AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*Ö[ÏSÏ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥JuE¥JuÖ[sT¯5Ç] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥™uE¥™uÖ[uXÏ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥ vE¥ vÖ[YbüXW] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥wE¥wÖ[øY~Ðb] "0"=hex:8a,00,36,00,00,00,00,00,00,00,00,00,80,00,49,00,6d,00,61,00,67,00,65, 00,31,00,31,00,2e,00,6a,70,67,00,45,a5,03,77,45,a5,03,77,d6,5b,f8,59,7e,d0,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:8a,00,36,00,00,00,00,00,00,00,00,00,80,00,49,00,6d,00,61,00,67,00,65, 00,31,00,32,00,2e,00,6a,70,67,00,45,a5,03,77,45,a5,03,77,d6,5b,f8,59,7e,d0,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ "3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,d0,9a,d3,fd,8f,23,af,46,ad,b4,6c,85,48,03,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW] "0"=hex:14,00,1f,42,25,48,1e,03,94,7b,c3,4d,b1,31,e9,46,b4,4c,8d,d5,74,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,7d,b1,0d,7b,d2,9c,93,4a,97,33,46,cc,89,02,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ÏSÏ] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Ö[ÏSÏ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥JuE¥JuÖ[sT¯5Ç] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥JuE¥JuÖ[sT¯5Ç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™uÖ[uXÏ] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™uÖ[uXÏ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ vE¥ vÖ[YbüXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ vE¥ vÖ[YbüXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥wÖ[øY~Ðb] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥wE¥wÖ[øY~Ðb\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*Ö[ÏSÏ] "0"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,31,00,2e,00,6a,70,67,00,d6, 5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\ "MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,32,00,2e,00,6a,70,67,00,d6, 5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\ "2"=hex:73,00,61,00,76,00,69,00,6e,00,67,00,73,00,33,00,2e,00,6a,70,67,00,d6, 5b,cf,53,15,ef,05,15,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥JuE¥JuÖ[sT¯5Ç] "0"=hex:73,00,63,00,61,00,6e,00,30,00,30,00,30,00,30,00,31,00,32,00,2e,00,6a, 70,67,00,45,a5,4a,75,45,a5,4a,75,d6,5b,53,54,af,9d,35,c7,10,01,00,00,a6,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥™uE¥™uÖ[uXÏ] "0"=hex:73,00,63,00,61,00,6e,00,30,00,30,00,30,00,30,00,31,00,32,00,37,00,2e, 00,6a,70,67,00,45,a5,99,75,45,a5,99,75,d6,5b,55,58,10,06,cf,07,10,01,00,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥ vE¥ vÖ[YbüXW] "0"=hex:70,00,72,00,69,00,6e,00,63,00,65,00,73,00,73,00,72,00,6f,00,79,00,61, 00,6c,00,6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,2e,00,6a,70,67,00,45,a5,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:68,00,65,00,61,00,6c,00,74,00,68,00,63,00,65,00,6e,00,74,00,72,00,65, 00,6c,00,65,00,74,00,74,00,65,00,72,00,2e,00,6a,70,67,00,45,a5,20,76,45,a5,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥wE¥wÖ[øY~Ðb] "0"=hex:49,00,6d,00,61,00,67,00,65,00,31,00,31,00,2e,00,6a,70,67,00,45,a5,03, 77,45,a5,03,77,d6,5b,f8,59,7e,d0,1d,62,10,01,00,00,9a,00,36,00,00,00,00,00,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:49,00,6d,00,61,00,67,00,65,00,31,00,32,00,2e,00,6a,70,67,00,45,a5,03, 77,45,a5,03,77,d6,5b,f8,59,7e,d0,1d,62,10,01,00,00,9a,00,36,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YâáXW] "0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,73,00,63,00,61,00,6e,00,32, 00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YbüXW] "0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,31,00,61,00,2e,00,70,73,70, 69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,45,a5,20,76,\ "MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,66,00,6f,00,72,00,6d,00,31, 00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,\ "2"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,66,00,6f,00,72,00,6d,00,31, 00,32,00,2e,00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,\ "3"=hex:77,00,61,00,72,00,77,00,69,00,63,00,6b,00,68,00,65,00,61,00,64,00,2e, 00,70,73,70,69,6d,61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,\ . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*e#væmæ€þÿÿÿE¥ vE¥ vÖ[YÒÿXW] "0"=hex:6d,00,65,00,64,00,69,00,63,00,61,00,6c,00,31,00,2e,00,70,73,70,69,6d, 61,67,65,00,65,23,76,e6,6d,e6,80,fe,ff,ff,ff,45,a5,20,76,45,a5,20,76,d6,5b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\SecuROM\License information*] "datasecu"=hex:d1,f3,29,90,c2,8a,f1,a3,64,04,3b,d2,2e,1a,da,75,69,85,17,a3,43, 9f,af,f4,0f,17,7a,9e,56,1e,43,78,7c,2b,3f,b8,c6,9d,8d,9c,55,27,a7,67,8c,f3,\ "rkeysecu"=hex:fe,bc,70,b9,1d,e7,99,7e,50,0b,3b,b6,92,c6,c7,1c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\SysWOW64\ASDR.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe . ************************************************************************** . Completion time: 2012-08-30 16:54:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-30 15:54 . Pre-Run: 154,928,861,184 bytes free Post-Run: 155,130,540,032 bytes free . - - End Of File - - 24C39B34F7E19F8EB097A3285DFB00D0

it restarted windows

yesss combo is running

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 03 Ran by SYSTEM at 2012-08-30 16:29:54 Run:2 Running from F:\ ============================================== C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55 moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\explorer.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe ==== End of Fixlog ====

