Sign in to follow this  
Followers 0
kijell

PUP.BitMiner Removal

24 posts in this topic

Hi,

My laptop was recently infected and I can't remove this file after running Malwarebytes a number of times. Can someone help me in removing this? Thanks

Here's the log from my latest mb run:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 912080410

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/5/2012 12:36:17 PM

mbam-log-2012-08-05 (12-36-11).txt

Scan type: Quick scan

Objects scanned: 226819

Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\64784 (Trojan.Agent) -> Value: 64784 -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Frederic\AppData\Local\Temp\qxwkxquos.exe (PUP.BitMiner) -> No action taken.

mbam-log-2012-08-05 (12-36-11).txt

Share this post


Link to post
Share on other sites

Hello kijell! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your Malwarebytes' Anti-Malware database and program versions are very old. Please uninstall it, reboot your PC, download the latest version from here:

http://www.malwarebytes.org/mbam-download.php

Next, install the latest version.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Share this post


Link to post
Share on other sites

Hi Maniac,

Thank you so much for taking the time to help me. Here's the log from the latest Malwarebytes run:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.05.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Frederic :: FREDERIC-PC [administrator]

8/5/2012 9:13:44 PM

mbam-log-2012-08-05 (21-13-44).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227315

Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 9

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CLSID\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440144134417} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\Interface\{55555555-5555-5555-5555-550155135517} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0011317.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111131117} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|64784 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mscyqeqz.com -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 10

C:\Users\Frederic\AppData\Local\Temp\ksqbdwvnq.exe (PUP.BitMiner) -> Quarantined and deleted successfully.

C:\Users\Frederic\AppData\Local\Temp\niuehvbti.exe (PUP.BitMiner) -> Quarantined and deleted successfully.

C:\Users\Frederic\AppData\Local\Temp\oclkjuaow.exe (PUP.BitMiner) -> Quarantined and deleted successfully.

C:\Users\Frederic\AppData\Local\Temp\qftqhsdsv.exe (PUP.BitMiner) -> Quarantined and deleted successfully.

C:\Users\Frederic\AppData\Local\Temp\raurvcenb.exe (PUP.BitMiner) -> Quarantined and deleted successfully.

C:\Users\Frederic\AppData\Local\Temp\tvlucsqqo.exe (PUP.BitMiner) -> Quarantined and deleted successfully.

C:\Users\Frederic\C_XAud.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

C:\Users\Frederic\Downloads\SoftonicDownloader_for_bitcomet.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.

C:\ProgramData\Local Settings\Temp\mscyqeqz.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Rss light+\Rss light+.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OTL.txt:

OTL logfile created on: 8/5/2012 9:38:47 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 75.71% Memory free

11.58 Gb Paging File | 10.06 Gb Available in Paging File | 86.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 21.20 Gb Free Space | 14.22% Space Free | Partition Type: NTFS

Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 21:36:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frederic\Downloads\OTL.exe

PRC - [2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe

PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/11 06:07:16 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2010/11/20 20:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe

PRC - [2010/11/20 20:17:34 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\runonce.exe

PRC - [2010/11/20 20:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe

PRC - [2010/10/08 01:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2010/10/01 07:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

PRC - [2010/08/18 06:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2010/05/12 16:47:18 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

PRC - [2009/11/03 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/08/01 02:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2009/06/20 02:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2008/12/23 09:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe

MOD - [2011/08/13 22:14:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll

MOD - [2011/08/13 00:45:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll

MOD - [2011/08/13 00:44:37 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll

MOD - [2011/08/13 00:44:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll

MOD - [2011/08/13 00:44:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll

MOD - [2011/08/13 00:44:09 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll

MOD - [2011/08/13 00:43:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll

MOD - [2011/08/13 00:43:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll

MOD - [2011/08/13 00:43:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll

MOD - [2011/08/13 00:43:45 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll

MOD - [2011/06/28 12:53:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MOD - [2010/10/01 07:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll

MOD - [2010/10/01 07:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll

MOD - [2010/10/01 07:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll

MOD - [2010/10/01 07:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll

MOD - [2009/11/03 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/03 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/09 17:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)

SRV:64bit: - [2010/10/01 02:50:30 | 000,377,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/23 19:56:42 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV:64bit: - [2010/02/23 19:56:40 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)

SRV:64bit: - [2009/08/07 06:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/07/25 15:46:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/19 21:57:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/11 08:59:46 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)

SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/12/28 16:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)

SRV - [2009/12/16 02:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011/05/10 23:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/11 06:07:11 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)

DRV:64bit: - [2010/12/15 19:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)

DRV:64bit: - [2010/12/15 19:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)

DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 17:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/05 23:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/12 09:49:15 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)

DRV:64bit: - [2010/09/23 16:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/08 19:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/08/26 10:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/07/31 01:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)

DRV:64bit: - [2010/07/31 01:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)

DRV:64bit: - [2010/07/31 01:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)

DRV:64bit: - [2010/04/16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)

DRV:64bit: - [2010/03/02 16:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/02/26 16:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/23 19:57:30 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/02/03 06:38:29 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/01/18 17:45:49 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/08/20 10:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2009/08/18 16:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2009/08/07 06:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/07/20 17:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)

DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)

DRV:64bit: - [2009/06/19 04:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)

DRV:64bit: - [2009/06/11 04:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/19 04:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/14 01:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2008/05/24 09:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2007/04/24 09:33:30 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125obex.sys -- (s125obex)

DRV:64bit: - [2007/04/24 09:33:28 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mgmt.sys -- (s125mgmt)

DRV:64bit: - [2007/04/24 09:33:26 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdm.sys -- (s125mdm)

DRV:64bit: - [2007/04/24 09:33:24 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdfl.sys -- (s125mdfl)

DRV:64bit: - [2007/04/24 09:33:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125bus.sys -- (s125bus)

DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3128

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Frederic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 21:57:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/10 18:27:43 | 000,000,000 | ---D | M]

[2012/02/06 18:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Extensions

[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

[2012/08/05 16:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions

[2012/07/26 23:20:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/06/13 15:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/08/05 16:09:32 | 000,000,000 | ---D | M] ("Rss light+") -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com

[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\OneClickDownload@OneClickDownload.com

[2012/02/06 18:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/19 21:57:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2011/11/03 14:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/06/18 22:17:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/18 22:17:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/09 20:19:23 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()

O4 - HKLM..\Run: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [bitComet] C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [egkepxcackaofrwsjvh] C:\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe ()

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Facebook Update] C:\Users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [GarenaMessenger] C:\Program Files (x86)\Garena Messenger\GarenaMessenger.exe ()

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [steam] C:\Program Files (x86)\steam\Steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKLM..\RunOnceEx: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()

O4 - HKLM..\RunOnceEx: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKLM..\RunServices: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()

O4 - HKLM..\RunServices: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunServices: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKLM..\RunServicesOnce: [A-1124404718] C:\Users\makul!\AppData\Roaming\A-1124404718.exe ()

O4 - HKLM..\RunServicesOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunServicesOnce: [A-1457317536] C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O4 - Startup: C:\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe ()

O4 - Startup: C:\Users\makul!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64784 = C:\PROGRA~3\LOCALS~1\Temp\mscyqeqz.com

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Sony Corporation = C:\Users\Frederic\AppData\Roaming\BBC32A.exe ()

O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: A-1457317536 = C:\Users\Frederic\AppData\Roaming\A-1457317536.exe ()

O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)

O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.us.lawson.com/vdesk/terminal/urxvpn.cab#version=6031,2010,1215,1100 (F5 Networks VPN Manager)

O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.us.lawson.com/vdesk/terminal/f5tunsrv.cab#version=6031,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.us.lawson.com/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.us.lawson.com/vdesk/terminal/urxshost.cab#version=6031,2010,617,2010 (F5 Networks SuperHost Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lawson.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.us.lawson.com/vdesk/terminal/urxhost.cab#version=6031,2010,902,806 (F5 Networks Host Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.106.6.2 124.106.5.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317CE8A7-C426-43D2-A325-7A67AE47DF9C}: DhcpNameServer = 124.106.7.2 124.106.5.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D06F4B4-3C96-4D55-AD83-0194A44274B3}: DhcpNameServer = 124.106.6.2 124.106.5.2

