Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't remove WIN32/Injector.AFFI Trojan

Started by hbnew92 , May 01 2013 06:26 AM

Please log in to reply

#1
hbnew92

Posted 01 May 2013 - 06:26 AM

Member

Member
11 posts

Dear everyone,
Currently my laptop is infected with the virus named WIN32/Injector.AFFI Trojan that is infecting svchost.exe(54136) which I tried removing using NOD32 antivirus but apparently it is impossible to remove it, ever since this virus has infected my laptop, the files in USB drives and External Hard discs that were plugged into my laptop turns into shortcuts, in addition,whenever I turn my laptop on and when it reaches the desktop, two internet explorer pages automatically opens and shows a website that I've never been to before, and some other problems such as messing with my registry.In need of help and would really be really thankful and appreciate it really much

this is the log from OTL

OTL logfile created on: 1/5/2013 8:09:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Software
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

7.91 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 55.80% Memory free
15.81 Gb Paging File | 11.95 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.69 Gb Total Space | 39.96 Gb Free Space | 23.14% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 122.42 Gb Free Space | 41.79% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 20:09:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Software\OTL.exe
PRC - [2013/04/13 02:36:20 | 000,555,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013/04/13 02:36:04 | 000,390,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/04/13 02:35:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013/04/13 02:35:44 | 001,279,784 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2013/04/04 17:56:10 | 000,087,344 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\GarenaTalkOverlay.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/03/18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/03/15 13:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/03/13 18:05:36 | 009,655,088 | ---- | M] () -- D:\Games\GarenaLoL\GameData\GarenaMessenger.exe
PRC - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
PRC - [2013/02/04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/01/29 20:00:26 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013/01/21 17:48:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 21:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2012/12/12 07:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/11/30 10:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/06/28 23:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/04/13 21:40:15 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/03/26 17:29:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/07/07 16:32:30 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011/07/06 15:20:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011/06/29 16:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011/05/25 22:53:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/05/20 11:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/05/10 15:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) -- C:\ASUS.SYS\config\SIONExportService.exe
PRC - [2011/03/13 10:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010/11/23 18:31:56 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2010/11/15 10:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/09/07 14:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/08/17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/23 11:24:24 | 000,138,552 | ---- | M] () -- C:\Program Files (x86)\Celcom Broadband\UIExec.exe
PRC - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () -- C:\Program Files (x86)\Celcom Broadband\AssistantServices.exe
PRC - [2010/07/09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/07/14 09:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mspaint.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/09 16:57:07 | 000,390,096 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013/04/09 16:57:06 | 013,130,704 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 16:57:05 | 004,050,896 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 16:56:15 | 000,598,480 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 16:56:14 | 000,124,368 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 16:56:13 | 001,606,096 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/04/04 17:56:11 | 001,846,272 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\Overlay.dll
MOD - [2013/04/04 17:56:10 | 000,087,344 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\GarenaTalkOverlay.exe
MOD - [2013/03/19 16:55:53 | 000,432,944 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\GarenaTalkPlugin.dll
MOD - [2013/03/19 16:55:50 | 000,027,952 | ---- | M] () -- D:\Games\GarenaLoL\GameData\VersionModule.dll
MOD - [2013/03/19 16:55:42 | 000,793,392 | ---- | M] () -- D:\Games\GarenaLoL\GameData\gagmhook.dll
MOD - [2013/03/13 18:06:04 | 001,543,984 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\FileSender.dll
MOD - [2013/03/13 18:06:02 | 000,949,552 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\XLL.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\Http.dll
MOD - [2013/03/13 18:05:57 | 000,236,336 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\PluginNews.dll
MOD - [2013/03/13 18:05:55 | 000,813,360 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\ggplugin.dll
MOD - [2013/03/13 18:05:54 | 000,286,000 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\DailyTaskPlugin.dll
MOD - [2013/03/13 18:05:36 | 009,655,088 | ---- | M] () -- D:\Games\GarenaLoL\GameData\GarenaMessenger.exe
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- D:\Games\GarenaLoL\GameData\CxImage.dll
MOD - [2013/02/28 17:17:36 | 000,188,208 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ggspawn.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- D:\Games\GarenaLoL\GameData\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- D:\Games\GarenaLoL\GameData\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- D:\Games\GarenaLoL\GameData\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- D:\Games\GarenaLoL\GameData\DibModule.dll