Thanks for helping me btw, I been struggling on this since yesterday

Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 03 Ran by SYSTEM at 30-08-2012 16:09:46 Running from F:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7543912 2012-03-01] (Realtek Semiconductor) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cFosSpeed.exe [1305272 2010-11-22] (cFos Software GmbH) HKLM\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-09-14] (Intel Corporation) HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r [1349632 2010-06-11] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r [241789 2010-02-18] (Creative Technology Ltd) HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1493288 2012-01-13] (Nero AG) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe" blrun [27760 2012-07-20] (Bitleader) HKLM-x32\...\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [230696 2011-08-23] (CyberLink Corp.) HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\Utils\Sound\Apple\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S [740736 2012-08-03] (ASUS Cloud Corporation) HKU\Maktone\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe" -autorun [839488 2011-03-18] (DT Soft Ltd) HKU\Maktone\...\Run: [EADM] "C:\Program Files (x86)\Games\Origin\Origin.exe" -AutoStart [3414680 2012-08-09] (Electronic Arts) HKU\Maktone\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x] HKU\Maktone\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-16] (Samsung) HKU\Maktone\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\Maktone\...\Policies\system: [LogonHoursAction] 2 HKU\Maktone\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Mala\...\Policies\system: [LogonHoursAction] 2 HKU\Mala\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Tcpip\..\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: [NameServer]192.168.0.1 Startup: C:\Users\Maktone\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ====== 2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2012-03-01] () 2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () 2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe [948656 2012-03-01] (ASUSTeK Computer Inc.) 2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2012-03-01] () 2 AsusFanControlService; "C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe" [1430144 2012-03-01] (ASUSTeK Computer Inc.) 3 BITCOMET_HELPER_SERVICE; C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com) 2 cFosSpeedS; "C:\Program Files\ASUS\ROG GameFirst\spd.exe" -service [487096 2010-11-22] (cFos Software GmbH) 2 CLHNServiceForPowerDVD; C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-08-23] () 2 CyberLink PowerDVD 11.0 Monitor Service; "C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe" [75048 2011-09-01] (CyberLink) 2 CyberLink PowerDVD 11.0 Service; "C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe" [292136 2011-09-01] (CyberLink) 3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation) 2 MBAMService; "C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-12] () 2 SkypeUpdate; "C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies) ==================== Drivers (Whitelisted) =================== 0 AiChargerPlus; C:\Windows\System32\Drivers\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.) 0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology) 1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-03-01] () 1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2012-03-01] () 3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2012-03-01] (MCCI Corporation) 3 cFosSpeed; C:\Windows\System32\Drivers\cFosSpeed.sys [1437368 2010-11-22] (cFos Software GmbH) 3 CompFilter64; C:\Windows\System32\DRIVERS\lvbflt64.sys [25632 2012-01-17] (Logitech Inc.) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2012-03-01] (DT Soft Ltd) 1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2012-06-03] (ASUSTeK Computer Inc.) 0 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [562456 2011-09-14] (Intel Corporation) 0 iaStorF; C:\Windows\System32\Drivers\iaStorF.sys [23832 2011-09-14] (Intel Corporation) 3 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 VSPerfDrv110; \??\C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-11] (Microsoft Corporation) 2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-02] (CyberLink Corp.) 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-08-30 12:46 - 2012-08-30 13:36 - 00000000 ____D C:\FRST 2012-08-30 07:05 - 2012-08-30 07:06 - 00017576 ____A C:\Users\Maktone\Desktop\MBRCheck_08.30.12_16.05.49.txt 2012-08-30 07:05 - 2012-08-30 07:05 - 00080384 ____A C:\Users\Maktone\Desktop\MBRCheck.exe 2012-08-30 06:40 - 2012-08-30 06:40 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Maktone\Desktop\tdsskiller.exe 2012-08-30 06:21 - 2012-08-30 06:28 - 00000000 ____D C:\aws 2012-08-30 06:19 - 2012-08-30 06:19 - 00000000 ___SD C:\ComboFix 2012-08-30 06:15 - 2012-08-30 07:02 - 00000000 ___SD C:\32788R22FWJFW 2012-08-30 06:04 - 2012-08-30 06:14 - 00000000 ____D C:\Qoobox 2012-08-30 06:00 - 2012-08-30 06:00 - 04740381 ____R (Swearware) C:\Users\Maktone\Desktop\ComboFix.exe 2012-08-30 06:00 - 2012-08-30 06:00 - 00000000 ____D C:\Windows\erdnt 2012-08-30 05:52 - 2012-08-30 05:52 - 00000958 ____A C:\Windows\PFRO.log 2012-08-30 05:10 - 2012-08-30 06:42 - 00151552 ____A C:\Windows\KMSEmulator.exe 2012-08-30 05:10 - 2012-08-30 06:42 - 00000280 ____A C:\Windows\setupact.log 2012-08-30 05:10 - 2012-08-30 06:42 - 00000218 ____A C:\Windows\Tasks\AutoKMSDaily.job 2012-08-30 05:10 - 2012-08-30 06:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-30 04:00 - 2012-08-30 04:00 - 00080360 ____A C:\Users\Maktone\Desktop\Extras.Txt 2012-08-30 03:59 - 2012-08-30 06:30 - 00131762 ____A C:\Users\Maktone\Desktop\OTL.Txt 2012-08-30 03:57 - 2012-08-30 03:56 - 00598528 ____A (OldTimer Tools) C:\Users\Maktone\Desktop\OTL.exe 2012-08-30 02:54 - 2012-08-30 02:54 - 00002528 ____A C:\Users\Maktone\Desktop\RKreport[1].txt 2012-08-30 02:52 - 2012-08-30 02:54 - 00000000 ____D C:\Users\Maktone\Desktop\RK_Quarantine 2012-08-30 02:52 - 2012-08-30 02:52 - 01368576 ____A C:\Users\Maktone\Desktop\RogueKiller.exe 2012-08-30 02:48 - 2012-08-30 02:48 - 00000000 ____A C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial 2012-08-29 13:16 - 2012-08-29 13:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-24 22:52 - 2012-08-24 22:52 - 04480548 ____A C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage 2012-08-23 03:57 - 2012-08-23 03:57 - 00010240 __ASH C:\Users\Maktone\Downloads\Thumbs.db 2012-08-18 01:56 - 2012-08-18 01:56 - 21869552 ____A (Oracle Corporation) C:\Users\Maktone\Downloads\jre-7u5-windows-x64.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00000000 ____D C:\Program Files\Java 2012-08-15 13:46 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-15 13:46 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-15 13:46 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-15 13:46 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-15 13:46 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-15 13:46 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-15 13:46 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-15 13:46 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-15 13:46 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-15 13:46 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-15 13:46 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-15 13:46 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-15 13:46 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-15 13:46 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-15 13:46 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-15 13:46 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-15 13:46 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-15 13:46 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-15 13:46 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-15 13:46 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-15 13:46 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-15 13:46 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-15 13:46 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-15 13:46 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-15 13:46 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-15 13:46 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-15 13:46 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-15 13:46 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 13:43 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-15 13:43 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-15 13:43 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-15 13:43 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-15 13:43 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-08-15 13:43 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-08-15 13:43 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-15 12:39 - 2012-08-15 12:41 - 00000000 ____D C:\Users\Maktone\Documents\Google Sketchup 2012-08-15 11:30 - 2012-08-15 11:30 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qgmcd7q.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.uwm8ndt.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qf0qnn3.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.f6u4cl9.partial 2012-08-13 05:14 - 2012-08-13 05:14 - 00000000 ____D C:\Windows\Hewlett-Packard 2012-08-13 05:14 - 2012-08-13 05:14 - 00000000 ____D C:\Users\Maktone\AppData\Roaming\HpUpdate 2012-08-05 01:23 - 2012-08-05 01:23 - 00000000 ____D C:\Users\Maktone\Desktop\New folder (2) 2012-08-05 01:21 - 2012-08-05 01:21 - 00002535 ____A C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk 2012-08-05 01:21 - 2012-08-05 01:21 - 00000000 ____D C:\Users\Maktone\AppData\Local\Apps\Windows 7 USB DVD Download Tool 2012-08-02 05:00 - 2012-08-02 05:00 - 00000000 ____D C:\Users\Maktone\AppData\Roaming\HP 2012-08-02 00:12 - 2010-02-23 00:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe 2012-08-01 23:59 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-08-01 23:59 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-08-01 23:59 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-08-01 23:59 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-08-01 23:59 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-08-01 23:59 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-08-01 23:59 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-08-01 23:59 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-08-01 23:59 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-08-01 23:59 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-08-01 23:59 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-08-01 23:59 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-08-01 23:59 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-08-01 23:59 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-08-01 23:59 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-08-01 23:59 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-08-01 23:59 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-08-01 23:59 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-08-01 23:59 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-08-01 23:46 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2012-08-01 23:46 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys 2012-08-01 23:44 - 2012-08-01 23:45 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Maktone\Downloads\Kies_2.3.2.12064_10_1 (1).exe ==================== 3 Months Modified Files ================================ 2012-08-30 12:47 - 2012-08-30 12:47 - 00000167 ____A C:\file.txt 2012-08-30 07:06 - 2012-08-30 07:05 - 00017576 ____A C:\Users\Maktone\Desktop\MBRCheck_08.30.12_16.05.49.txt 2012-08-30 07:05 - 2012-08-30 07:05 - 00080384 ____A C:\Users\Maktone\Desktop\MBRCheck.exe 2012-08-30 06:46 - 2009-07-13 21:13 - 00782078 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-30 06:43 - 2012-03-06 17:54 - 00001649 ____A C:\Users\Maktone\Desktop\MySyncFolder.lnk 2012-08-30 06:42 - 2012-08-30 05:10 - 00151552 ____A C:\Windows\KMSEmulator.exe 2012-08-30 06:42 - 2012-08-30 05:10 - 00000280 ____A C:\Windows\setupact.log 2012-08-30 06:42 - 2012-08-30 05:10 - 00000218 ____A C:\Windows\Tasks\AutoKMSDaily.job 2012-08-30 06:42 - 2012-08-30 