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 21:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/05 21:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/04 20:37:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/04 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Local\Rss light+

[2012/08/04 19:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rss light+

[2012/08/04 19:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings

[2012/07/25 15:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger

[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\Garena

[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Garena

[2012/07/13 23:15:12 | 000,000,000 | ---D | C] -- C:\Users\Frederic\Desktop\Lawson Work

[2012/07/12 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\LolClient

[2012/07/09 23:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaLoLPH

[2008/08/12 13:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 21:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/05 21:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/05 21:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/05 21:23:41 | 370,438,143 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/05 21:23:07 | 000,007,997 | ---- | M] () -- C:\Windows\uedit32.INI

[2012/08/05 21:11:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/05 21:01:36 | 000,002,376 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini

[2012/08/05 20:54:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/05 19:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job

[2012/08/05 19:35:30 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/05 19:35:30 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/05 19:35:30 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/05 19:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job

[2012/08/05 19:25:28 | 000,415,744 | -HS- | M] () -- C:\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe

[2012/08/05 17:00:23 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2012/08/05 16:58:09 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job

[2012/08/05 13:00:22 | 000,000,057 | ---- | M] () -- C:\Users\Frederic\Desktop\malwarebytes error log

[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe

[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe

[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe

[2012/08/04 19:54:43 | 000,084,480 | RHS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe

[2012/08/04 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job

[2012/07/25 17:03:16 | 000,001,280 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini

[2012/07/25 15:46:34 | 000,001,163 | ---- | M] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012/07/25 15:46:34 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk

[2012/07/09 23:48:34 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk

[2012/07/09 20:19:23 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/07/09 20:19:20 | 000,002,004 | -H-- | M] () -- C:\Users\Frederic\Documents\Default.rdp

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 21:11:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/05 16:11:39 | 000,084,480 | RHS- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe

[2012/08/05 13:00:22 | 000,000,057 | ---- | C] () -- C:\Users\Frederic\Desktop\malwarebytes error log

[2012/08/05 12:25:34 | 000,084,480 | RHS- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe

[2012/08/04 19:55:19 | 000,415,744 | -HS- | C] () -- C:\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe

[2012/08/04 19:54:46 | 000,084,480 | RHS- | C] () -- C:\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe

[2012/08/04 19:54:46 | 000,084,480 | RHS- | C] () -- C:\Users\Frederic\AppData\Roaming\A-1457317536.exe

[2012/07/25 15:46:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/25 15:46:34 | 000,001,163 | ---- | C] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012/07/25 15:46:34 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk

[2012/07/09 23:48:34 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk

[2012/02/26 12:35:26 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/01/25 01:17:31 | 000,000,859 | ---- | C] () -- C:\Windows\SysWow64\dsth.dll

[2011/09/12 09:52:20 | 000,007,997 | ---- | C] () -- C:\Windows\uedit32.INI

[2011/08/24 11:32:20 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/22 12:04:18 | 000,066,560 | -HS- | C] () -- C:\Users\Frederic\AppData\Roaming\BBC32A.exe

[2011/06/10 13:37:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/06/08 12:50:50 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/06/06 09:12:45 | 000,045,286 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room_v3.dat

[2011/05/25 05:15:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/05/22 07:40:53 | 000,046,742 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room.dat

[2011/03/11 05:45:59 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/08/26 10:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010/08/26 10:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2009/04/09 02:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008/05/23 00:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2011/05/22 07:23:51 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Asus WebStorage

[2012/08/05 17:01:31 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\BitComet

[2011/09/20 00:25:31 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\calibre

[2012/07/14 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Garena

[2012/08/05 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\GarenaPlus

[2012/07/09 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\ICAClient

[2012/07/12 16:43:46 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\LolClient

[2011/06/22 09:00:03 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Nuance

[2011/12/31 12:16:28 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Red Kawa

[2011/07/30 12:25:17 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Rovio

[2011/08/02 08:39:18 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\webex

[2011/06/22 08:59:57 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Zeon

[2011/10/27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Asus WebStorage

[2011/10/27 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Azureus

[2012/04/10 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Babylon

[2012/07/31 22:19:29 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\BitComet

[2011/09/03 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\EeeStorageUploader

[2012/05/28 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\FreeFLVConverter

[2012/08/05 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\GarenaPlus

[2012/01/10 12:54:10 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\ICAClient

[2012/07/19 13:44:52 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient

[2012/07/09 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient2

[2011/09/03 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Nuance

[2012/06/07 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Red Kawa

[2012/07/02 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\uTorrent

[2011/09/02 15:13:48 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Zeon

[2012/08/05 16:58:09 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job

[2012/08/05 19:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job

[2012/08/04 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job

[2012/08/05 19:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job

[2012/07/17 00:11:49 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >

Share this post


Link to post
Share on other sites

Extras.txt:

OTL Extras logfile created on: 8/5/2012 9:38:47 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 75.71% Memory free

11.58 Gb Paging File | 10.06 Gb Available in Paging File | 86.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 21.20 Gb Free Space | 14.22% Space Free | Partition Type: NTFS

Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.ini[@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.txt[@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.ini [@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.js [@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.txt [@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Classes\<extension>]

.html [@ = UltraEdit.html] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0278D9CB-D036-44CF-8E6D-7B4B100E9667}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0538B564-5127-46A9-94D7-77AFFB86E0E8}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |

"{0BC7CEBF-6E2F-4C8C-8706-0437D2093F62}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher |

"{1D04DF2C-E736-4093-ABA1-89D267D14630}" = lport=10243 | protocol=6 | dir=in | app=system |

"{1E463E93-0714-47F2-9838-9EC46DDCC007}" = lport=138 | protocol=17 | dir=in | app=system |

"{20E463CA-7A04-4A18-BDBB-B4A7D4349F1C}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher |

"{21F33C60-2F5B-47C8-BD55-2BE048DE3310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{2285F530-F51C-4D6E-9F8C-BF563BCF664E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25C0152E-F521-4CCD-8806-9D99534D7D78}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |

"{2BB67282-E137-4B3E-A4A1-DC592BC6C746}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{2C947C06-1A64-4BA5-9863-6A6AC518A910}" = rport=139 | protocol=6 | dir=out | app=system |

"{32ED7A88-93FE-46DD-A0B1-8F95FF4FC507}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher |

"{37698B20-94DF-4C7A-BE22-B7B4035710A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{44354155-405C-43C8-98AE-6FBC7CA4D2D0}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary |

"{474978C2-4791-4571-92CE-35370DB96830}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |

"{494C07F8-C6CB-4073-BFA3-7B89BC461335}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |

"{4AECF141-7A48-4ACA-B586-51824BE28711}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |

"{4BB73345-3E66-4C3A-9BC3-1D76466B09BB}" = lport=445 | protocol=6 | dir=in | app=system |

"{54DB8F9A-302F-4DAC-B629-0F20F4A54366}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |

"{623D80ED-57C6-4A18-8B96-93814B19403C}" = lport=14808 | protocol=17 | dir=in | name=bitcomet 14808 udp |

"{62CA730A-1688-4305-9941-AEF163056F97}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher |

"{66D6EABD-289F-4522-AAEC-B39B55976412}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |

"{671A9F52-60FA-4ED0-B0E2-5C9EC2637734}" = lport=14808 | protocol=6 | dir=in | name=bitcomet 14808 tcp |

"{67325282-95B9-46F5-BBC1-9E83932F71E6}" = lport=10016 | protocol=6 | dir=in | name=bitcomet 10016 tcp |

"{79F481E6-DBF9-4ED4-99B9-17E7676238F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7B30BE7C-CCA6-4278-8D5E-E995AC06C1A1}" = rport=138 | protocol=17 | dir=out | app=system |

"{81804EA6-DFF4-40B1-A99B-E2FCC259E2CD}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |

"{854E5576-C158-4F67-873D-E342FF3C6E82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{881AA1B1-7CB4-4A5F-8B9F-3627EE4C3641}" = lport=49512 | protocol=6 | dir=in | name=akamai netsession interface |