MOD - [2013/02/04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- D:\Games\GarenaLoL\GameData\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- D:\Games\GarenaLoL\GameData\CommonLib.dll
MOD - [2013/01/16 18:30:17 | 000,098,608 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\PlatformPlugin.dll
MOD - [2013/01/14 19:57:56 | 000,170,288 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\fs\YYFileSystem.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\TaskManagerLib.dll
MOD - [2013/01/09 20:53:24 | 000,605,049 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2013/01/09 13:11:40 | 000,599,040 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/12/27 11:34:07 | 000,181,760 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\ggspawn.dll
MOD - [2012/11/30 10:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 10:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012/09/13 14:19:19 | 000,048,640 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\XmlUIModule.dll
MOD - [2012/07/27 14:59:42 | 000,010,240 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 14:59:28 | 000,061,952 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\UdtLib.dll
MOD - [2012/07/26 11:51:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ServerMemAlloc.dll
MOD - [2012/04/04 14:33:24 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012/03/16 12:51:02 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\RSALib.dll
MOD - [2012/03/01 08:02:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- D:\Games\GarenaLoL\GameData\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\MP3Module.dll
MOD - [2012/02/22 16:52:16 | 000,122,136 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ggcode.dll
MOD - [2012/02/13 09:53:50 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011/10/18 09:54:24 | 000,097,792 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\CommonLib.dll
MOD - [2011/10/18 09:54:24 | 000,056,832 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\PluginKernel.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010/09/23 16:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010/07/23 11:24:24 | 000,138,552 | ---- | M] () -- C:\Program Files (x86)\Celcom Broadband\UIExec.exe
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2009/04/15 15:04:38 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/01/25 14:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/13 02:57:46 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/04/13 02:36:20 | 000,555,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/04/13 02:36:04 | 000,390,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/04/13 02:35:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013/03/15 13:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/14 02:10:48 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013/01/21 17:48:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/04 10:51:05 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 23:49:25 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/02 21:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/13 21:40:15 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/08/31 00:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/07/07 16:32:30 | 000,088,704 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/05/10 15:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\ASUS.SYS\config\SIONExportService.exe -- (Splashtop MDES)
SRV - [2011/04/20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/03/13 10:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Celcom Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/26 11:26:57 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/13 02:53:02 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/03/15 13:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013/03/15 13:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/02/08 08:31:57 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/01/11 03:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/10 15:08:16 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/11/22 08:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/13 21:58:22 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/08/13 21:58:22 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/08/10 16:27:23 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/08/10 16:27:23 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/04/07 02:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/06/02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/05 20:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/25 17:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/17 16:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/09/17 16:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/09/17 16:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/09/17 16:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/08/24 17:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/06/03 11:14:18 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/05/19 14:12:46 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/05/19 14:12:46 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/05/19 14:12:46 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/05/25 19:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?src=maxpc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 82 47 2E D0 12 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00EAE8D7-C9E7-42AB-A239-F7CDAB47E92E}: "URL" = http://websearch.ask...DD-48011ADD1BD5
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dis&o=15187"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.6.8
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.35
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: D:\Games\GarenaLoL\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013/04/05 01:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/27 15:59:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/02 15:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/02 15:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/05 01:11:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2013/02/14 10:54:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2013/02/14 10:54:20 | 000,000,000 | ---D | M]