05:10 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-30 06:42 - 2012-03-01 13:54 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-30 06:40 - 2012-08-30 06:40 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Maktone\Desktop\tdsskiller.exe 2012-08-30 06:30 - 2012-08-30 03:59 - 00131762 ____A C:\Users\Maktone\Desktop\OTL.Txt 2012-08-30 06:23 - 2012-03-08 05:55 - 00000386 ____A C:\Windows\lgfwup.ini 2012-08-30 06:00 - 2012-08-30 06:00 - 04740381 ____R (Swearware) C:\Users\Maktone\Desktop\ComboFix.exe 2012-08-30 05:52 - 2012-08-30 05:52 - 00000958 ____A C:\Windows\PFRO.log 2012-08-30 05:15 - 2012-03-01 13:54 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-30 04:00 - 2012-08-30 04:00 - 00080360 ____A C:\Users\Maktone\Desktop\Extras.Txt 2012-08-30 03:56 - 2012-08-30 03:57 - 00598528 ____A (OldTimer Tools) C:\Users\Maktone\Desktop\OTL.exe 2012-08-30 02:54 - 2012-08-30 02:54 - 00002528 ____A C:\Users\Maktone\Desktop\RKreport[1].txt 2012-08-30 02:52 - 2012-08-30 02:52 - 01368576 ____A C:\Users\Maktone\Desktop\RogueKiller.exe 2012-08-30 02:48 - 2012-08-30 02:48 - 00000000 ____A C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial 2012-08-30 02:28 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-29 15:48 - 2012-04-06 02:56 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-08-29 15:48 - 2012-04-06 02:56 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-08-29 15:48 - 2012-04-06 02:56 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-08-29 13:11 - 2012-03-01 13:19 - 01487231 ____A C:\Windows\WindowsUpdate.log 2012-08-27 00:19 - 2012-03-30 08:38 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-27 00:19 - 2012-03-01 15:20 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-26 16:10 - 2009-07-13 20:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-26 16:10 - 2009-07-13 20:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-24 22:52 - 2012-08-24 22:52 - 04480548 ____A C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage 2012-08-23 03:57 - 2012-08-23 03:57 - 00010240 __ASH C:\Users\Maktone\Downloads\Thumbs.db 2012-08-21 16:18 - 2012-03-01 13:55 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-08-19 05:21 - 2012-03-06 17:52 - 00001242 ____A C:\Users\Public\Desktop\ASUS WebStorage.lnk 2012-08-18 01:56 - 2012-08-18 01:56 - 21869552 ____A (Oracle Corporation) C:\Users\Maktone\Downloads\jre-7u5-windows-x64.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-08-18 01:56 - 2012-08-18 01:56 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-18 01:56 - 2012-08-18 01:56 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-15 13:58 - 2009-07-13 20:45 - 00352032 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-15 13:44 - 2012-05-17 07:15 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-15 11:30 - 2012-08-15 11:30 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qgmcd7q.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.uwm8ndt.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.qf0qnn3.partial 2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____A C:\Users\Maktone\Downloads\0395 - Dune - Who Wants To Live Forever_mp3.f6u4cl9.partial 2012-08-05 01:21 - 2012-08-05 01:21 - 00002535 ____A C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk 2012-08-01 23:46 - 2012-04-24 07:10 - 00001961 ____A C:\Users\Public\Desktop\Samsung Kies.lnk 2012-08-01 23:45 - 2012-08-01 23:44 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Maktone\Downloads\Kies_2.3.2.12064_10_1 (1).exe 2012-08-01 23:36 - 2012-04-24 06:21 - 00001901 ____A C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk 2012-07-25 08:24 - 2012-07-25 08:22 - 00001908 ____A C:\Windows\diagwrn.xml 2012-07-25 08:24 - 2012-07-25 08:22 - 00001908 ____A C:\Windows\diagerr.xml 2012-07-25 08:22 - 2012-03-09 01:36 - 00000000 ____A C:\Windows\setuperr.log 2012-07-20 04:00 - 2012-03-03 13:52 - 00001354 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-18 10:15 - 2012-08-15 13:43 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-09 06:27 - 2012-07-09 06:27 - 00000103 ____A C:\Users\Maktone\Documents\passport.txt 2012-07-04 14:16 - 2012-08-15 13:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-15 13:43 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-15 13:43 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-15 13:43 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-15 13:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-07-03 04:46 - 2012-03-03 13:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-02 08:05 - 2012-07-02 08:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-07-02 08:05 - 2012-07-02 08:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-07-01 00:31 - 2012-07-01 00:32 - 00001250 ____A C:\Users\Maktone\Desktop\PlayMaxPayne3 - Shortcut.lnk 2012-06-28 20:55 - 2012-08-15 13:46 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 20:09 - 2012-08-15 13:46 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 19:56 - 2012-08-15 13:46 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 19:49 - 2012-08-15 13:46 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 19:49 - 2012-08-15 13:46 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 19:48 - 2012-08-15 13:46 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 19:47 - 2012-08-15 13:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 19:45 - 2012-08-15 13:46 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 19:44 - 2012-08-15 13:46 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 19:43 - 2012-08-15 13:46 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 19:42 - 2012-08-15 13:46 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 19:40 - 2012-08-15 13:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 19:39 - 2012-08-15 13:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 19:35 - 2012-08-15 13:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-28 16:52 - 2012-08-15 13:46 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-28 16:27 - 2012-08-15 13:46 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-28 16:16 - 2012-08-15 13:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-28 16:09 - 2012-08-15 13:46 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-28 16:09 - 2012-08-15 13:46 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-28 16:08 - 2012-08-15 13:46 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-28 16:07 - 2012-08-15 13:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-28 16:06 - 2012-08-15 13:46 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-28 16:04 - 2012-08-15 13:46 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-28 16:04 - 2012-08-15 13:46 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-28 16:01 - 2012-08-15 13:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-28 16:01 - 2012-08-15 13:46 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-28 16:00 - 2012-08-15 13:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-28 15:57 - 2012-08-15 13:46 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-26 12:58 - 2012-06-26 12:58 - 00000078 ____A C:\Users\Maktone\Documents\michael.txt 2012-06-26 07:03 - 2012-04-24 06:29 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2012-06-26 07:02 - 2012-06-26 07:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll 2012-06-26 07:02 - 2012-04-24 06:57 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll 2012-06-22 10:42 - 2012-06-22 10:42 - 00020628 ____A C:\Users\Maktone\Downloads\579023.zip 2012-06-13 09:53 - 2012-06-13 09:53 - 00088856 ____A C:\Users\Mala\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-13 09:53 - 2012-06-13 09:53 - 00001008 _RASH C:\Users\Mala\ntuser.pol 2012-06-13 09:53 - 2012-06-13 09:53 - 00000020 ___SH C:\Users\Mala\ntuser.ini 2012-06-13 09:53 - 2012-03-01 16:51 - 00000632 _RASH C:\Users\Maktone\ntuser.pol 2012-06-13 00:30 - 2012-06-13 00:30 - 00002039 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-13 00:28 - 2012-06-13 00:28 - 00001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-06-08 21:43 - 2012-08-01 23:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-08-01 23:59 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-08-01 23:59 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-08-01 23:59 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-08-01 23:59 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-08-01 23:59 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-08-01 23:59 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-08-01 23:59 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 14:47 - 2012-06-05 14:47 - 22717310 ____A C:\Users\Maktone\Downloads\GPUTweakVer2150.zip 2012-06-05 14:45 - 2012-06-05 14:45 - 00524928 ____A C:\Users\Maktone\Downloads\560UpdateBIOS (1).rar 2012-06-05 14:42 - 2012-06-05 14:42 - 00524928 ____A C:\Users\Maktone\Downloads\560UpdateBIOS.rar 2012-06-05 14:20 - 2012-06-05 14:20 - 00283362 ____A C:\Windows\msxml4-KB973688-enu.LOG 2012-06-05 03:25 - 2012-06-05 03:25 - 00008714 ____A C:\Users\Maktone\Documents\PaKi.txt 2012-06-05 03:08 - 2012-06-05 03:08 - 00000009 ____A C:\Users\Maktone\Documents\PaKi.m3u 2012-06-03 23:59 - 2012-08-01 23:46 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2012-06-03 23:59 - 2012-08-01 23:46 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys 2012-06-03 02:02 - 2012-06-03 02:02 - 00291440 ____A C:\Windows\Minidump\060312-29218-01.dmp 2012-06-03 02:02 - 2012-06-03 01:57 - 805135207 ____A C:\Windows\MEMORY.DMP 2012-06-03 01:57 - 2012-06-03 01:57 - 00290832 ____A C:\Windows\Minidump\060312-20373-01.dmp 2012-06-03 01:53 - 2012-06-03 01:53 - 22232105 ____A C:\Users\Maktone\Downloads\GPUTweakVer2124.zip 2012-06-03 01:51 - 2012-06-03 01:51 - 00016384 ____A (ASUSTeK Computer Inc.) C:\Windows\System32\Drivers\EIO64.sys 2012-06-03 01:51 - 2012-03-01 14:07 - 00019170 ____A C:\Windows\DPINST.LOG 2012-06-03 01:50 - 2012-06-03 01:50 - 19243963 ____A C:\Users\Maktone\Downloads\SmartDoc_5_82.zip 2012-06-02 16:31 - 2012-06-02 16:31 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2012-06-02 14:19 - 2012-06-24 01:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-24 01:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-24 01:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-24 01:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-24 01:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-24 01:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-24 01:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 06:19 - 2012-06-24 01:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 06:15 - 2012-06-24 01:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2012-03-01 15:08] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16360.36 MB Available physical RAM: 15149.21 MB Total Pagefile: 16358.56 MB Available Pagefile: 15145.06 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================ 1 Drive c: (Azmo) (Fixed) (Total:223.56 GB) (Free:144.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive f: () (Removable) (Total:7.47 GB) (Free:3.18 GB) NTFS 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (NoToRiOuS) (Fixed) (Total:1862.89 GB) (Free:1205.04 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1863 GB 0 B * Disk 1 Online 223 GB 6144 KB Disk 2 Online 7652 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Reserved 128 MB 17 KB Partition 2 Primary 1862 GB 129 MB ================================================================================== Disk: 0 Partition 1 Type : e3c9e316-0b5c-4db8-817d-f92df00215ae Hidden : Yes Required: No Attrib : 0000000000000000 There is no volume associated with this partition. ================================================================================== Disk: 0 Partition 2 Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Hidden : No Required: No Attrib : 0000000000000000 Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y NoToRiOuS NTFS Partition 1862 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 223 GB 4096 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Azmo NTFS Partition 223 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7651 MB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F NTFS Removable 7651 MB Healthy ================================================================================== Last Boot: 2012-08-27 05:38 ==================== End Of Log =============================