"{8884301F-9C49-49D8-BCC7-500AB0B9BC2C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{8C4C2E38-61F5-4C70-B0B0-66482AFBB205}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |

"{8DA0C703-09C3-43A3-BE29-B307E35051B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{969982B8-3796-43C7-9865-CD87D0CF9B8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{9703A5F5-9200-40CC-A4F2-7950D7184C86}" = rport=445 | protocol=6 | dir=out | app=system |

"{9728F914-6807-43F0-A1BA-158086FED5F3}" = rport=137 | protocol=17 | dir=out | app=system |

"{97E48405-148B-440C-BBE0-C30E9DB8E451}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9AB599B5-4575-4522-8358-764968A0B026}" = lport=139 | protocol=6 | dir=in | app=system |

"{9F81548A-32C3-427F-803E-498B177059D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{A30E8EA1-51A7-41F3-9A5F-1729C7EE6150}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A3608652-DB2E-4DF6-9508-5C8CE9CBFBBD}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |

"{A483C50F-FB6B-4348-8F41-BAE9353C4647}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary |

"{A83E6831-A700-4F0B-952E-E3B56A17BFDE}" = lport=137 | protocol=17 | dir=in | app=system |

"{ADDFEBA3-1BC5-480F-A48A-0CC6AB3A192B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{AE51A8C6-0364-4561-BDE6-9F822130FACD}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |

"{B4922B80-EABD-4D7A-93D9-40A30B72EE6D}" = lport=10016 | protocol=17 | dir=in | name=bitcomet 10016 udp |

"{C8AF9F15-5A84-4178-A6B2-6EF953837C27}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |

"{DA5467E2-A50A-44BE-86BD-25C85B53BB0E}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |

"{EA29555C-1A89-4FFB-8FC6-A3D9B1C1A195}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EE5B1D3F-5AC3-4ADD-BAA9-51E111E7E881}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EE9D61F6-19A9-4768-BE5B-93B75029DDD1}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |

"{FC6C003E-CD6A-44C3-B067-FD9C3C90A84A}" = rport=10243 | protocol=6 | dir=out | app=system |

"{FDB205E3-19FF-499B-A1D6-81FD458AB024}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{005EAA30-1811-42DD-B785-67ECF28E73BA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{0773BB79-6BC7-48ED-8249-EA612C9EE042}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{0809DC6F-7105-4AF1-AFBD-299792A6195A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{08A9F208-02FD-4B41-BAEB-85B1F66CD113}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0FC4F261-FDD4-44F1-91F4-DB0CF137C83D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{15F48B2D-8C02-420B-9405-CB83F221D9D5}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |

"{1E626A91-B6EC-4B90-9390-5CED841241F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{1F094CA0-6838-482F-9219-4EB3FF648D34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{27E8DE1C-9EFB-4232-9190-E442A09254DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{28E33026-8C05-4C56-8CBA-7DCF7CB7ABC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{29BC6AA8-7E8F-423A-B268-E0BA8BB20758}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2B9E2BF7-FBF6-4759-8D68-DE0FE462930C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{30AEA214-7275-4847-970A-690998DB5F21}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |

"{33A9F0DC-20DB-4891-9558-2A2A4392B7A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3948DB04-6174-4429-A3AF-195179C35ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{3AFA9B32-952C-44CF-B9FB-FFB159A871BA}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |

"{3B7639B6-B453-480B-A4B7-BAF149C3B32A}" = protocol=6 | dir=out | app=system |

"{4340B6DE-DDB9-4392-A755-70EEADFA4C4C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |

"{4C23F040-829E-4F3E-83D9-0C837C156446}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{510D41D3-2DE9-4C52-B174-00C87FE40DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{57166C5E-65D0-430B-959F-E0A6A415F504}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{59590024-55E8-4B08-8CD8-B0EB9D0C95B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

"{5A00E03A-945D-451E-9403-D8FE495B154A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5A553D5F-4E9C-4FB2-9DBC-1A8E9ED602A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{5D31210A-7473-42AE-8BB7-A017C25032AF}" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |

"{662D15C0-FABF-4272-80A3-5A1AC91EE9A7}" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |

"{6886475C-A1C6-46B9-B537-BA35F68F4D8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{69DD0F98-A500-4030-9D43-875135A79C53}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6C519AB9-90E3-495B-BB8F-BE0D6BB4EAA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6CB3BC69-0AB7-4E3F-8C49-79FD5EF58252}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{6CF6FE2A-BE68-4F14-8318-34167D8B0358}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |

"{6FA96DBB-5D49-48AD-90B1-7334FDE0B7AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{766833A3-B4E2-45BC-B990-1A0C24BCDE45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{7714A37C-1347-4704-B256-961505BBD189}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |

"{79AFD2F0-E22B-4811-ABDD-8611A9D4557C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{8A06A20F-A529-44A2-859E-9D15D2C67A95}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8A3EA3A1-E52F-439C-9F59-3E7D698D3277}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |

"{8C0F984D-0D6F-47B8-902E-4C41C50AC346}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8D98F047-5F3D-4B5D-B1FC-326FB7AB1792}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{915FF07A-AA21-4D99-886B-3D58D98100DB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |

"{919AD1D9-F1D5-473C-82A7-8219FA726BA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{98AF1A64-4E56-4DA7-B11F-E606EE0CFFF8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{9E9B5E2B-0F4F-40FF-BD53-D09DE8730898}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{A0B5E78A-6D1C-4013-97ED-F623EEE0DA08}" = dir=in | app=c:\users\frederic\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{A6ACEBB1-5606-4480-A4B7-C9F3347FE1E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A73E6B4C-97BF-4380-8A72-4FA8EE4B4F04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B02F95B5-78B9-4C34-9523-2CCE92A55EC0}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |

"{B2F653EF-59A9-425A-A41A-01B8E53095E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B4413CF2-3031-4AAF-8BA7-73C4EC35C450}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BCC8A061-38C3-4C89-B7FA-BC54E0952117}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C19BBA4C-F58D-4838-943C-1740B29316ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{C1D27827-5BBA-4689-BE69-FAD4FCB51B4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{C6B3FE2F-FF3F-4CC9-9F05-EC351EC84760}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D2B89B07-1E93-485E-8927-BB022CC73A6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D3BF642E-3854-48C8-9D8A-DA35F864AE50}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

"{DF3FDEDA-2F0D-4211-BA5B-2DA1EFBAAE94}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |

"{E0CE7AFB-DE2B-4E34-8872-1BC00B6D9E44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{E749F3A3-D270-4C27-BB8B-5DCA00E2D3B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F9C7D739-DE27-46D5-AB21-B7DC5B49D5FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FBD28769-85CD-4294-A2BB-FCA549CA4DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{FCDE0A56-58AF-41D2-8D76-FF9B7363BAC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{17A5C34C-B1A8-440B-97E3-114B9AC1CCD1}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |

"TCP Query User{21F49C04-B277-4428-BC7F-76518AC17EB2}C:\users\makul!\downloads\honinstaller.exe" = protocol=6 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |

"TCP Query User{2C4A63C7-9C0B-47CC-A3C1-74D2853A020F}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

"TCP Query User{4B3FCB01-285C-4606-9BC5-7DF773EC7709}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

"TCP Query User{65D829DC-1169-4277-8827-76F381F6DEE5}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"TCP Query User{80A86514-76C9-4665-93F3-A9258CADACC8}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |

"TCP Query User{8343F9A8-4574-4CF5-B283-E213690F9971}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"TCP Query User{9488429B-DBB5-4672-BD2C-7DEC2D302772}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{F787F72D-BFF9-45C4-8FAB-9BB73E114C53}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"UDP Query User{254B9A00-C996-4509-8181-2352ECDCF1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{606CCBF6-FACD-4277-9426-C76242D66F97}C:\users\makul!\downloads\honinstaller.exe" = protocol=17 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |

"UDP Query User{7A772ED6-85BA-47B9-BBEB-E05F31F8B897}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |

"UDP Query User{7AA0BEAD-5B05-4052-80BF-7EE26BF15A5A}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"UDP Query User{8348A68B-92B5-4170-82DF-267615F9D415}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"UDP Query User{919D2FA5-2C42-42E7-B74B-95F06C2B492A}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |

"UDP Query User{AD4C89C5-6DE5-4E0E-B29A-AA0632440376}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

"UDP Query User{BDB03DEB-EDC7-4AAD-A97F-8986DA7ED84C}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"UDP Query User{F21D8272-CDFF-4796-89A8-6A56E491F199}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL

"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common

"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger

"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer

"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)

"{51B83C3B-4D5D-490A-87E0-12B497DA941B}" = calibre

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh

"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources

"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail

"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack

"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix online plug-in (PNA)

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic

"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2

"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix online plug-in (SSON)

"{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Content Manager Assistant for PlayStation®

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)

"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager

"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1ClickDownload" = 1ClickDownloader

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Akamai" = Akamai NetSession Interface Service

"Asus Vibe2.0" = AsusVibe2.0

"ASUS WebStorage" = ASUS WebStorage

"AviSynth" = AviSynth 2.5

"BitComet" = BitComet 1.30

"CCleaner" = CCleaner

"CitrixOnlinePluginFull" = Citrix online plug-in

"Diablo III" = Diablo III

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"Garena" = Garena 2010

"Google Chrome" = Google Chrome

"HoN" = Garena - Heroes of Newerth

"iLivid" = iLivid

"im" = Garena Messenger

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN

"LoLPH" = Garena - League of Legends PH

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Network MagicUninstall" = Network Magic

"Rss light+" = Rss light+

"Steam App 570" = Dota 2

"Videora iPod touch Converter" = Videora iPod touch Converter 5.04

"VISPRO" = Microsoft Office Visio Professional 2007

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WinZip Self-Extractor" = WinZip Self-Extractor

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/5/2012 4:11:29 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: FBAgent.exe, version: 1.0.7.0, time stamp:

0x4ca3faac Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:

0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process

id: 0x488 Faulting application start time: 0x01cd72e1bc11dee2 Faulting application

path: C:\Windows\system32\FBAgent.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 2830d09e-ded5-11e1-ae24-463500000031

Error - 8/5/2012 4:11:42 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/5/2012 5:08:19 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:

0x1354 Faulting application start time: 0x01cd72e909ed73cd Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: 191057f9-dedd-11e1-b262-463500000031

Error - 8/5/2012 5:49:57 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:

0x1660 Faulting application start time: 0x01cd72efa4ad23a8 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: ea0225fa-dee2-11e1-b262-463500000031

Error - 8/5/2012 5:50:13 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:

0xd28 Faulting application start time: 0x01cd72e9df3b60b7 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: f366fdb5-dee2-11e1-b262-463500000031

Error - 8/5/2012 5:50:26 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:

0x10d0 Faulting application start time: 0x01cd72efb7d9055e Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: fae9402a-dee2-11e1-b262-463500000031

Error - 8/5/2012 5:50:48 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:

0x980 Faulting application start time: 0x01cd72efc525e8c9 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: 087b6906-dee3-11e1-b262-463500000031

Error - 8/5/2012 5:51:01 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x8bc48be8 Faulting process id:

0xc64 Faulting application start time: 0x01cd72efccd58d37 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: 102ae856-dee3-11e1-b262-463500000031

Error - 8/5/2012 5:51:39 AM | Computer Name = Frederic-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: jscript9.dll, version: 9.0.8112.16434,

time stamp: 0x4e28e66c Exception code: 0xc0000005 Fault offset: 0x0004c153 Faulting

process id: 0xcb8 Faulting application start time: 0x01cd72efb8de9252 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\jscript9.dll Report Id: 2661c65f-dee3-11e1-b262-463500000031

Error - 8/5/2012 9:04:22 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ System Events ]

Error - 8/5/2012 4:06:58 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 8/5/2012 4:06:58 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 8/5/2012 4:07:40 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10005

Description =

Error - 8/5/2012 4:10:11 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/5/2012 4:11:30 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7034

Description = The AFBAgent service terminated unexpectedly. It has done this 1

time(s).

Error - 8/5/2012 4:59:59 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/5/2012 8:56:40 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/5/2012 9:06:46 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10010

Description =

Error - 8/5/2012 9:07:22 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/5/2012 9:23:48 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

< End of report >

Share this post


Link to post
Share on other sites

Thanks! :)

Please uninstall the following applications:

BitComet 1.30

SweetIM Toolbar for Internet Explorer 4.2

SweetIM for Messenger 3.6

Then:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

Thanks for the reply. Sorry it took me so long to reply. Here's the log from ComboFix:

ComboFix 12-08-05.02 - Frederic 08/06/2012 22:31:41.2.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5932.4733 [GMT 8:00]

Running from: c:\users\Frederic\Downloads\ComboFix.exe

AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\default\us_sres.data

c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini

c:\program files (x86)\Common Files\ASPG_icon.ico

c:\program files (x86)\intellidownload\gunzip.exe

c:\programdata\FullRemove.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe

c:\users\Frederic\AppData\Roaming\A-1457317536.exe

c:\users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe

c:\users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome.manifest

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\background.html

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\browser.xul

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\crossrider.js

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\crossriderapi.js

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\dialog.js

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\options.js

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\options.xul

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\search_dialog.xul

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\chrome\content\update.html

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\defaults\preferences\prefs.js

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\install.rdf

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\locale\en-US\translations.dtd

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button1.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button2.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button3.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button4.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\button5.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\crossrider_statusbar.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon128.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon16.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon24.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\icon48.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\panelarrow-up.png

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\popup.css

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\popup.html

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\popup_binding.xml

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\skin.css

c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\crossriderapp11317@crossrider.com\skin\update.css

c:\users\makul!\AppData\Roaming\A-1124404718.exe

c:\users\makul!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe

c:\windows\msvcr71.dll

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))

.

.

2012-08-06 14:40 . 2012-08-06 14:40 -------- d-----w- c:\users\makul!\AppData\Local\temp

2012-08-06 14:40 . 2012-08-06 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-04 12:41 . 2012-08-06 14:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C96EA9C9-350D-45F6-834D-00E8F5C87A56}\offreg.dll

2012-08-04 12:37 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-08-04 12:37 . 2012-08-06 09:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-04 12:37 . 2010-12-20 10:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 11:55 . 2012-08-04 11:55 -------- d-----w- c:\users\Frederic\AppData\Local\Rss light+

2012-08-04 11:55 . 2012-08-06 09:31 -------- d-----w- c:\program files (x86)\Rss light+

2012-08-04 11:54 . 2012-08-06 09:30 -------- d-----w- c:\programdata\Local Settings

2012-07-25 07:46 . 2012-07-25 07:46 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-19 05:44 . 2012-07-19 05:44 -------- d-----w- c:\users\makul!\AppData\Roaming\LolClient

2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\users\Frederic\AppData\Roaming\Garena

2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\programdata\Garena

2012-07-12 08:43 . 2012-07-12 08:43 -------- d-----w- c:\users\Frederic\AppData\Roaming\LolClient

2012-07-09 15:49 . 2012-07-09 15:49 -------- d-----w- c:\users\makul!\AppData\Local\LoLPHLauncher

2012-07-09 15:44 . 2012-07-09 15:49 -------- d-----w- c:\program files (x86)\GarenaLoLPH

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-06 10:05 . 2012-01-22 10:46 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-07-25 07:46 . 2011-06-24 02:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110111131117}]

2012-07-28 03:37 484864 ----a-w- c:\program files (x86)\Rss light+\Rss light+.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2011-08-24 10:21 1299248 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GarenaMessenger"="c:\program files (x86)\Garena Messenger\GarenaMessenger.exe" [2012-07-31 7123320]

"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2011-11-11 11292464]

"Facebook Update"="c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Steam"="c:\program files (x86)\steam\Steam.exe" [2012-08-04 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-07 472112]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"64784"="c:\progra~3\LOCALS~1\Temp\mscyqeqz.com" [2009-07-14 35840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-11 548528]

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-11 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-3-11 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-09-30 377264]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]

R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 257696]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-12-15 18512]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-10-12 131552]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-12-15 41424]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 07:46]

.