[2012/03/27 11:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/03/23 01:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7ckcpcgj.default\extensions
[2013/01/13 10:15:46 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7ckcpcgj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/07/13 01:32:52 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7ckcpcgj.default\extensions\[email protected]
[2012/07/24 23:47:49 | 000,075,325 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7ckcpcgj.default\extensions\[email protected]
[2012/04/28 09:33:12 | 000,002,572 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7ckcpcgj.default\searchplugins\askcom.xml
[2013/01/27 01:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/06 13:57:46 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/07/08 15:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/28 23:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.3_0\IDMGCExt.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Slinky Elegant = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_1\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.62_0\
CHR - Extension: instant translate = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\1.7.3_0\
CHR - Extension: IDM Integration = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.9.1_0\
CHR - Extension: Smooth Scrollerator = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmicgfcegednlkdhgbhgickcgndjeeig\1.1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.8_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/15 18:09:36 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 q4master.idsoftware.com
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FiltrateIE Class) - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\Windows\SysWOW64\SafeIE.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AutoRunExterminator] D:\Software\AutoRunExterminator.exe (Inside Core)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Celcom Broadband\UIExec.exe ()
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Ekbcbg] C:\Users\user\AppData\Roaming\Microsoft\Ekbcbg.exe (Hause)
O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GarenaPlus] D:\Games\GarenaLoL\GameData\GarenaMessenger.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Screen Saver Pro 3.1] C:\Users\user\AppData\Roaming\ScreenSaverPro.scr (Hause)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download all by WellGet - C:\Program Files (x86)\WellGet\Nxall.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download by &WellGet - C:\Program Files (x86)\WellGet\NxCatch.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files (x86)\WellGet\Nxall.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download by &WellGet - C:\Program Files (x86)\WellGet\NxCatch.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files (x86)\WellGet\WellGet.exe ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7496B7-07D2-4C75-ADC0-EDA6E6B8567B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E1371F-DDF8-4C0B-8778-3411E69BF455}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC307C51-D912-47C4-A048-41E952CC316C}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30701185-fa4a-11e1-82d6-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{30701185-fa4a-11e1-82d6-001e101fe70e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{53c9c7cf-fbda-11e1-83b9-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{53c9c7cf-fbda-11e1-83b9-001e101f4da1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{715e1c80-f99d-11e1-8daa-742f68e53958}\Shell - "" = AutoRun
O33 - MountPoints2\{715e1c80-f99d-11e1-8daa-742f68e53958}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{715e1c8d-f99d-11e1-8daa-742f68e53958}\Shell - "" = AutoRun
O33 - MountPoints2\{715e1c8d-f99d-11e1-8daa-742f68e53958}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7cb68dfc-fca4-11e1-9d43-5404a67634e4}\Shell - "" = AutoRun
O33 - MountPoints2\{7cb68dfc-fca4-11e1-9d43-5404a67634e4}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{827be6b0-2a3f-11e2-9a8b-5404a67634e4}\Shell - "" = AutoRun
O33 - MountPoints2\{827be6b0-2a3f-11e2-9a8b-5404a67634e4}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{827be709-2a3f-11e2-9a8b-5404a67634e4}\Shell - "" = AutoRun
O33 - MountPoints2\{827be709-2a3f-11e2-9a8b-5404a67634e4}\Shell\AutoRun\command - "" = I:\Install.exe
O33 - MountPoints2\{e223f41b-e290-11e1-82b8-742f68e53958}\Shell - "" = AutoRun
O33 - MountPoints2\{e223f41b-e290-11e1-82b8-742f68e53958}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/01 13:27:59 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/04/29 16:12:54 | 000,230,400 | ---- | C] (Hause) -- C:\Users\user\AppData\Roaming\ScreenSaverPro.scr
[2013/04/26 23:18:27 | 000,134,904 | ---- | C] (J@u?) -- C:\Users\user\AppData\Roaming\C4E5.exe
[2013/04/26 11:26:57 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/04/25 18:07:19 | 000,069,496 | ---- | C] (House) -- C:\Users\user\AppData\Roaming\38D7.exe
[2013/04/24 12:58:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/24 00:26:22 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2013/04/24 00:26:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/24 00:26:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/24 00:26:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/24 00:26:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/04/24 00:26:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/24 00:25:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/15 20:54:23 | 000,230,400 | -HS- | C] (Hause) -- C:\Users\user\AppData\Roaming\C68D.exe
[2013/04/13 09:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/13 02:53:02 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/04/05 01:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/04/05 01:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/04/05 01:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/04 18:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/01 20:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/01 19:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
[2013/05/01 19:42:45 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\AE27.exe
[2013/05/01 19:42:42 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\A273.exe