post too long so attached it TDSSKiller.2.8.8.0_30.08.2012_15.51.08_log.txt

15:40:34.0580 5328 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 15:40:34.0596 5328 ============================================================ 15:40:34.0596 5328 Current date / time: 2012/08/30 15:40:34.0596 15:40:34.0596 5328 SystemInfo: 15:40:34.0596 5328 15:40:34.0596 5328 OS Version: 6.1.7601 ServicePack: 1.0 15:40:34.0596 5328 Product type: Workstation 15:40:34.0596 5328 ComputerName: AZMOSIS 15:40:34.0596 5328 UserName: Maktone 15:40:34.0596 5328 Windows directory: C:\Windows 15:40:34.0596 5328 System windows directory: C:\Windows 15:40:34.0596 5328 Running under WOW64 15:40:34.0596 5328 Processor architecture: Intel x64 15:40:34.0596 5328 Number of processors: 8 15:40:34.0596 5328 Page size: 0x1000 15:40:34.0596 5328 Boot type: Normal boot 15:40:34.0596 5328 ============================================================ 15:40:35.0157 5328 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:40:35.0157 5328 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:40:35.0376 5328 Drive \Device\Harddisk2\DR5 - Size: 0x1DE400000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:40:35.0391 5328 ============================================================ 15:40:35.0391 5328 \Device\Harddisk0\DR0: 15:40:35.0391 5328 MBR partitions: 15:40:35.0391 5328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x1BF20000 15:40:35.0391 5328 \Device\Harddisk1\DR1: 15:40:35.0391 5328 GPT partitions: 15:40:35.0391 5328 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8A15E5D0-050B-454A-A928-1664B8B62AF8}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000 15:40:35.0391 5328 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DA340C0D-2945-4151-B7E5-126FFCA47ED6}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000 15:40:35.0391 5328 MBR partitions: 15:40:35.0391 5328 \Device\Harddisk2\DR5: 15:40:35.0391 5328 MBR partitions: 15:40:35.0391 5328 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEF1FC1 15:40:35.0391 5328 ============================================================ 15:40:35.0391 5328 C: <-> \Device\Harddisk0\DR0\Partition1 15:40:35.0407 5328 D: <-> \Device\Harddisk1\DR1\Partition2 15:40:35.0407 5328 ============================================================ 15:40:35.0407 5328 Initialize success 15:40:35.0407 5328 ============================================================ 15:41:08.0541 1712 Deinitialize success