2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job

- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]

.

2012-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job

- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]

.

2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job

- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]

.

2012-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job

- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://home.sweetim.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=127.0.0.1:3128

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 124.106.6.2 124.106.5.2

FF - ProfilePath - c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- File Associations -------

.

.txt=UltraEdit.txt

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Messenger (Yahoo!) - ~c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe

Wow6432Node-HKCU-Run-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe

Wow6432Node-HKCU-Run-egkepxcackaofrwsjvh - c:\users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe

Wow6432Node-HKCU-RunServices-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe

Wow6432Node-HKCU-RunServicesOnce-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe

Wow6432Node-HKLM-Run-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe

Wow6432Node-HKLM-Run-A-1124404718 - c:\users\makul!\AppData\Roaming\A-1124404718.exe

Wow6432Node-HKLM-RunOnce-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe

Wow6432Node-HKLM-RunServicesOnce-A-1457317536 - c:\users\Frederic\AppData\Roaming\A-1457317536.exe

Wow6432Node-HKLM-RunServicesOnce-A-1124404718 - c:\users\makul!\AppData\Roaming\A-1124404718.exe

Toolbar-Locked - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-06 22:42:59

ComboFix-quarantined-files.txt 2012-08-06 14:42

.

Pre-Run: 24,330,379,264 bytes free

Post-Run: 23,625,838,592 bytes free

.

- - End Of File - - E9AAE2EC0D0DB5FA3A71702DD081273C

Share this post


Link to post
Share on other sites

We have some progress.

Please open www.virustotal.com and upload this file:

c:\program files (x86)\Rss light+\Rss light+.dll

Wait until scan finished and then copy/paste the URL in your next reply.

Share this post


Link to post
Share on other sites

Thanks!

Why you have not yet uninstalled applications from step 1 of my previous instructions?

Share this post


Link to post
Share on other sites

Hi, I was sure I uninstalled it last time. Should I scan it again on the website after I uninstall it?

Share this post


Link to post
Share on other sites

My brother did a system restore without asking me. Should I start all over again?

Share this post


Link to post
Share on other sites

Here's the log from Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.07.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Frederic :: FREDERIC-PC [administrator]

8/8/2012 1:07:38 PM

mbam-log-2012-08-08 (13-07-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218455

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

from OTL.txt:

OTL logfile created on: 8/8/2012 1:11:22 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 70.17% Memory free

11.58 Gb Paging File | 9.64 Gb Available in Paging File | 83.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 16.41 Gb Free Space | 11.01% Space Free | Partition Type: NTFS

Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 19:15:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frederic\Downloads\OTL.exe

PRC - [2012/07/19 21:57:00 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/01/26 19:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

PRC - [2012/01/26 19:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/11 06:07:16 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2010/10/08 06:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010/10/08 01:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2010/10/01 07:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

PRC - [2010/09/24 08:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

PRC - [2010/08/18 06:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

PRC - [2010/05/12 16:47:18 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

PRC - [2009/11/03 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/08/01 02:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2009/07/07 06:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2009/06/25 04:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

PRC - [2009/06/20 02:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009/06/20 02:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2008/12/23 09:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/19 21:57:00 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/13 22:14:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll

MOD - [2011/08/13 00:45:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll

MOD - [2011/08/13 00:44:37 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll

MOD - [2011/08/13 00:44:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll

MOD - [2011/08/13 00:44:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll

MOD - [2011/08/13 00:44:09 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll

MOD - [2011/08/13 00:43:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll

MOD - [2011/08/13 00:43:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll

MOD - [2011/08/13 00:43:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll

MOD - [2011/08/13 00:43:45 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll

MOD - [2011/06/28 12:53:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MOD - [2010/10/01 07:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll

MOD - [2010/10/01 07:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll

MOD - [2010/10/01 07:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll

MOD - [2010/10/01 07:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll

MOD - [2010/09/24 08:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

MOD - [2009/11/03 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/03 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll

MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/09 17:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)

SRV:64bit: - [2010/10/01 02:50:30 | 000,377,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/23 19:56:42 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV:64bit: - [2010/02/23 19:56:40 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)

SRV:64bit: - [2009/08/07 06:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/07/25 15:46:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/19 21:57:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/11 08:59:46 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)

SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/12/16 02:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/03/31 18:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011/05/10 23:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/11 06:07:11 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)

DRV:64bit: - [2010/12/15 19:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)

DRV:64bit: - [2010/12/15 19:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)

DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 17:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/05 23:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/12 09:49:15 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)

DRV:64bit: - [2010/09/23 16:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/08 19:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/08/26 10:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/07/31 01:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)

DRV:64bit: - [2010/07/31 01:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)

DRV:64bit: - [2010/07/31 01:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)

DRV:64bit: - [2010/04/16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)

DRV:64bit: - [2010/03/02 16:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/02/26 16:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/23 19:57:30 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/02/03 06:38:29 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/01/18 17:45:49 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/08/20 10:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2009/08/18 16:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2009/08/07 06:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/07/20 17:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)

DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)

DRV:64bit: - [2009/06/19 04:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)

DRV:64bit: - [2009/06/11 04:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/19 04:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/14 01:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2008/05/24 09:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2007/04/24 09:33:30 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125obex.sys -- (s125obex)

DRV:64bit: - [2007/04/24 09:33:28 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mgmt.sys -- (s125mgmt)

DRV:64bit: - [2007/04/24 09:33:26 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdm.sys -- (s125mdm)

DRV:64bit: - [2007/04/24 09:33:24 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdfl.sys -- (s125mdfl)

DRV:64bit: - [2007/04/24 09:33:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125bus.sys -- (s125bus)

DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.ChatVibes.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-336362651-376967259-4120296813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3128

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Frederic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 21:57:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/10 18:27:43 | 000,000,000 | ---D | M]

[2012/02/06 18:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Extensions

[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

[2012/07/26 23:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions

[2012/07/26 23:20:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/06/13 15:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/07/06 23:03:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\extensions\OneClickDownload@OneClickDownload.com

[2012/02/06 18:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/19 21:57:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2011/11/03 14:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/06/18 22:17:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/18 22:17:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/08 12:43:36 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [bitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray File not found

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Facebook Update] C:\Users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [GarenaMessenger] C:\Program Files (x86)\Garena Messenger\GarenaMessenger.exe ()

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\Run: [steam] C:\Program Files (x86)\steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-336362651-376967259-4120296813-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.us.lawson.com/vdesk/terminal/urxvpn.cab#version=6031,2010,1215,1100 (F5 Networks VPN Manager)

O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.us.lawson.com/vdesk/terminal/f5tunsrv.cab#version=6031,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.us.lawson.com/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.us.lawson.com/vdesk/terminal/urxshost.cab#version=6031,2010,617,2010 (F5 Networks SuperHost Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lawson.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.us.lawson.com/vdesk/terminal/urxhost.cab#version=6031,2010,902,806 (F5 Networks Host Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317CE8A7-C426-43D2-A325-7A67AE47DF9C}: DhcpNameServer = 124.106.7.2 124.106.5.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D06F4B4-3C96-4D55-AD83-0194A44274B3}: DhcpNameServer = 124.106.6.2 124.106.5.2

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 20:00:18 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Local\LoLPHLauncher

[2012/08/07 19:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/07 19:14:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/06 22:43:00 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/06 22:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/06 09:50:16 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/08/04 20:37:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2012/08/04 20:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/04 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Local\Rss light+

[2012/08/04 19:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rss light+

[2012/08/04 19:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings

[2012/07/25 15:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger

[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\Garena

[2012/07/14 13:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Garena

[2012/07/13 23:15:12 | 000,000,000 | ---D | C] -- C:\Users\Frederic\Desktop\Lawson Work

[2012/07/12 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Frederic\AppData\Roaming\LolClient

[2012/07/09 23:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaLoLPH

[2008/08/12 13:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 12:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/08 12:44:13 | 000,002,004 | -H-- | M] () -- C:\Users\Frederic\Documents\Default.rdp