[2013/05/01 19:42:40 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\9C2B.exe
[2013/05/01 19:42:38 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\9612.exe
[2013/05/01 19:42:37 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\8FF9.exe
[2013/05/01 19:41:46 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
[2013/05/01 19:41:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/01 13:35:35 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 13:35:35 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 13:33:58 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\E63.exe
[2013/05/01 13:33:56 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\81B.exe
[2013/05/01 13:33:55 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\1D4.exe
[2013/05/01 13:33:47 | 000,730,652 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/01 13:33:47 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/01 13:33:47 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/01 13:27:44 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/05/01 13:27:27 | 2072,027,135 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/01 12:15:13 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/05/01 05:06:53 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\C392.exe
[2013/05/01 05:06:50 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\BAF9.exe
[2013/05/01 05:06:46 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A95C.exe
[2013/05/01 05:06:44 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A130.exe
[2013/04/30 23:58:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
[2013/04/30 23:10:26 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\6C92.exe
[2013/04/30 23:10:24 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\64B4.exe
[2013/04/30 23:10:22 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\5CE7.exe
[2013/04/30 18:08:40 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\281A.exe
[2013/04/30 18:08:38 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\20AA.exe
[2013/04/30 18:08:36 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\18EC.exe
[2013/04/29 22:52:53 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\78E9.exe
[2013/04/29 22:52:07 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\C1DA.exe
[2013/04/29 22:52:02 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\B193.exe
[2013/04/29 22:52:00 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A6D9.exe
[2013/04/29 22:41:59 | 000,526,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/29 20:35:47 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\E744.exe
[2013/04/29 20:35:43 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\D51A.exe
[2013/04/29 20:35:41 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\CCFE.exe
[2013/04/29 20:35:39 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\C502.exe
[2013/04/29 20:35:37 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\BCE6.exe
[2013/04/29 20:23:10 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\59BF.exe
[2013/04/29 20:23:05 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\463E.exe
[2013/04/29 20:23:03 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\3DE4.exe
[2013/04/29 20:23:01 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\35F7.exe
[2013/04/29 20:22:59 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\2DDB.exe
[2013/04/29 16:15:44 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\D1F1.exe
[2013/04/29 16:15:39 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\BC9C.exe
[2013/04/29 16:15:37 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\B367.exe
[2013/04/29 16:15:34 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\AA52.exe
[2013/04/29 00:56:45 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\B84A.exe
[2013/04/29 00:56:38 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\9D69.exe
[2013/04/29 00:56:35 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\90EA.exe
[2013/04/29 00:23:38 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\65C4.exe
[2013/04/29 00:22:28 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\5639.exe
[2013/04/29 00:22:23 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\4067.exe
[2013/04/29 00:21:44 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\AABC.exe
[2013/04/29 00:21:30 | 000,230,400 | ---- | M] (Hause) -- C:\Users\user\AppData\Roaming\ScreenSaverPro.scr
[2013/04/28 21:30:07 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\8C5F.exe
[2013/04/28 21:30:05 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\8397.exe
[2013/04/28 21:30:03 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\7B7C.exe
[2013/04/28 21:03:19 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\13C.exe
[2013/04/28 21:03:15 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\F3C4.exe
[2013/04/28 21:03:11 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\E0FE.exe
[2013/04/28 19:45:14 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\862F.exe
[2013/04/28 19:43:26 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\E010.exe
[2013/04/28 19:43:12 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A699.exe
[2013/04/28 19:42:57 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\6F43.exe
[2013/04/28 18:27:20 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\329E.exe
[2013/04/28 18:27:01 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\EA96.exe
[2013/04/28 18:26:51 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\C3B4.exe
[2013/04/28 18:26:41 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\9C55.exe
[2013/04/28 15:43:51 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\86AF.exe
[2013/04/28 15:43:49 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\7EB3.exe
[2013/04/28 15:43:47 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\76A7.exe
[2013/04/28 14:15:45 | 000,002,198 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/04/27 21:01:26 | 000,130,816 | ---- | M] () -- C:\Users\user\AppData\Roaming\400E.exe
[2013/04/27 17:13:43 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\C76F.exe
[2013/04/27 17:13:26 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\8263.exe
[2013/04/27 17:13:18 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\6512.exe
[2013/04/27 17:13:13 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\501B.exe