This is the quickscan after the internet was activated: OTL logfile created on: 30/08/2012 15:29:00 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.98 Gb Total Physical Memory | 13.52 Gb Available Physical Memory | 84.61% Memory free 31.95 Gb Paging File | 29.28 Gb Available in Paging File | 91.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223.56 Gb Total Space | 144.39 Gb Free Space | 64.58% Space Free | Partition Type: NTFS Drive D: | 1862.89 Gb Total Space | 1205.04 Gb Free Space | 64.69% Space Free | Partition Type: NTFS Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe PRC - [2012/08/03 10:38:54 | 000,740,736 | ---- | M] (ASUS Cloud Corporation) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/20 12:10:43 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\fwupdate.exe PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe PRC - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe PRC - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe PRC - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Suite II.exe PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/09/19 17:17:24 | 001,119,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe PRC - [2011/09/14 16:41:58 | 000,286,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe PRC - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe PRC - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2011/09/07 16:13:06 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\EPU\EPUHelp.exe PRC - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/08/24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe PRC - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/18 12:40:50 | 000,839,488 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe PRC - [2011/03/18 12:40:46 | 000,377,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AsRoutineController.exe PRC - [2010/11/21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010/11/08 16:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe PRC - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe PRC - [2002/03/15 22:43:00 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe ========== Modules (No Company Name) ========== MOD - [2012/07/23 15:10:28 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2012/06/13 09:21:03 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll MOD - [2012/06/13 09:17:54 | 000,335,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6fdaf4d2968973c0667f94c5bdeb0b9f\IAStorUtil.ni.dll MOD - [2012/06/13 08:50:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/13 08:50:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/13 08:50:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/18 17:49:14 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll MOD - [2012/05/17 16:25:58 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll MOD - [2012/05/17 16:25:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll MOD - [2012/05/17 16:25:56 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll MOD - [2012/05/17 16:25:56 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll MOD - [2012/05/17 16:25:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\c8c86990be4c601bba900fe50a82f829\IAStorDataMgrSvcInterfaces.ni.dll MOD - [2012/05/17 16:25:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/17 16:25:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b251e1073d227047cbbf9771cb194910\IAStorCommon.ni.dll MOD - [2012/05/17 16:21:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012/05/17 16:21:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/17 16:21:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/17 16:21:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/17 16:21:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/03/09 16:26:33 | 000,039,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll MOD - [2012/03/02 01:12:07 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMLib.dll MOD - [2011/12/28 12:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\Sensor.dll MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/10/14 21:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\TabGadget\TabGadget.dll MOD - [2011/10/13 16:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ASUS Update\Update.dll MOD - [2011/09/29 12:36:54 | 001,046,016 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Probe_II\ProbeII.dll MOD - [2011/09/26 20:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011/09/26 19:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011/09/20 19:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\BarGadget\BarGadget.dll MOD - [2011/09/19 21:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Settings\Settings.dll MOD - [2011/09/05 08:19:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll MOD - [2011/08/23 17:19:52 | 001,294,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\MyLogo\MyLogo.dll MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/07/21 10:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Splitter\Splitter.dll MOD - [2011/07/12 20:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AssistFunc.dll MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/10/05 09:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\pngio.dll MOD - [2010/10/05 09:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ImageHelper.dll MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\pngio.dll MOD - [2007/03/13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll MOD - [2007/02/28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/02/09 21:05:56 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV:64bit: - [2011/06/29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/11/22 15:56:12 | 000,487,096 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\ROG GameFirst\spd.exe -- (cFosSpeedS) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/25 17:04:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe -- (AsusFanControlService) SRV - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe -- (asHmComSvc) SRV - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc) SRV - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012/03/01 23:05:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012/03/01 23:04:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/01/30 19:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/04 08:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012/06/04 08:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012/06/03 10:51:58 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64) DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/02 01:12:51 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2012/03/02 00:30:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/01/18 07:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64) DRV:64bit: - [2011/12/12 05:32:04 | 000,067,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011/09/21 11:25:52 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011/09/14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/09/14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/09/14 16:43:30 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011/09/14 16:43:30 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011/08/15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/07/20 02:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/03/23 16:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/22 15:56:14 | 001,437,368 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed) DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010/02/22 16:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011/09/02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/03/08 15:34:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 A8 28 64 93 83 CD 01 [binary data] IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.nuffieldhealth.com/Individuals/Public/Timetable/?centreId=34463|http://www.overclock.net/intel-general/858750-please-help-i7-950-temps-h70.html|http://forum.corsair.com/v3/showthread.php?t=91212|http://i56.tinypic.com/2w2or3k.jpg|http://www.techpowerup.com/downloads/1872/mirrors.php|http://forum.corsair.com/forums/forumdisplay.php?f=155|http://forum.corsair.com/v3/showthread.php?t=91212|http://forum.corsair.com/v3/showthread.php?t=88888&page=2|http://i56.tinypic.com/2w2or3k.jpg|resource:///browserconfig.properties|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1|http://www.google.co.uk/finance?q=LON:JKX" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] [2012/03/02 01:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Extensions [2012/07/25 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\extensions [2012/05/31 21:48:34 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012/07/25 17:04:18 | 000,670,738 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Skype Click to Call = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [EADM] C:\Program Files (x86)\Games\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/30 21:46:47 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/30 15:21:42 | 000,000,000 | ---D | C] -- C:\aws [2012/08/30 15:19:14 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/08/30 15:15:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/08/30 15:04:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/30 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/30 15:00:42 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 12:57:17 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\RK_Quarantine [2012/08/29 22:16:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/18 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/08/15 21:39:00 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Documents\Google Sketchup [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HpUpdate [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012/08/05 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\New folder (2) [2012/08/05 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2012/08/02 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HP [2012/08/02 08:46:21 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012/08/02 08:46:21 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/30 15:25:54 | 000,782,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/30 15:25:54 | 000,666,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/30 15:25:54 | 000,126,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/30 15:23:27 | 000,000,386 | ---- | M] () -- C:\Windows\lgfwup.ini [2012/08/30 15:21:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 15:21:42 | 000,001,649 | ---- | M] () -- C:\Users\Maktone\Desktop\MySyncFolder.lnk [2012/08/30 15:21:37 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2012/08/30 15:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/30 15:21:22 | 4276,375,550 | -HS- | M] () -- C:\hiberfil.sys [2012/08/30 15:00:10 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 14:15:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | M] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | M] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/08/30 00:48:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/08/29 15:43:16 | 000,052,662 | ---- | M] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:08 | 000,074,709 | ---- | M] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:34 | 000,050,324 | ---- | M] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:50:00 | 000,095,160 | ---- | M] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:35 | 000,050,727 | ---- | M] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:19 | 000,056,240 | ---- | M] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:43:13 | 000,066,044 | ---- | M] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/25 07:52:27 | 004,480,548 | ---- | M] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/22 01:18:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/19 14:21:48 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk [2012/08/15 22:58:57 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/15 15:55:38 | 000,021,608 | ---- | M] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | M] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | M] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | M] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | M] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/08/02 08:46:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/08/02 08:46:07 | 000,001,985 | ---- | M] () -- C:\Users\Maktone\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2012/08/02 08:36:43 | 000,001,901 | ---- | M] () -- C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/30 14:10:14 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 14:10:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | C] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | C] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/29 15:43:16 | 000,052,662 | ---- | C] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:19 | 000,074,709 | ---- | C] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:24 | 000,050,324 | ---- | C] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:49:39 | 000,095,160 | ---- | C] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:21 | 000,050,727 | ---- | C] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:10 | 000,056,240 | ---- | C] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:42:59 | 000,066,044 | ---- | C] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/25 07:52:26 | 004,480,548 | ---- | C] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/15 15:55:38 | 000,021,608 | ---- | C] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:23:55 | 000,594,525 | ---- | C] () -- C:\Users\Maktone\Desktop\projectthesis2.pdf [2012/08/05 10:23:50 | 003,314,736 | ---- | C] () -- C:\Users\Maktone\Desktop\graphs.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | C] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | C] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | C] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | C] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/05/13 13:31:19 | 000,115,406 | ---- | C] () -- C:\Windows\hpgins28.dat [2012/05/13 13:31:19 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat [2012/04/27 17:48:12 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/04/27 17:48:12 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/04/06 11:56:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/04/06 11:56:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/03/08 15:45:41 | 000,007,598 | ---- | C] () -- C:\Users\Maktone\AppData\Local\Resmon.ResmonCfg [2012/03/08 14:55:20 | 000,000,386 | ---- | C] () -- C:\Windows\lgfwup.ini [2012/03/03 12:35:39 | 032,461,312 | ---- | C] () -- C:\Windows\SysWow64\Office 2010 Toolkit.exe [2012/03/03 12:35:39 | 000,000,751 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini [2012/03/02 02:40:58 | 005,472,848 | ---- | C] () -- C:\Windows\PE_File.dll [2012/03/02 02:36:15 | 005,412,720 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012/03/02 02:27:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012/03/02 01:51:30 | 000,000,632 | RHS- | C] () -- C:\Users\Maktone\ntuser.pol [2012/03/02 00:48:54 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012/03/02 00:48:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012/03/02 00:48:52 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012/03/01 23:06:11 | 000,765,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/01 23:06:07 | 000,007,594 | ---- | C] () -- C:\Windows\SysWow64\xFiMB2CfgUninstall32.ini [2012/03/01 23:06:07 | 000,005,135 | ---- | C] () -- C:\Windows\SysWow64\cfgfx.ini [2012/03/01 23:06:07 | 000,002,775 | ---- | C] () -- C:\Windows\FF08_Render_Spk.ini [2012/03/01 23:06:07 | 000,002,411 | ---- | C] () -- C:\Windows\FF08_Render_Hp.ini [2012/03/01 23:06:07 | 000,002,267 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2012/03/01 23:06:07 | 000,001,542 | ---- | C] () -- C:\Windows\FF08_Render.ini [2012/03/01 23:06:03 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/03/01 23:06:00 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/03/01 23:06:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/03/01 22:51:04 | 000,056,512 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012/03/01 22:38:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/03/01 22:38:42 | 000,040,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config ========== LOP Check ========== [2012/08/30 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\ASUS WebStorage [2012/08/30 00:46:57 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\BitComet [2012/04/06 21:37:49 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\CometPlayer [2012/03/02 00:30:33 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\DAEMON Tools Pro [2012/03/09 02:09:02 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Leadertech [2012/04/25 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\oald8 [2012/08/26 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Origin [2012/04/19 11:10:12 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\picpick [2012/08/02 08:45:50 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Samsung [2012/03/11 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\tigerplayer [2012/05/13 13:14:27 | 000,000,000 | ---D | M] -- C:\Users\Maktone\AppData\Roaming\Ulead Systems [2012/06/13 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Mala\AppData\Roaming\ASUS WebStorage [2012/06/13 18:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mala\AppData\Roaming\DAEMON Tools Pro [2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job [2012/08/30 11:28:50 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/08/02 15:23:27 | 000,015,453 | ---- | M] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,015,453 | ---- | C] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | M] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | C] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx < End of report >