[2012/08/08 12:43:36 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/08 12:41:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/08 12:41:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/08 12:35:00 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2012/08/08 12:34:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/08 12:34:22 | 370,438,143 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/07 22:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job

[2012/08/07 22:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job

[2012/08/07 20:23:48 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk

[2012/08/07 20:13:30 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/07 20:13:30 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/07 20:13:30 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/07 19:14:45 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/05 13:00:22 | 000,000,057 | ---- | M] () -- C:\Users\Frederic\Desktop\malwarebytes error log

[2012/07/27 16:33:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job

[2012/07/25 17:03:16 | 000,001,280 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini

[2012/07/25 15:46:34 | 000,001,163 | ---- | M] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012/07/25 15:46:34 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk

[2012/07/23 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job

[2012/07/09 20:19:23 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/07 20:23:48 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk

[2012/08/07 20:18:19 | 1809,004,211 | ---- | C] () -- C:\Users\Frederic\Desktop\LoLPH_Install_120613v2.exe

[2012/08/07 19:14:45 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/05 13:00:22 | 000,000,057 | ---- | C] () -- C:\Users\Frederic\Desktop\malwarebytes error log

[2012/07/25 15:46:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/25 15:46:34 | 000,001,163 | ---- | C] () -- C:\Users\Frederic\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012/07/25 15:46:34 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk

[2012/02/26 12:35:26 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/01/25 01:17:31 | 000,000,859 | ---- | C] () -- C:\Windows\SysWow64\dsth.dll

[2011/09/12 09:52:20 | 000,008,049 | ---- | C] () -- C:\Windows\uedit32.INI

[2011/08/24 11:32:20 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/10 13:37:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/06/08 12:50:50 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/06/06 09:12:45 | 000,045,286 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room_v3.dat

[2011/05/25 05:15:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/05/22 07:40:53 | 000,046,742 | ---- | C] () -- C:\Users\Frederic\AppData\Roaming\room.dat

[2011/03/11 05:45:59 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/08/26 10:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010/08/26 10:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2009/04/09 02:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008/05/23 00:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2011/05/22 07:23:51 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Asus WebStorage

[2012/08/07 19:06:38 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\BitComet

[2011/09/20 00:25:31 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\calibre

[2012/07/14 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Garena

[2012/08/07 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\GarenaPlus

[2012/07/09 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\ICAClient

[2012/07/12 16:43:46 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\LolClient

[2011/06/22 09:00:03 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Nuance

[2011/12/31 12:16:28 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Red Kawa

[2011/07/30 12:25:17 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Rovio

[2011/08/02 08:39:18 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\webex

[2011/06/22 08:59:57 | 000,000,000 | ---D | M] -- C:\Users\Frederic\AppData\Roaming\Zeon

[2011/10/27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Asus WebStorage

[2011/10/27 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Azureus

[2012/04/10 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Babylon

[2012/08/07 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\BitComet

[2011/09/03 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\EeeStorageUploader

[2012/05/28 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\FreeFLVConverter

[2012/08/07 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\GarenaPlus

[2012/01/10 12:54:10 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\ICAClient

[2012/07/19 13:44:52 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient

[2012/07/09 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\LolClient2

[2011/09/03 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Nuance

[2012/06/07 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Red Kawa

[2012/07/02 18:54:24 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\uTorrent

[2011/09/02 15:13:48 | 000,000,000 | ---D | M] -- C:\Users\makul!\AppData\Roaming\Zeon

[2012/07/27 16:33:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job

[2012/08/07 22:33:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job

[2012/07/23 13:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job

[2012/08/07 22:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job

[2012/07/17 00:11:49 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >

Share this post


Link to post
Share on other sites

from Extras,txt:

OTL Extras logfile created on: 8/8/2012 1:11:22 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Frederic\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 70.17% Memory free

11.58 Gb Paging File | 9.64 Gb Available in Paging File | 83.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 16.41 Gb Free Space | 11.01% Space Free | Partition Type: NTFS

Drive D: | 425.64 Gb Total Space | 270.82 Gb Free Space | 63.63% Space Free | Partition Type: NTFS

Computer Name: FREDERIC-PC | User Name: Frederic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.ini[@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.txt[@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = UltraEdit.html] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.ini [@ = UltraEdit.ini] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.js [@ = UltraEdit.js] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

.txt [@ = UltraEdit.txt] -- C:\Users\Frederic\Desktop\Ultra\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-336362651-376967259-4120296813-1000\SOFTWARE\Classes\<extension>]

.html [@ = UltraEdit.html] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0278D9CB-D036-44CF-8E6D-7B4B100E9667}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1D04DF2C-E736-4093-ABA1-89D267D14630}" = lport=10243 | protocol=6 | dir=in | app=system |

"{1E463E93-0714-47F2-9838-9EC46DDCC007}" = lport=138 | protocol=17 | dir=in | app=system |

"{21F33C60-2F5B-47C8-BD55-2BE048DE3310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{2285F530-F51C-4D6E-9F8C-BF563BCF664E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25C0152E-F521-4CCD-8806-9D99534D7D78}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |

"{2BB67282-E137-4B3E-A4A1-DC592BC6C746}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{2C947C06-1A64-4BA5-9863-6A6AC518A910}" = rport=139 | protocol=6 | dir=out | app=system |

"{37698B20-94DF-4C7A-BE22-B7B4035710A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{44354155-405C-43C8-98AE-6FBC7CA4D2D0}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary |

"{46DC7C4C-EB4B-4E58-8BD9-E26CFD219942}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{474978C2-4791-4571-92CE-35370DB96830}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |

"{496064B3-77B7-4DFD-98C5-D1CB4471F199}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |

"{4BB73345-3E66-4C3A-9BC3-1D76466B09BB}" = lport=445 | protocol=6 | dir=in | app=system |

"{54DB8F9A-302F-4DAC-B629-0F20F4A54366}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |

"{623D80ED-57C6-4A18-8B96-93814B19403C}" = lport=14808 | protocol=17 | dir=in | name=bitcomet 14808 udp |

"{66D6EABD-289F-4522-AAEC-B39B55976412}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |

"{670946BB-5AB6-48EE-B86C-C4E9ED449F32}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |

"{671A9F52-60FA-4ED0-B0E2-5C9EC2637734}" = lport=14808 | protocol=6 | dir=in | name=bitcomet 14808 tcp |

"{67325282-95B9-46F5-BBC1-9E83932F71E6}" = lport=10016 | protocol=6 | dir=in | name=bitcomet 10016 tcp |

"{79F481E6-DBF9-4ED4-99B9-17E7676238F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7B30BE7C-CCA6-4278-8D5E-E995AC06C1A1}" = rport=138 | protocol=17 | dir=out | app=system |

"{81804EA6-DFF4-40B1-A99B-E2FCC259E2CD}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |

"{854E5576-C158-4F67-873D-E342FF3C6E82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{881AA1B1-7CB4-4A5F-8B9F-3627EE4C3641}" = lport=49512 | protocol=6 | dir=in | name=akamai netsession interface |

"{8884301F-9C49-49D8-BCC7-500AB0B9BC2C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{8DA0C703-09C3-43A3-BE29-B307E35051B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{969982B8-3796-43C7-9865-CD87D0CF9B8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{9703A5F5-9200-40CC-A4F2-7950D7184C86}" = rport=445 | protocol=6 | dir=out | app=system |

"{9728F914-6807-43F0-A1BA-158086FED5F3}" = rport=137 | protocol=17 | dir=out | app=system |

"{97E48405-148B-440C-BBE0-C30E9DB8E451}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9AB599B5-4575-4522-8358-764968A0B026}" = lport=139 | protocol=6 | dir=in | app=system |

"{9BD9F6AF-EDED-4099-839C-45BEC0FFF568}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |

"{9F81548A-32C3-427F-803E-498B177059D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{A30E8EA1-51A7-41F3-9A5F-1729C7EE6150}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A3608652-DB2E-4DF6-9508-5C8CE9CBFBBD}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |

"{A483C50F-FB6B-4348-8F41-BAE9353C4647}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary |

"{A83E6831-A700-4F0B-952E-E3B56A17BFDE}" = lport=137 | protocol=17 | dir=in | app=system |

"{ADDFEBA3-1BC5-480F-A48A-0CC6AB3A192B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{B4922B80-EABD-4D7A-93D9-40A30B72EE6D}" = lport=10016 | protocol=17 | dir=in | name=bitcomet 10016 udp |

"{B97EA06F-57E9-409C-93E1-15F15354F34C}" = lport=53242 | protocol=6 | dir=in | name=akamai netsession interface |

"{C8AF9F15-5A84-4178-A6B2-6EF953837C27}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |

"{DA5467E2-A50A-44BE-86BD-25C85B53BB0E}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |

"{E8576B01-3336-432D-86FC-668354A76DED}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |

"{EA29555C-1A89-4FFB-8FC6-A3D9B1C1A195}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EE5B1D3F-5AC3-4ADD-BAA9-51E111E7E881}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FC6C003E-CD6A-44C3-B067-FD9C3C90A84A}" = rport=10243 | protocol=6 | dir=out | app=system |

"{FDB205E3-19FF-499B-A1D6-81FD458AB024}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{005EAA30-1811-42DD-B785-67ECF28E73BA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{0773BB79-6BC7-48ED-8249-EA612C9EE042}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{0809DC6F-7105-4AF1-AFBD-299792A6195A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{08A9F208-02FD-4B41-BAEB-85B1F66CD113}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0FC4F261-FDD4-44F1-91F4-DB0CF137C83D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{1338B30E-93FC-40F3-A845-F6C321A553C4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |

"{15F48B2D-8C02-420B-9405-CB83F221D9D5}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |

"{1E626A91-B6EC-4B90-9390-5CED841241F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{1F094CA0-6838-482F-9219-4EB3FF648D34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{27E8DE1C-9EFB-4232-9190-E442A09254DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{28E33026-8C05-4C56-8CBA-7DCF7CB7ABC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{29BC6AA8-7E8F-423A-B268-E0BA8BB20758}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2B9E2BF7-FBF6-4759-8D68-DE0FE462930C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{30AEA214-7275-4847-970A-690998DB5F21}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |

"{33A9F0DC-20DB-4891-9558-2A2A4392B7A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3948DB04-6174-4429-A3AF-195179C35ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{3AFA9B32-952C-44CF-B9FB-FFB159A871BA}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\game\league of legends.exe |

"{3B7639B6-B453-480B-A4B7-BAF149C3B32A}" = protocol=6 | dir=out | app=system |

"{4C23F040-829E-4F3E-83D9-0C837C156446}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{510D41D3-2DE9-4C52-B174-00C87FE40DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{57166C5E-65D0-430B-959F-E0A6A415F504}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{59590024-55E8-4B08-8CD8-B0EB9D0C95B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

"{5A00E03A-945D-451E-9403-D8FE495B154A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5A553D5F-4E9C-4FB2-9DBC-1A8E9ED602A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{5D31210A-7473-42AE-8BB7-A017C25032AF}" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |

"{662D15C0-FABF-4272-80A3-5A1AC91EE9A7}" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\akamai\netsession_win.exe |

"{6886475C-A1C6-46B9-B537-BA35F68F4D8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{69DD0F98-A500-4030-9D43-875135A79C53}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6C519AB9-90E3-495B-BB8F-BE0D6BB4EAA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6CB3BC69-0AB7-4E3F-8C49-79FD5EF58252}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{6CF6FE2A-BE68-4F14-8318-34167D8B0358}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |

"{6FA96DBB-5D49-48AD-90B1-7334FDE0B7AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{766833A3-B4E2-45BC-B990-1A0C24BCDE45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{7714A37C-1347-4704-B256-961505BBD189}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalolph\gamedata\apps\lolph\air\lolclient.exe |

"{79AFD2F0-E22B-4811-ABDD-8611A9D4557C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{854A2081-3582-4D4E-A2B8-2E4CC861B9E6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |

"{8A06A20F-A529-44A2-859E-9D15D2C67A95}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8A3EA3A1-E52F-439C-9F59-3E7D698D3277}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |

"{8C0F984D-0D6F-47B8-902E-4C41C50AC346}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8D98F047-5F3D-4B5D-B1FC-326FB7AB1792}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{919AD1D9-F1D5-473C-82A7-8219FA726BA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{98AF1A64-4E56-4DA7-B11F-E606EE0CFFF8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{9E9B5E2B-0F4F-40FF-BD53-D09DE8730898}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{A0B5E78A-6D1C-4013-97ED-F623EEE0DA08}" = dir=in | app=c:\users\frederic\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{A6ACEBB1-5606-4480-A4B7-C9F3347FE1E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A73E6B4C-97BF-4380-8A72-4FA8EE4B4F04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B02F95B5-78B9-4C34-9523-2CCE92A55EC0}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |

"{B2F653EF-59A9-425A-A41A-01B8E53095E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B4413CF2-3031-4AAF-8BA7-73C4EC35C450}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BCC8A061-38C3-4C89-B7FA-BC54E0952117}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C19BBA4C-F58D-4838-943C-1740B29316ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{C1D27827-5BBA-4689-BE69-FAD4FCB51B4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{C6B3FE2F-FF3F-4CC9-9F05-EC351EC84760}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D2B89B07-1E93-485E-8927-BB022CC73A6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D3BF642E-3854-48C8-9D8A-DA35F864AE50}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

"{DF3FDEDA-2F0D-4211-BA5B-2DA1EFBAAE94}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |

"{E0CE7AFB-DE2B-4E34-8872-1BC00B6D9E44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{E749F3A3-D270-4C27-BB8B-5DCA00E2D3B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F9C7D739-DE27-46D5-AB21-B7DC5B49D5FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FBD28769-85CD-4294-A2BB-FCA549CA4DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{FCDE0A56-58AF-41D2-8D76-FF9B7363BAC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{17A5C34C-B1A8-440B-97E3-114B9AC1CCD1}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |

"TCP Query User{21F49C04-B277-4428-BC7F-76518AC17EB2}C:\users\makul!\downloads\honinstaller.exe" = protocol=6 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |

"TCP Query User{2C4A63C7-9C0B-47CC-A3C1-74D2853A020F}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

"TCP Query User{4B3FCB01-285C-4606-9BC5-7DF773EC7709}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

"TCP Query User{65D829DC-1169-4277-8827-76F381F6DEE5}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"TCP Query User{80A86514-76C9-4665-93F3-A9258CADACC8}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |

"TCP Query User{8343F9A8-4574-4CF5-B283-E213690F9971}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"TCP Query User{9488429B-DBB5-4672-BD2C-7DEC2D302772}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{F787F72D-BFF9-45C4-8FAB-9BB73E114C53}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"UDP Query User{254B9A00-C996-4509-8181-2352ECDCF1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{606CCBF6-FACD-4277-9426-C76242D66F97}C:\users\makul!\downloads\honinstaller.exe" = protocol=17 | dir=in | app=c:\users\makul!\downloads\honinstaller.exe |

"UDP Query User{7A772ED6-85BA-47B9-BBEB-E05F31F8B897}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |

"UDP Query User{7AA0BEAD-5B05-4052-80BF-7EE26BF15A5A}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"UDP Query User{8348A68B-92B5-4170-82DF-267615F9D415}C:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\makul!\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"UDP Query User{919D2FA5-2C42-42E7-B74B-95F06C2B492A}C:\program files (x86)\garena messenger\apps\hon\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\hon\hon.exe |

"UDP Query User{AD4C89C5-6DE5-4E0E-B29A-AA0632440376}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

"UDP Query User{BDB03DEB-EDC7-4AAD-A97F-8986DA7ED84C}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |

"UDP Query User{F21D8272-CDFF-4796-89A8-6A56E491F199}C:\users\frederic\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\frederic\desktop\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL

"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common

"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger

"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer

"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)

"{51B83C3B-4D5D-490A-87E0-12B497DA941B}" = calibre

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh

"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources

"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail

"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack

"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix online plug-in (PNA)