[2013/04/27 17:13:10 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\43F9.exe
[2013/04/27 13:50:41 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\E523.exe
[2013/04/27 13:50:36 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\D115.exe
[2013/04/27 13:50:31 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\BD66.exe
[2013/04/27 13:50:29 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\B4CD.exe
[2013/04/26 23:18:27 | 000,134,904 | ---- | M] (J@u?) -- C:\Users\user\AppData\Roaming\C4E5.exe
[2013/04/26 19:52:49 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\831F.exe
[2013/04/26 19:52:47 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\7AB5.exe
[2013/04/26 19:52:45 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\7049.exe
[2013/04/26 19:52:42 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\662A.exe
[2013/04/26 18:39:52 | 000,130,816 | ---- | M] () -- C:\Users\user\AppData\Roaming\B994.exe
[2013/04/26 18:18:33 | 000,130,816 | ---- | M] () -- C:\Users\user\AppData\Roaming\34D8.exe
[2013/04/26 11:37:36 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\1D67.exe
[2013/04/26 11:37:33 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\155B.exe
[2013/04/26 11:37:31 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\D8D.exe
[2013/04/26 11:37:29 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\5B0.exe
[2013/04/26 11:27:08 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\88F1.exe
[2013/04/26 11:27:06 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\8097.exe
[2013/04/26 11:27:03 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\781D.exe
[2013/04/26 11:27:01 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\6F56.exe
[2013/04/26 11:26:58 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\645D.exe
[2013/04/26 11:26:57 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/04/25 22:20:21 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\E909.exe
[2013/04/25 22:20:19 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\DECB.exe
[2013/04/25 22:20:16 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\D549.exe
[2013/04/25 22:20:14 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\CBF5.exe
[2013/04/25 18:42:39 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\92BA.exe
[2013/04/25 18:07:19 | 000,069,496 | ---- | M] (House) -- C:\Users\user\AppData\Roaming\38D7.exe
[2013/04/25 18:06:22 | 000,130,816 | ---- | M] () -- C:\Users\user\AppData\Roaming\5B34.exe
[2013/04/25 18:03:29 | 000,012,264 | ---- | M] () -- C:\Users\user\AppData\Roaming\B737.exe
[2013/04/25 12:03:24 | 000,130,816 | ---- | M] () -- C:\Users\user\AppData\Roaming\BE3.exe
[2013/04/24 20:31:15 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\3D64.exe
[2013/04/24 20:31:10 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\2D7A.exe
[2013/04/24 20:31:08 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\259D.exe
[2013/04/24 19:47:05 | 000,151,256 | ---- | M] () -- C:\Users\user\AppData\Roaming\CDBC.exe
[2013/04/24 00:19:53 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\44F0.exe
[2013/04/23 23:13:37 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\97FA.exe
[2013/04/23 19:27:17 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\C4A0.exe
[2013/04/23 19:26:59 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\7D24.exe
[2013/04/23 19:26:46 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\4B3B.exe
[2013/04/23 19:25:23 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\574.exe
[2013/04/22 10:52:19 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
[2013/04/21 19:28:38 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\8FB5.exe
[2013/04/21 18:14:46 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\EFFB.exe
[2013/04/21 18:14:44 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\E7A1.exe
[2013/04/21 18:14:42 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\DF76.exe
[2013/04/21 18:14:40 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\D779.exe
[2013/04/21 18:14:38 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\CF5D.exe
[2013/04/21 17:39:08 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\50F9.exe
[2013/04/21 17:39:06 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\47B5.exe
[2013/04/21 17:39:04 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\3EED.exe
[2013/04/21 17:39:02 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\36A3.exe
[2013/04/21 17:39:00 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\2E68.exe
[2013/04/21 16:21:18 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\DCA.exe
[2013/04/21 16:21:16 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\551.exe
[2013/04/21 16:21:14 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\FD35.exe
[2013/04/21 16:21:10 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\EF8D.exe
[2013/04/21 13:46:52 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\A9E3.exe
[2013/04/21 13:46:50 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A1B7.exe
[2013/04/21 13:46:48 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\99AB.exe
[2013/04/21 13:46:46 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\919F.exe
[2013/04/21 11:39:45 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\4A01.exe
[2013/04/21 11:39:43 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\411B.exe
[2013/04/21 11:39:38 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\2CFE.exe
[2013/04/21 11:22:25 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\68B4.exe
[2013/04/21 11:22:22 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\603A.exe
[2013/04/21 11:22:20 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\57E0.exe
[2013/04/21 11:22:18 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\4F09.exe
[2013/04/21 01:31:14 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\755C.exe
[2013/04/21 01:31:12 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\6B5C.exe
[2013/04/21 01:31:08 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\5F4A.exe
[2013/04/21 01:31:06 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\554B.exe
[2013/04/21 01:31:03 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\4ADE.exe
[2013/04/21 00:04:08 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\AB91.exe