OTL logfile created on: 30/08/2012 15:23:55 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.98 Gb Total Physical Memory | 13.85 Gb Available Physical Memory | 86.70% Memory free 31.95 Gb Paging File | 29.62 Gb Available in Paging File | 92.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223.56 Gb Total Space | 144.39 Gb Free Space | 64.59% Space Free | Partition Type: NTFS Drive D: | 1862.89 Gb Total Space | 1205.04 Gb Free Space | 64.69% Space Free | Partition Type: NTFS Drive F: | 7.47 Gb Total Space | 3.18 Gb Free Space | 42.59% Space Free | Partition Type: NTFS Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe PRC - [2012/08/03 10:38:54 | 000,740,736 | ---- | M] (ASUS Cloud Corporation) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/20 12:10:43 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\fwupdate.exe PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe PRC - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe PRC - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe PRC - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012/01/10 10:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Suite II.exe PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/09/19 17:17:24 | 001,119,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe PRC - [2011/09/14 16:41:58 | 000,286,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe PRC - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe PRC - [2011/09/08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2011/09/07 16:13:06 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\EPU\EPUHelp.exe PRC - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/08/24 02:13:45 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe PRC - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/18 12:40:50 | 000,839,488 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe PRC - [2011/03/18 12:40:46 | 000,377,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\Utils\Software\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Utils\Software\Asus\AI Suite II\AsRoutineController.exe PRC - [2010/11/21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010/11/08 16:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe PRC - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe PRC - [2002/03/15 22:43:00 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe ========== Modules (No Company Name) ========== MOD - [2012/07/23 15:10:28 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2012/06/13 09:21:03 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll MOD - [2012/06/13 09:17:54 | 000,335,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6fdaf4d2968973c0667f94c5bdeb0b9f\IAStorUtil.ni.dll MOD - [2012/06/13 08:50:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/13 08:50:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/13 08:50:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/18 17:49:14 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll MOD - [2012/05/17 16:25:58 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll MOD - [2012/05/17 16:25:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll MOD - [2012/05/17 16:25:56 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll MOD - [2012/05/17 16:25:56 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll MOD - [2012/05/17 16:25:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\c8c86990be4c601bba900fe50a82f829\IAStorDataMgrSvcInterfaces.ni.dll MOD - [2012/05/17 16:25:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/17 16:25:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b251e1073d227047cbbf9771cb194910\IAStorCommon.ni.dll MOD - [2012/05/17 16:21:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012/05/17 16:21:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/17 16:21:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/17 16:21:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/17 16:21:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/03/09 16:26:33 | 000,039,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll MOD - [2012/03/02 01:12:07 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMLib.dll MOD - [2011/12/28 12:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\Sensor.dll MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/10/14 21:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\TabGadget\TabGadget.dll MOD - [2011/10/13 16:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ASUS Update\Update.dll MOD - [2011/09/29 12:36:54 | 001,046,016 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Probe_II\ProbeII.dll MOD - [2011/09/26 20:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011/09/26 19:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011/09/20 19:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\BarGadget\BarGadget.dll MOD - [2011/09/19 21:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Settings\Settings.dll MOD - [2011/09/05 08:19:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll MOD - [2011/08/23 17:19:52 | 001,294,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\MyLogo\MyLogo.dll MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/07/21 10:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Splitter\Splitter.dll MOD - [2011/07/12 20:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\AssistFunc.dll MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/10/05 09:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\pngio.dll MOD - [2010/10/05 09:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\ImageHelper.dll MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Utils\Software\Asus\AI Suite II\Sensor\AlertHelper\pngio.dll MOD - [2007/03/13 16:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll MOD - [2007/02/28 18:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/02/09 21:05:56 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV:64bit: - [2011/06/29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\Utils\Internet\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/11/22 15:56:12 | 000,487,096 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\ROG GameFirst\spd.exe -- (cFosSpeedS) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/25 17:04:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Utils\Internet\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/12 17:49:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/03/02 01:12:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2012/03/02 01:12:09 | 001,430,144 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.10\AsusFanControlService.exe -- (AsusFanControlService) SRV - [2012/03/02 01:12:07 | 000,948,656 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.19\aaHMSvc.exe -- (asHmComSvc) SRV - [2012/03/02 01:12:06 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc) SRV - [2012/03/01 23:05:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012/03/01 23:05:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012/03/01 23:04:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/01/30 19:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/09/14 16:41:58 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/09/02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/08/28 12:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/04 08:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012/06/04 08:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012/06/03 10:51:58 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64) DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/02 01:12:51 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2012/03/02 00:30:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/01/18 07:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64) DRV:64bit: - [2011/12/12 05:32:04 | 000,067,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011/09/21 11:25:52 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011/09/14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/09/14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/09/14 16:43:30 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011/09/14 16:43:30 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011/08/15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/07/20 02:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/03/23 16:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/22 15:56:14 | 001,437,368 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed) DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010/02/22 16:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011/09/02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/03/08 15:34:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 A8 28 64 93 83 CD 01 [binary data] IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.nuffieldhealth.com/Individuals/Public/Timetable/?centreId=34463|http://www.overclock.net/intel-general/858750-please-help-i7-950-temps-h70.html|http://forum.corsair.com/v3/showthread.php?t=91212|http://i56.tinypic.com/2w2or3k.jpg|http://www.techpowerup.com/downloads/1872/mirrors.php|http://forum.corsair.com/forums/forumdisplay.php?f=155|http://forum.corsair.com/v3/showthread.php?t=91212|http://forum.corsair.com/v3/showthread.php?t=88888&page=2|http://i56.tinypic.com/2w2or3k.jpg|resource:///browserconfig.properties|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1|http://www.google.co.uk/finance?q=LON:JKX" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\components [2012/07/25 17:04:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins [2012/08/15 15:57:05 | 000,000,000 | ---D | M] [2012/03/02 01:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Extensions [2012/07/25 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maktone\AppData\Roaming\Mozilla\Firefox\Profiles\2h4ys8hb.default\extensions [2012/05/31 21:48:34 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012/07/25 17:04:18 | 000,670,738 | ---- | M] () (No name found) -- C:\USERS\MAKTONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H4YS8HB.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Utils\Sound\Apple\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Skype Click to Call = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\Maktone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\Utils\Software\LG\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Utils\Software\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Utils\software\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\Utils\Software\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\Utils\Software\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [EADM] C:\Program Files (x86)\Games\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Utils\Internet\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Utils\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F012702-C174-4F64-81B5-D961BB5DC573}: NameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Utils\Internet\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/08/30 12:16:22 | 000,000,100 | ---- | M] () - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ed234dcb-63e5-11e1-8a46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/30 21:46:47 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/30 15:21:42 | 000,000,000 | ---D | C] -- C:\aws [2012/08/30 15:19:14 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/08/30 15:15:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/08/30 15:04:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/30 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/30 15:00:42 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 12:57:17 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\RK_Quarantine [2012/08/29 22:16:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/18 10:56:21 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/08/18 10:56:21 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/08/18 10:56:21 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/08/18 10:56:20 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/08/18 10:56:20 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/08/18 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/08/15 22:46:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/08/15 22:46:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/08/15 22:46:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/08/15 22:46:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/08/15 22:46:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/08/15 22:46:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/08/15 22:46:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/08/15 22:46:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/08/15 22:46:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/08/15 22:46:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/08/15 22:46:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/08/15 22:46:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/08/15 22:46:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/08/15 22:43:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/08/15 22:43:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012/08/15 22:43:37 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012/08/15 22:43:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012/08/15 21:39:00 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Documents\Google Sketchup [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HpUpdate [2012/08/13 14:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012/08/05 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Maktone\Desktop\New folder (2) [2012/08/05 10:21:22 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2012/08/02 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\Maktone\AppData\Roaming\HP [2012/08/02 09:12:31 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012/08/02 08:59:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/08/02 08:59:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/08/02 08:59:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/08/02 08:59:48 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/08/02 08:59:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/08/02 08:46:21 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012/08/02 08:46:21 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/30 15:23:27 | 000,000,386 | ---- | M] () -- C:\Windows\lgfwup.ini [2012/08/30 15:21:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/30 15:21:43 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 15:21:42 | 000,001,649 | ---- | M] () -- C:\Users\Maktone\Desktop\MySyncFolder.lnk [2012/08/30 15:21:37 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2012/08/30 15:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/30 15:21:22 | 4276,375,550 | -HS- | M] () -- C:\hiberfil.sys [2012/08/30 15:01:53 | 000,782,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/30 15:01:53 | 000,666,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/30 15:01:53 | 000,126,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/30 15:00:10 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Maktone\Desktop\ComboFix.exe [2012/08/30 14:15:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/30 12:56:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Maktone\Desktop\OTL.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | M] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | M] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/08/30 00:48:44 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/08/30 00:48:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/08/29 15:43:16 | 000,052,662 | ---- | M] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:08 | 000,074,709 | ---- | M] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:34 | 000,050,324 | ---- | M] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:50:00 | 000,095,160 | ---- | M] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:35 | 000,050,727 | ---- | M] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:19 | 000,056,240 | ---- | M] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:43:13 | 000,066,044 | ---- | M] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/27 09:19:28 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/27 09:19:28 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/27 01:10:55 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/25 07:52:27 | 004,480,548 | ---- | M] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/22 01:18:18 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/19 14:21:48 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk [2012/08/18 10:56:18 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/08/18 10:56:18 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/08/18 10:56:18 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/08/18 10:56:18 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/08/18 10:56:18 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/08/15 22:58:57 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/15 15:55:38 | 000,021,608 | ---- | M] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | M] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | M] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | M] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | M] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/08/02 08:46:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/08/02 08:46:07 | 000,001,985 | ---- | M] () -- C:\Users\Maktone\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2012/08/02 08:36:43 | 000,001,901 | ---- | M] () -- C:\Users\Maktone\Desktop\Kies Air Discovery Service.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maktone\Documents\*.tmp files -> C:\Users\Maktone\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/30 14:10:14 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job [2012/08/30 14:10:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012/08/30 11:52:42 | 001,368,576 | ---- | C] () -- C:\Users\Maktone\Desktop\RogueKiller.exe [2012/08/30 11:48:52 | 000,000,000 | ---- | C] () -- C:\Users\Maktone\Desktop\FRST64_exe.4i11x2g.partial [2012/08/29 15:43:16 | 000,052,662 | ---- | C] () -- C:\Users\Maktone\Desktop\Picture 16.jpg [2012/08/29 13:12:19 | 000,074,709 | ---- | C] () -- C:\Users\Maktone\Desktop\20120405_111704.jpg [2012/08/29 12:53:24 | 000,050,324 | ---- | C] () -- C:\Users\Maktone\Documents\wa-hafa-before-and-after-plastic-surgery.jpg [2012/08/29 12:49:39 | 000,095,160 | ---- | C] () -- C:\Users\Maktone\Documents\Najwa Karam Before and After Plastic Surgery.jpg [2012/08/29 12:48:21 | 000,050,727 | ---- | C] () -- C:\Users\Maktone\Documents\Myriam Fares before Plastic Surgery.jpg [2012/08/29 12:43:10 | 000,056,240 | ---- | C] () -- C:\Users\Maktone\Documents\nancyajramwedding.jpg [2012/08/29 12:42:59 | 000,066,044 | ---- | C] () -- C:\Users\Maktone\Documents\Nancy_Ajram_before_plastic_surgery.jpg [2012/08/25 07:52:26 | 004,480,548 | ---- | C] () -- C:\Users\Maktone\Desktop\IMG00012-20100126-2329.pspimage [2012/08/15 15:55:38 | 000,021,608 | ---- | C] () -- C:\Users\Maktone\Desktop\Scholarship_application_form_December_2012.pdf [2012/08/05 10:23:55 | 000,594,525 | ---- | C] () -- C:\Users\Maktone\Desktop\projectthesis2.pdf [2012/08/05 10:23:50 | 003,314,736 | ---- | C] () -- C:\Users\Maktone\Desktop\graphs.pdf [2012/08/05 10:21:22 | 000,002,535 | ---- | C] () -- C:\Users\Maktone\Desktop\Windows 7 USB DVD Download Tool.lnk [2012/08/02 14:07:34 | 000,266,545 | ---- | C] () -- C:\Users\Maktone\Desktop\Image12.jpg [2012/08/02 14:06:17 | 000,373,703 | ---- | C] () -- C:\Users\Maktone\Desktop\Image11.jpg [2012/08/02 14:01:35 | 000,658,333 | ---- | C] () -- C:\Users\Maktone\Desktop\Image1.jpg [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/05/13 13:31:19 | 000,115,406 | ---- | C] () -- C:\Windows\hpgins28.dat [2012/05/13 13:31:19 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat [2012/04/27 17:48:12 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/04/27 17:48:12 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/04/06 11:56:42 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/04/06 11:56:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/03/08 15:45:41 | 000,007,598 | ---- | C] () -- C:\Users\Maktone\AppData\Local\Resmon.ResmonCfg [2012/03/08 14:55:20 | 000,000,386 | ---- | C] () -- C:\Windows\lgfwup.ini [2012/03/03 12:35:39 | 032,461,312 | ---- | C] () -- C:\Windows\SysWow64\Office 2010 Toolkit.exe [2012/03/03 12:35:39 | 000,000,751 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini [2012/03/02 02:40:58 | 005,472,848 | ---- | C] () -- C:\Windows\PE_File.dll [2012/03/02 02:36:15 | 005,412,720 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012/03/02 02:27:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012/03/02 01:51:30 | 000,000,632 | RHS- | C] () -- C:\Users\Maktone\ntuser.pol [2012/03/02 00:48:54 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012/03/02 00:48:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012/03/02 00:48:52 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012/03/01 23:06:11 | 000,765,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/01 23:06:07 | 000,007,594 | ---- | C] () -- C:\Windows\SysWow64\xFiMB2CfgUninstall32.ini [2012/03/01 23:06:07 | 000,005,135 | ---- | C] () -- C:\Windows\SysWow64\cfgfx.ini [2012/03/01 23:06:07 | 000,002,775 | ---- | C] () -- C:\Windows\FF08_Render_Spk.ini [2012/03/01 23:06:07 | 000,002,411 | ---- | C] () -- C:\Windows\FF08_Render_Hp.ini [2012/03/01 23:06:07 | 000,002,267 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2012/03/01 23:06:07 | 000,001,542 | ---- | C] () -- C:\Windows\FF08_Render.ini [2012/03/01 23:06:03 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/03/01 23:06:03 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/03/01 23:06:00 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/03/01 23:06:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/03/01 22:51:04 | 000,056,512 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012/03/01 22:38:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/03/01 22:38:42 | 000,040,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config ========== Files - Unicode (All) ========== [2012/08/02 15:23:27 | 000,015,453 | ---- | M] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,015,453 | ---- | C] ()(C:\Users\Maktone\Documents\Dear ??????.docx) -- C:\Users\Maktone\Documents\Dear பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | M] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx [2012/08/02 15:23:27 | 000,000,162 | -H-- | C] ()(C:\Users\Maktone\Documents\~$ar ??????.docx) -- C:\Users\Maktone\Documents\~$ar பாட்டி.docx < End of report >