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic

"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix online plug-in (SSON)

"{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Content Manager Assistant for PlayStation®

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)

"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager

"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1ClickDownload" = 1ClickDownloader

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Akamai" = Akamai NetSession Interface Service

"Asus Vibe2.0" = AsusVibe2.0

"ASUS WebStorage" = ASUS WebStorage

"AviSynth" = AviSynth 2.5

"CCleaner" = CCleaner

"CitrixOnlinePluginFull" = Citrix online plug-in

"Diablo III" = Diablo III

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"Garena" = Garena 2010

"Google Chrome" = Google Chrome

"HoN" = Garena - Heroes of Newerth

"iLivid" = iLivid

"im" = Garena Messenger

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN

"LoLPH" = Garena - League of Legends PH

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Network MagicUninstall" = Network Magic

"Steam App 570" = Dota 2

"Videora iPod touch Converter" = Videora iPod touch Converter 5.04

"VISPRO" = Microsoft Office Visio Professional 2007

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WinZip Self-Extractor" = WinZip Self-Extractor

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/7/2012 5:27:27 AM | Computer Name = Frederic-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\trend micro\internet

security\component\framework\200\UfUpdUi.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/7/2012 5:27:48 AM | Computer Name = Frederic-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/7/2012 7:08:55 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-RestartManager | ID = 10006

Description = Application or service 'Yahoo! Messenger Tray' could not be shut down.

Error - 8/7/2012 7:08:55 AM | Computer Name = Frederic-PC | Source = Microsoft-Windows-RestartManager | ID = 10006

Description = Application or service 'CyberLink MediaLibray Service' could not be

shut down.

Error - 8/7/2012 7:12:23 AM | Computer Name = Frederic-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Frederic\Downloads\SoftonicDownloader_for_bitcomet.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 8/7/2012 10:59:47 PM | Computer Name = Frederic-PC | Source = Google Update | ID = 20

Description =

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 10:59:59 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 8/7/2012 11:00:04 PM | Computer Name = Frederic-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ System Events ]

Error - 8/7/2012 6:52:00 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 8/7/2012 6:52:00 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 8/7/2012 6:52:01 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10005

Description =

Error - 8/7/2012 6:54:27 AM | Computer Name = Frederic-PC | Source = DCOM | ID = 10005

Description =

Error - 8/7/2012 7:02:04 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/7/2012 7:19:48 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/7/2012 10:59:00 PM | Computer Name = Frederic-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 11:21:26 PM on ?8/?7/?2012 was unexpected.

Error - 8/7/2012 10:59:00 PM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/8/2012 12:34:27 AM | Computer Name = Frederic-PC | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 8/8/2012 12:43:02 AM | Computer Name = Frederic-PC | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{9B9C7278-23A5-4B56-A5C6-B0F5D40A45A1}

because another computer on the network has the same name. The server could not

start.

< End of report >

Share this post


Link to post
Share on other sites

Combofix log:

ComboFix 12-08-07.05 - Frederic 08/08/2012 13:21:09.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5932.4041 [GMT 8:00]

Running from: c:\users\Frederic\Downloads\ComboFix.exe

AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\default\us_sres.data

c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini

c:\program files (x86)\Common Files\ASPG_icon.ico

c:\program files (x86)\intellidownload\gunzip.exe

c:\programdata\FullRemove.exe

c:\windows\msvcr71.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))

.

.

2012-08-07 12:00 . 2012-08-07 12:00 -------- d-----w- c:\users\Frederic\AppData\Local\LoLPHLauncher

2012-08-07 11:14 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 12:37 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-08-04 12:37 . 2012-08-07 11:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-04 11:55 . 2012-08-04 11:55 -------- d-----w- c:\users\Frederic\AppData\Local\Rss light+

2012-08-04 11:55 . 2012-08-07 11:00 -------- d-----w- c:\program files (x86)\Rss light+

2012-08-04 11:54 . 2012-08-06 09:30 -------- d-----w- c:\programdata\Local Settings

2012-07-25 07:46 . 2012-07-25 07:46 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-19 05:44 . 2012-07-19 05:44 -------- d-----w- c:\users\makul!\AppData\Roaming\LolClient

2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\users\Frederic\AppData\Roaming\Garena

2012-07-14 05:58 . 2012-07-14 05:58 -------- d-----w- c:\programdata\Garena

2012-07-12 08:43 . 2012-07-12 08:43 -------- d-----w- c:\users\Frederic\AppData\Roaming\LolClient

2012-07-09 15:49 . 2012-07-09 15:49 -------- d-----w- c:\users\makul!\AppData\Local\LoLPHLauncher

2012-07-09 15:44 . 2012-08-07 12:19 -------- d-----w- c:\program files (x86)\GarenaLoLPH

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-08 04:35 . 2012-01-22 10:46 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-07-25 07:46 . 2011-06-24 02:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GarenaMessenger"="c:\program files (x86)\Garena Messenger\GarenaMessenger.exe" [2012-07-31 7123320]

"Facebook Update"="c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Steam"="c:\program files (x86)\steam\Steam.exe" [2012-08-07 1353080]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-07 472112]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-11 548528]

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-11 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-3-11 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 257696]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]

R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-12-15 18512]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-09-30 377264]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-10-12 131552]

S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-12-15 41424]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 07:46]

.

2012-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000Core.job

- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]

.

2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1000UA.job

- c:\users\Frederic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 08:28]

.

2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003Core.job

- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]

.

2012-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-336362651-376967259-4120296813-1003UA.job

- c:\users\makul!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-05 05:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://search.ChatVibes.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=127.0.0.1:3128

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 124.106.6.2 124.106.5.2

FF - ProfilePath - c:\users\Frederic\AppData\Roaming\Mozilla\Firefox\Profiles\g414blkg.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- File Associations -------

.

.txt=UltraEdit.txt

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-BitComet - c:\program files (x86)\BitComet\BitComet.exe

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe

c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe

.

**************************************************************************

.

Completion time: 2012-08-08 13:35:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-08 05:35

ComboFix2.txt 2012-08-06 14:42

.

Pre-Run: 17,505,796,096 bytes free

Post-Run: 18,578,669,568 bytes free

.

- - End Of File - - B7894A3331591AF4BAAC8347C1584B03

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Hi, here's the log from the ESET scan:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2653dd0c3178544abaa66cd02f4788eb

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-08 02:50:16

# local_time=2012-08-08 10:50:16 (+0800, Malay Peninsula Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=513 16777085 100 97 2995 77512684 0 0

# compatibility_mode=5893 16776573 100 94 11295085 96064118 0 0

# compatibility_mode=8192 67108863 100 0 34354315 34354315 0 0

# scanned=182912

# found=20

# cleaned=20

# scan_time=3147

C:\Program Files (x86)\1ClickDownload\1ClickSettingsManager.exe Win32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\1ClickDownload\ocmainpack.exe Win32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\intellidownload\torrent.exe Win32/BundleInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\Frederic\AppData\Roaming\A-1457317536.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\Frederic\AppData\Roaming\egkepxcackaofrwsjvh.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\Frederic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1457317536.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\makul!\AppData\Roaming\A-1124404718.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\makul!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-1124404718.exe.vir a variant of Win32/Kryptik.AJKM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Frederic\Desktop\Fred\Softwares\avi2video_install.exe Win32/Adware.MarketScore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Frederic\Downloads\Veronica_Roth_-_Divergent_Trilogy_(Book_1_&_2_-_.exe Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\cnet2_free-flv-to-psp-converter_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\cnet2_nokia-c3-video-converter-5_3_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\hotelier_korean_drama_eng_sub_download.2010.mov_downloader.exe Win32/Adware.MediaFinder application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\hunger_games_blu_ray_Full_Download.exe Win32/BundleInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\iLividSetupV1(2).exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\Setup_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\makul!\Downloads\The_Hunger_Games_2012_TS_XViD_NEW_SOURCE_DTRG.exe Win32/Adware.1ClickDownload.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

You should be more carefully while downloading any application.

How is your PC now?

Share this post


Link to post
Share on other sites

everything seems to be doing good now. thank you so much for your help :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.