[2013/04/21 00:04:04 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\9D00.exe
[2013/04/21 00:04:00 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\8F39.exe
[2013/04/20 23:58:04 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\1D04.exe
[2013/04/20 23:57:37 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\B710.exe
[2013/04/20 23:56:59 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\1FA1.exe
[2013/04/20 23:54:37 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\F4C9.exe
[2013/04/20 00:47:34 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\138C.exe
[2013/04/20 00:47:29 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\FFAE.exe
[2013/04/20 00:47:24 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\EB91.exe
[2013/04/20 00:47:19 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\D7C2.exe
[2013/04/19 21:28:06 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/04/19 21:19:56 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\FC5D.exe
[2013/04/19 21:19:54 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\F29C.exe
[2013/04/19 21:19:51 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\E977.exe
[2013/04/19 21:19:49 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\DFF4.exe
[2013/04/19 21:19:46 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\D5F5.exe
[2013/04/19 21:19:44 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\CCDF.exe
[2013/04/19 19:14:45 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\60A2.exe
[2013/04/19 19:14:38 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\45FF.exe
[2013/04/19 19:14:36 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\3DA5.exe
[2013/04/19 14:18:01 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\B52D.exe
[2013/04/19 14:17:59 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\AD4F.exe
[2013/04/19 14:17:57 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A572.exe
[2013/04/19 14:17:55 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\9DA4.exe
[2013/04/19 14:17:52 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\93D3.exe
[2013/04/19 11:46:38 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\1B66.exe
[2013/04/19 11:46:34 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\B9B.exe
[2013/04/19 11:46:32 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\3BE.exe
[2013/04/19 11:46:30 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\FBF0.exe
[2013/04/19 11:04:39 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\ABCC.exe
[2013/04/19 11:04:34 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\9B28.exe
[2013/04/19 11:04:29 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\86DD.exe
[2013/04/19 11:04:26 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\78D8.exe
[2013/04/18 22:47:11 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\679E.exe
[2013/04/18 22:46:07 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\6EED.exe
[2013/04/18 22:45:55 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\3FEF.exe
[2013/04/18 22:45:51 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\2ECF.exe
[2013/04/18 22:45:47 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\207C.exe
[2013/04/18 18:52:25 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\78A4.exe
[2013/04/18 18:52:23 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\70E6.exe
[2013/04/18 18:52:19 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\613A.exe
[2013/04/18 18:52:17 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\599B.exe
[2013/04/18 18:52:15 | 000,010,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\518F.exe
[2013/04/18 18:52:13 | 000,010,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\49C1.exe
[2013/04/18 18:52:11 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\41F4.exe
[2013/04/18 18:52:09 | 000,010,871 | ---- | M] () -- C:\Users\user\AppData\Roaming\3A45.exe
[2013/04/18 18:52:01 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\190B.exe
[2013/04/18 16:34:20 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\C98.exe
[2013/04/18 16:32:57 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\C75D.exe
[2013/04/18 16:30:45 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\C6A1.exe
[2013/04/18 16:25:28 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\EEA9.exe
[2013/04/18 14:09:11 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\2B28.exe
[2013/04/18 14:09:09 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\231C.exe
[2013/04/18 14:09:07 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\1AD2.exe
[2013/04/18 14:09:05 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\12A6.exe
[2013/04/18 14:09:03 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\A2D.exe
[2013/04/17 17:00:48 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\A6E8.exe
[2013/04/17 01:51:34 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\B51D.exe
[2013/04/16 23:46:55 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\98E2.exe
[2013/04/16 23:46:52 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\8ADD.exe
[2013/04/16 23:46:48 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\7A78.exe
[2013/04/16 23:46:44 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\6BB8.exe
[2013/04/16 23:46:40 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\5AD5.exe
[2013/04/16 23:46:35 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\47B2.exe
[2013/04/16 23:46:19 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\AFF.exe
[2013/04/16 23:46:15 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\FBD2.exe
[2013/04/16 23:46:12 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\ED60.exe
[2013/04/16 23:46:08 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\DEBF.exe
[2013/04/16 23:46:04 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\CF62.exe
[2013/04/16 23:45:59 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\BBD2.exe
[2013/04/16 19:53:55 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\46DC.exe
[2013/04/16 19:53:11 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\990F.exe
[2013/04/16 19:53:04 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\7F19.exe
[2013/04/16 19:19:09 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\6F6E.exe
[2013/04/16 18:48:16 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\2C07.exe