OTL Extras logfile created on: 30/08/2012 12:57:40 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Maktone\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 15.98 Gb Total Physical Memory | 13.82 Gb Available Physical Memory | 86.52% Memory free 31.95 Gb Paging File | 29.59 Gb Available in Paging File | 92.60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223.56 Gb Total Space | 144.50 Gb Free Space | 64.64% Space Free | Partition Type: NTFS Drive D: | 1862.89 Gb Total Space | 1205.05 Gb Free Space | 64.69% Space Free | Partition Type: NTFS Drive F: | 7.47 Gb Total Space | 3.19 Gb Free Space | 42.65% Space Free | Partition Type: NTFS Computer Name: AZMOSIS | User Name: Maktone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2510215674-2607915592-2127655418-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Utils\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Utils\Graphics\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Utils\Graphics\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64 "{019D044A-DED9-4214-9678-03D086889DFF}" = Microsoft Visual Studio 11 Performance Collection Tools Beta - ENU "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 11 Prerequisites - ENU Language Pack "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E3579F6-A5E5-33A3-97BB-B0FB60406CDD}" = Microsoft Visual C++ 11 x64 Minimum Runtime - 11.0.50214 "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java 7 Update 5 (64-bit) "{271B7D95-0A19-406F-886B-7D7936F9BF54}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0 "{2B671A8A-5750-4682-9425-F5A5A7327775}" = Microsoft SQL Server 2012 Management Objects RC0 (x64) "{3F263601-92CC-4DA5-813A-BE6A3E94F84E}" = Microsoft System CLR Types for SQL Server 2012 RC0 (x64) "{54AC5197-9CE4-4C42-B191-16F5918479EC}" = Microsoft Web Platform Installer 4.0 "{5B4DC741-5A7C-3432-AFD8-88FEF860DEFF}" = Microsoft Visual Studio Team Foundation Server 11 Beta Storyboarding "{6413F6CE-E598-81D9-76B7-59DE02B75B67}" = Windows Software Development Kit DirectX x64 Remote "{67ED5E8A-5C76-414E-AEB7-C5826AFF04AC}" = Visual Studio 11 Prerequisites "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6D53338A-BAE2-42A3-8704-1A211CE8A505}" = Microsoft SQL Server 2012 Express LocalDB RC0 "{6DDF14AE-7577-FED9-BCCD-235E552BB557}" = Windows App Certification Kit "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6FE038A3-77AA-358E-8203-E5A806964E5B}" = Microsoft Visual C++ 11 Beta x64 Designtime - 11.0.50214 "{77E0AEEA-7217-4FE5-AA67-1830FADD8097}" = Microsoft SQL Server 2012 Data-Tier App Framework "{795AE7FA-334A-3348-A358-6F56377B8639}" = Microsoft .NET Framework 4.5 Beta "{7E77E47D-16B7-46EA-92BD-0742E6EAD7E7}" = Microsoft SQL Server 2012 Native Client RC0 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{482CB0DF-849D-479C-8CBB-F9DA6AF0F8C5}" = "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0 "{921CB21C-FB21-48C9-A62C-4A9313A03E49}" = Microsoft Visual Studio 11 Performance Collection Tools Beta "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 Beta "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95DE5EFF-251C-3029-6727-40C128DB02FE}" = Windows Software Development Kit for Metro style Apps DirectX x64 Remote "{97295B04-1596-3EDE-BC2E-DF1AD6A8C667}" = Microsoft Visual Studio 11 IntelliTrace Core amd64 "{9C24951E-1D56-3835-874D-B4998F5ACD4F}" = vs_lightswitchserverprereqsmsi "{9F95E499-93DA-41C5-8D12-6BE59C0867F6}" = Microsoft Web Deploy 3.0 "{A3559C6F-0EC4-394D-B9DD-CA728B0863A1}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{A5A8D74C-61B6-46ce-B6E7-527BDD687787}" = HP Scanjet 4800 series 9.0 "{AEAF03A5-708E-3B77-AB22-24BFFD6628ED}" = Microsoft Visual Studio Team Foundation Server 11 Beta Storyboarding Language Pack - ENU "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BDE85FB3-0E1C-3060-BD20-14E8FC5DE604}" = Microsoft Visual Studio Team Foundation Server 11 Beta Object Model Language Pack - ENU "{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit) "{C28962A1-AF7A-355D-AFD5-F8906D0971C8}" = Microsoft Visual Studio Team Foundation Server 11 Beta Object Model "{C9D3F784-B0A4-43E8-9B51-5D4FD01BCDCE}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0 "{CCEB6199-911A-37D6-941E-CA5588F9252C}" = Microsoft Visual C++ 11 x64 Additional Runtime - 11.0.50214 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{DDE5D172-4CA4-3050-AE26-6E007801ADBA}" = Microsoft Visual C++ 11 x64 Debug Runtime - 11.0.50214 "{FAF57A91-58B3-490C-9D0C-66337DAD3F11}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1 "{FAFC28FA-BB18-4F01-A40C-0CA2EE80B0DC}" = Microsoft SQL Server 2012 Command Line Utilities RC0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.58.4 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPOCR" = HP OCR Software 9.0 "MatlabR2011a" = MATLAB R2011a "Mem TweakIt_is1" = MemTweakIt 1.01.4 "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PROSetDX" = Intel® Network Connections 16.5.2.0 "ROG GameFirst" = ROG GameFirst v4.53 "WinRAR archiver" = WinRAR 4.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4 "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA "{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent "{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4 "{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM "{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup "{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01F8AB89-8953-36CA-B2D2-9277A420D253}" = Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer "{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11 "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{0E6433BF-7522-303A-B241-1E0AA09E226E}" = Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer Language Pack - ENU "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{16B1C956-EA06-4C26-8AE5-A4686804EDD7}" = Microsoft Web Deploy dbSqlPackage Provider Nov 2011 "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{177DE40F-E744-36BC-90D1-CF4790A07686}" = Microsoft Visual C++ Core Libraries 11 "{181BD097-A91A-4F59-AA85-3C01B07A5B16}" = Microsoft System CLR Types for SQL Server 2012 RC0 "{185792A6-5E5A-4825-AA78-D2459E2010F1}" = Microsoft .NET Framework 4.5 Beta SDK "{1867A9CA-17B3-8CC2-C97A-3A26D0C00F9C}" = Windows Runtime Intellisense Content - English "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1BD66FF7-3808-3726-BEDE-C9D63C82C8F4}" = Microsoft Visual Studio 11 SharePoint Developer Tools Beta "{1D2F87F3-452E-BEA7-289A-D497CA405D46}" = Windows Software Development Kit for Metro style Apps DirectX x86 Remote "{1DFFD802-349E-4756-8449-5569473824AB}" = vs_minshellcore "{1E305909-7050-4D9E-BC5E-E5B8A50FD6CC}" = Microsoft Web Tooling Extensions - Visual Studio 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FE5F23D-88B8-40B4-9B6B-2F84F3808BDC}" = SQL Server Data Framework Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20720B17-82F9-4AA8-916E-FF9674C36B12}" = Microsoft Visual Studio 11 Beta Tools for .Net 3.5 "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2797220A-918D-33AE-9736-0D8F9659EC91}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool "{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}" = IIS 7.5 Express "{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8 "{3BE6FFBC-742A-4AF0-B8C6-F0549AA21DF5}" = Microsoft SQL Server Data Tools Build Utilities Mar 2012 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3F5C2BF3-D8B6-4205-A2AD-BCB0A1E360A4}" = Microsoft Expression Encoder 4 "{3F835874-1C6A-CD11-D369-7D6D1BB15CBC}" = Windows Software Development Kit "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool "{46869DE6-AF4A-0D11-F1D5-5692D1B66289}" = Windows Software Development Kit Redistributables "{46CC4B6E-F46A-3091-BF43-BC7972BD1DEC}" = Microsoft Visual Studio 11 Professional Beta "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5A613A09-8F96-4F7E-BD71-69A89F37150D}" = hpg4850QFolder "{5C902D1A-D95A-E32B-1C2D-2B8DA8DC074E}" = LocalESPC "{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11 "{5E9D875A-B32C-4C61-9315-7314F26309C8}" = ultimate_finalizer "{606D6AB4-B985-43DD-ABA5-469EE9D66AD0}" = Microsoft Blend for Visual Studio ENU resources "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages "{64C12304-7010-43F3-A25B-BDC38DE41E46}" = Microsoft Expression Encoder 4 Screen Capture Codec "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6F187617-80E6-3D65-8FE5-85D73472EC6E}" = Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{749A9F57-C98E-41CE-AF30-FFFFF9AB260B}" = Microsoft Blend for Visual Studio "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75983112-D431-3DE7-AB7C-2A09D18BF7AC}" = Microsoft Visual Studio 11 LightSwitch Beta Core "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79701A48-EB19-E3B2-A400-5E7C0BA2DC48}" = LocalESPCui for en-us "{7977F710-8ECD-4E2A-B38E-4AF910EC02DB}" = Microsoft ASP.NET Web Pages 2 "{7DA6B630-FD96-3CC7-B9E1-14A745007AA0}" = Microsoft Visual Studio 11 IntelliTrace Core x86 "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK "{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{852647F7-061B-4BC4-B8AB-DBCF1CF7E256}" = Microsoft Visual Studio 11 Tools for SQL Server Compact 4.0 SP1 Beta ENU "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89588050-62EA-4CAB-A86D-22558460AF58}" = Microsoft ASP.NET Web Pages - Visual Studio 11 Tools "{89F922D6-E3E0-4303-AF8E-CE18412E3A18}" = Sound Blaster X-Fi MB 2 "{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel® Rapid Storage Technology enterprise "{8DC88245-5E9D-33AB-A0CA-8CBF0567D580}" = Microsoft Visual Studio 11 LightSwitch Beta CoreRes - ENU "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE4CB68-DE71-385F-B188-023E37B8101F}" = Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer Core "{905DD6C0-B6B1-4759-88A3-7132A1146927}" = Microsoft ASP.NET MVC 4 "{907FFBDC-8CFC-4C98-AFD1-BE1B6872FC1D}" = Microsoft SQL Server 2012 T-SQL Language Service RC0 "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{91C2ACC8-0AC7-3BAA-ABA3-38D6BD6E71DC}" = Microsoft Visual Studio 11 IntelliTrace Front End x86 "{9487340a-1abd-45e4-83f4-2c7fb32f9dbd}" = Microsoft Visual Studio 11 Developer Preview Language Pack - ENU "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A277769-D04C-41DC-A303-6030AD503DA4}" = vs_devenvLP "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9d5aa00c-ed4f-4a09-9d04-b517c948bc45}" = Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9EA1D36F-C482-34A0-B2C5-24FC77CFD95F}" = Microsoft Visual Studio 11 Ultimate Beta - ENU "{a0836d27-1605-4699-8ec1-db8a366e3d23}" = Microsoft Visual Studio 11 Ultimate Beta "{A436E15E-5C33-30B4-943A-9A7EFD4184D9}" = Microsoft Visual Studio 11 Premium Beta - ENU "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A8D0D986-2552-3925-8A4D-1ECB22EA94E2}" = Microsoft Visual C++ Microsoft Foundation Class Libraries 11 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A975AAA7-081E-35A1-80E1-430FDECC944A}" = Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.50214 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{ABB7A63D-EAF1-4965-BF12-933E4D8FF3E2}" = Microsoft ASP.NET MVC 3 - Visual Studio 11 Tools Update "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B95T9A00-40176-4AC6-N973-5A8AB71A09DJ}_is1" = GTA IV + EFLC version 1.5 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA11ADC7-B1E7-4BB8-B1C7-EA4080C57ABB}" = vslp_finalizer "{BB2AB72C-D8BD-3489-8F74-5C71E6BEBCE1}" = Microsoft Visual Studio 11 Professional Beta - ENU "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C34B429D-BC54-4F04-B1DB-9DE39FB07548}" = Prerequisites for SSDT RC0 "{C3B73112-EAD9-393B-8450-C3A2A7C35908}" = Microsoft Portable Library Multi-Targeting Pack "{C96C69BB-0771-4D94-8CEC-5141EA418228}" = Microsoft Visual C++ Compilers 11 "{CBAFC269-7D4B-4E00-9CB0-E6FF2AA81412}" = Microsoft ASP.NET MVC 4 - Visual Studio 11 Tools "{CC1AC03A-6251-4263-A415-EF69F08E83DB}" = Microsoft SQL Server 2012 Management Objects RC0 "{CC1D409D-1E7D-42BE-BD67-73BC2C47C68C}" = vs_devenv "{CC77E110-0ACB-4E15-9A92-6AEB96DA8C06}" = hpg4850 "{CD450A78-9CC9-3D82-88C3-3A36344DCAEB}" = Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer enu Resources "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D24E110A-CEDA-3170-A02B-6BB408B6E650}" = Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D31700E2-428B-4A1F-8A6E-1A38DD53F9B7}" = Visual Studio Extensions for Windows Library for JavaScript "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D994F3E5-94D6-40E3-83A3-35DEDCAD973F}" = vs_minshellinterop "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{dbf56337-7459-4a20-9a7f-1d39bde9b436}" = Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool "{DBF9E65D-5045-45DB-AF46-8990C3DE42D6}" = Microsoft Report Viewer Add-On for Visual Studio 11 - Beta "{DC50D000-D49D-5729-82CB-C429A7EC5AEF}" = Windows Software Development Kit DirectX x86 Remote "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3 "{E043568C-1745-4C69-9D52-43F6E79EB03B}" = Joulemeter "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E287CD67-9542-4B20-A091-6BA114861DB2}" = WCF RIA Services V1.0 SP2 "{E28E9456-8B0C-382B-9DF0-AB98868760F4}" = Microsoft Visual Studio 11 Premium Beta "{E3B82F29-A209-7006-5652-3B91D08BC6FE}" = Windows Software Development Kit for Metro style Apps "{E3FFF274-0139-3EAE-A00D-36045E3F6C20}" = Microsoft Visual C++ Extended Libraries 11 "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E655093E-93CB-4477-84F2-97A964D55834}" = Microsoft Visual C++ Compilers 11 - ENU Resources "{E6D3DA87-8062-3FDB-B588-C6C7D5A2D9DD}" = Microsoft Visual C++ 11 x86 Minimum Runtime - 11.0.50214 "{E71191F2-3B9E-447C-9999-C71556F10089}" = vs_minshellres "{E7BEEE1A-9219-49DA-BD22-34D401A9B708}" = Microsoft SQL Server 2012 Data-Tier App Framework "{E7FD1122-5B27-3636-834D-A709BDAF28C8}" = Microsoft Help Viewer 2.0 Beta "{EAD78496-2A02-457A-8564-878006F5433C}" = Microsoft® SQL Server Data Tools, RC0 - enu "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EC986FBE-0EB0-3347-9A7D-F0F54424B29B}" = Microsoft Visual Studio 11 Ultimate Beta "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F8D8BD82-168D-31DD-9A07-C365A7A84F07}" = Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.50214 "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FD082E9B-8FF6-4328-AAFA-1B730CD83957}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 11 Tools "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "{FF88D506-0CB0-4609-8022-C0C974D5D7E1}" = VitalSource Bookshelf "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "ASUS WebStorage" = ASUS WebStorage "ASUS_ROG_THEME" = ASUS_ROG_THEME "Battlelog Web Plugins" = Battlelog Web Plugins "BitComet_x64" = BitComet 1.31 64-bit "Blend_5.0.30129.0" = Microsoft Blend for Visual Studio "DAEMON Tools Pro" = DAEMON Tools Pro "Encoder_4.0.4276.0" = Microsoft Expression Encoder 4 "ESN Sonar-0.70.4" = ESN Sonar "GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight "Google Chrome" = Google Chrome "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft Help Viewer 2.0 Beta" = Microsoft Help Viewer 2.0 Beta "Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "MpcStar" = MpcStar 5.4 "NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office Password Recovery Magic_is1" = Office Password Recovery Magic v6.1.1.190 "Origin" = Origin "PicPick" = PicPick "PrtScr_is1" = PrtScr 1.5 "QUICKfind" = QUICKfind server v1.1 "Rockstar Games Social Club" = Rockstar Games Social Club "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30/08/2012 07:29:23 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0017b461 Faulting process id: 0x2bc Faulting application start time: 0x01cd86a2b4484379 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: f1f4ce59-f295-11e1-a700-5404a648b35c Error - 30/08/2012 07:30:23 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0129b461 Faulting process id: 0x127c Faulting application start time: 0x01cd86a2d819e579 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: 15c67059-f296-11e1-a700-5404a648b35c Error - 30/08/2012 07:31:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0013b461 Faulting process id: 0x15e4 Faulting application start time: 0x01cd86a2fc9540c5 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: 3a41cba5-f296-11e1-a700-5404a648b35c Error - 30/08/2012 07:32:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0037b461 Faulting process id: 0x1474 Faulting application start time: 0x01cd86a3206abf0f Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: 5e1749ef-f296-11e1-a700-5404a648b35c Error - 30/08/2012 07:33:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0018b461 Faulting process id: 0xbac Faulting application start time: 0x01cd86a34445dad8 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: 81f265b8-f296-11e1-a700-5404a648b35c Error - 30/08/2012 07:34:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0139b461 Faulting process id: 0x530 Faulting application start time: 0x01cd86a3681bd238 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: a5c85d18-f296-11e1-a700-5404a648b35c Error - 30/08/2012 07:35:24 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0139b461 Faulting process id: 0x1464 Faulting application start time: 0x01cd86a38bf42af8 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: c9a0b5d8-f296-11e1-a700-5404a648b35c Error - 30/08/2012 07:36:25 | Computer Name = AzMoSiS | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0139b461 Faulting process id: 0xe50 Faulting application start time: 0x01cd86a3afc5dc9a Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: ed72677a-f296-11e1-a700-5404a648b35c Error - 30/08/2012 07:50:15 | Computer Name = AzMoSiS | Source = WinMgmt | ID = 10 Description = Error - 30/08/2012 07:56:46 | Computer Name = AzMoSiS | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. [ System Events ] Error - 03/06/2012 06:02:33 | Computer Name = AzMoSiS | Source = BugCheck | ID = 1001 Description = Error - 03/06/2012 06:03:16 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001 Description = Error - 07/06/2012 19:49:54 | Computer Name = AzMoSiS | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291 Description = SAM failed to start the TCP/IP or SPX/IPX listening thread Error - 07/06/2012 19:49:54 | Computer Name = AzMoSiS | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1115 Error - 07/06/2012 19:49:54 | Computer Name = AzMoSiS | Source = Service Control Manager | ID = 7023 Description = The Server service terminated with the following error: %%1062 Error - 10/06/2012 11:49:12 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001 Description = Error - 13/06/2012 04:29:18 | Computer Name = AzMoSiS | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 17/06/2012 13:20:28 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001 Description = Error - 23/06/2012 04:06:19 | Computer Name = AzMoSiS | Source = DCOM | ID = 10010 Description = Error - 25/06/2012 04:54:43 | Computer Name = AzMoSiS | Source = DCOM | ID = 10001 Description = < End of report >

These? Extras.Txt OTL.Txt

still not working. Im in safe mode with networking. There seems to be a folder called combo. When I click it I can see my hard drive and my computer??

There is a folder in my C directory called combofix

hey maniac, I installed combo I tried it 3 times. It self extracts, but there is no combo text file or sscan or anything

Database version: v2012.08.30.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Maktone :: AZMOSIS [administrator] Protection: Enabled 30/08/2012 14:36:26 mbam-log-2012-08-30 (14-46-45).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 572785 Time elapsed: 10 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken. C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55\U\000000cb.@ (Rootkit.0Access) -> No action taken. C:\$Recycle.Bin\S-1-5-18\$75fd18f078ff224ff0b054fd39c44f55\U\80000032.@ (Rootkit.0Access) -> No action taken. (end)

updated it and scanning again

Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.08.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Maktone :: AZMOSIS [administrator] Protection: Enabled 08/03/2012 14:48:33 mbam-log-2012-03-08 (14-48-33).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 172455 Time elapsed: 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

I activated the internet and malware picked it up

I did quick scan and full scan nothing showed up