[2013/04/16 15:28:04 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\E14C.exe
[2013/04/16 15:28:01 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\D6C0.exe
[2013/04/16 15:27:57 | 000,010,868 | ---- | M] () -- C:\Users\user\AppData\Roaming\C5BF.exe
[2013/04/16 15:20:48 | 000,010,870 | ---- | M] () -- C:\Users\user\AppData\Roaming\386D.exe
[2013/04/16 13:48:32 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\D6D2.exe
[2013/04/16 13:48:24 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\B7DC.exe
[2013/04/16 13:48:20 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A7F3.exe
[2013/04/16 13:17:43 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\9F4A.exe
[2013/04/15 23:23:59 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\6FAC.exe
[2013/04/15 23:23:54 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\5C0C.exe
[2013/04/15 23:23:50 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\4F20.exe
[2013/04/15 22:30:56 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\DEDE.exe
[2013/04/15 21:43:33 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\7D4D.exe
[2013/04/15 21:41:17 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\6B61.exe
[2013/04/15 21:39:36 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\DDF0.exe
[2013/04/15 21:38:26 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\CCEF.exe
[2013/04/15 20:55:25 | 000,010,866 | ---- | M] () -- C:\Users\user\AppData\Roaming\B968.exe
[2013/04/15 20:55:23 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\B14C.exe
[2013/04/15 20:55:21 | 000,010,867 | ---- | M] () -- C:\Users\user\AppData\Roaming\A950.exe
[2013/04/15 20:55:19 | 000,010,869 | ---- | M] () -- C:\Users\user\AppData\Roaming\A163.exe
[2013/04/15 20:54:23 | 000,230,400 | -HS- | M] (Hause) -- C:\Users\user\AppData\Roaming\C68D.exe
[2013/04/13 02:53:02 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/04/04 20:56:58 | 000,001,294 | ---- | M] () -- C:\Windows\SysNative\SKY-202 - SkyHigh Jukujo Premium 8 (30 Women) - Ageha Kinoshita, Aiko Hirose, Arisa Ebihara, Ayami, Chika Ishihara, Emi Orihara, Emiri Senoo, Emiri Seo, Kanna Harumi, Rica, Riko Oshima, Saki Kozakura.lnk
[2013/04/04 20:50:02 | 000,001,274 | ---- | M] () -- C:\Windows\SysNative\While the Husband and Children Are Playing By the Water… a Mama Who is Having An Esthetic Treatment in a Place By the Sea Subjected to Indecent Fingering Stifles Her Voice and Quickly Becomes Inflamed .lnk
[2013/04/04 20:48:36 | 000,001,268 | ---- | M] () -- C:\Windows\SysNative\Watch Online [Cd 01] RHJ-239 - Red Hot Jam Vol.239 - Ageha Kinoshita, Chiharu Miyashita, Hikari Sakamoto, Jun, Kaoru Hirayama, Kotomi Asakura, Miina Yoshihara, Nao Yuzumiya, Nene Masaki, Sayuri Ito, Ya.lnk
[2013/04/04 18:35:40 | 000,001,812 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/04/04 18:34:33 | 000,000,000 | ---- | M] () -- C:\END
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 19:37:41 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/02 19:37:40 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/01 19:42:45 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\AE27.exe
[2013/05/01 19:42:42 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\A273.exe
[2013/05/01 19:42:40 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\9C2B.exe
[2013/05/01 19:42:38 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\9612.exe
[2013/05/01 19:42:37 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\8FF9.exe
[2013/05/01 13:33:58 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\E63.exe
[2013/05/01 13:33:56 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\81B.exe
[2013/05/01 13:33:55 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\1D4.exe
[2013/05/01 05:06:53 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\C392.exe
[2013/05/01 05:06:50 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\BAF9.exe
[2013/05/01 05:06:46 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A95C.exe
[2013/05/01 05:06:44 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A130.exe
[2013/04/30 23:10:26 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\6C92.exe
[2013/04/30 23:10:24 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\64B4.exe
[2013/04/30 23:10:22 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\5CE7.exe
[2013/04/30 18:08:40 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\281A.exe
[2013/04/30 18:08:38 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\20AA.exe
[2013/04/30 18:08:36 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\18EC.exe
[2013/04/29 22:52:53 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\78E9.exe
[2013/04/29 22:52:07 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\C1DA.exe
[2013/04/29 22:52:02 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\B193.exe
[2013/04/29 22:52:00 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A6D9.exe
[2013/04/29 20:35:47 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\E744.exe
[2013/04/29 20:35:43 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\D51A.exe
[2013/04/29 20:35:41 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\CCFE.exe
[2013/04/29 20:35:39 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\C502.exe
[2013/04/29 20:35:37 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\BCE6.exe
[2013/04/29 20:23:10 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\59BF.exe
[2013/04/29 20:23:05 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\463E.exe
[2013/04/29 20:23:03 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\3DE4.exe
[2013/04/29 20:23:01 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\35F7.exe
[2013/04/29 20:22:59 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\2DDB.exe
[2013/04/29 16:15:44 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\D1F1.exe
[2013/04/29 16:15:39 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\BC9C.exe
[2013/04/29 16:15:37 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\B367.exe
[2013/04/29 16:15:34 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\AA52.exe
[2013/04/29 00:56:45 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\B84A.exe
[2013/04/29 00:56:38 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\9D69.exe
[2013/04/29 00:56:35 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\90EA.exe
[2013/04/29 00:23:38 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\65C4.exe
[2013/04/29 00:22:28 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\5639.exe
[2013/04/29 00:22:23 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\4067.exe
[2013/04/29 00:21:44 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\AABC.exe
[2013/04/28 21:30:07 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\8C5F.exe
[2013/04/28 21:30:05 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\8397.exe
[2013/04/28 21:30:03 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\7B7C.exe
[2013/04/28 21:03:19 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\13C.exe
[2013/04/28 21:03:15 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\F3C4.exe
[2013/04/28 21:03:11 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\E0FE.exe
[2013/04/28 19:45:14 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\862F.exe
[2013/04/28 19:43:26 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\E010.exe
[2013/04/28 19:43:12 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A699.exe
[2013/04/28 19:42:57 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\6F43.exe
[2013/04/28 18:27:20 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\329E.exe
[2013/04/28 18:27:01 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\EA96.exe
[2013/04/28 18:26:51 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\C3B4.exe
[2013/04/28 18:26:41 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\9C55.exe
[2013/04/28 15:43:51 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\86AF.exe
[2013/04/28 15:43:49 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\7EB3.exe
[2013/04/28 15:43:47 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\76A7.exe
[2013/04/27 21:01:26 | 000,130,816 | ---- | C] () -- C:\Users\user\AppData\Roaming\400E.exe
[2013/04/27 17:13:43 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\C76F.exe
[2013/04/27 17:13:26 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\8263.exe
[2013/04/27 17:13:18 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\6512.exe
[2013/04/27 17:13:13 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\501B.exe
[2013/04/27 17:13:10 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\43F9.exe
[2013/04/27 13:50:41 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\E523.exe
[2013/04/27 13:50:36 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\D115.exe
[2013/04/27 13:50:31 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\BD66.exe
[2013/04/27 13:50:29 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\B4CD.exe
[2013/04/26 19:52:49 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\831F.exe
[2013/04/26 19:52:47 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\7AB5.exe
[2013/04/26 19:52:45 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\7049.exe
[2013/04/26 19:52:42 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\662A.exe
[2013/04/26 18:39:52 | 000,130,816 | ---- | C] () -- C:\Users\user\AppData\Roaming\B994.exe
[2013/04/26 18:18:33 | 000,130,816 | ---- | C] () -- C:\Users\user\AppData\Roaming\34D8.exe
[2013/04/26 11:37:36 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\1D67.exe
[2013/04/26 11:37:33 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\155B.exe
[2013/04/26 11:37:31 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\D8D.exe
[2013/04/26 11:37:29 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\5B0.exe
[2013/04/26 11:27:08 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\88F1.exe
[2013/04/26 11:27:06 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\8097.exe
[2013/04/26 11:27:03 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\781D.exe
[2013/04/26 11:27:01 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\6F56.exe
[2013/04/26 11:26:58 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\645D.exe
[2013/04/25 22:20:21 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\E909.exe
[2013/04/25 22:20:19 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\DECB.exe
[2013/04/25 22:20:16 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\D549.exe
[2013/04/25 22:20:14 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\CBF5.exe
[2013/04/25 18:42:39 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\92BA.exe
[2013/04/25 18:06:22 | 000,130,816 | ---- | C] () -- C:\Users\user\AppData\Roaming\5B34.exe
[2013/04/25 18:03:29 | 000,012,264 | ---- | C] () -- C:\Users\user\AppData\Roaming\B737.exe
[2013/04/25 12:03:24 | 000,130,816 | ---- | C] () -- C:\Users\user\AppData\Roaming\BE3.exe
[2013/04/24 20:31:15 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\3D64.exe
[2013/04/24 20:31:10 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\2D7A.exe
[2013/04/24 20:31:08 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\259D.exe
[2013/04/24 19:47:05 | 000,151,256 | ---- | C] () -- C:\Users\user\AppData\Roaming\CDBC.exe
[2013/04/24 00:26:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/24 00:26:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/24 00:26:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/24 00:26:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/24 00:26:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/24 00:19:53 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\44F0.exe
[2013/04/23 23:13:37 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\97FA.exe
[2013/04/23 19:27:17 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\C4A0.exe
[2013/04/23 19:26:59 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\7D24.exe
[2013/04/23 19:26:46 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\4B3B.exe
[2013/04/23 19:25:23 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\574.exe
[2013/04/21 19:28:38 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\8FB5.exe
[2013/04/21 18:14:46 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\EFFB.exe
[2013/04/21 18:14:44 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\E7A1.exe
[2013/04/21 18:14:42 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\DF76.exe
[2013/04/21 18:14:40 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\D779.exe
[2013/04/21 18:14:38 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\CF5D.exe
[2013/04/21 17:39:08 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\50F9.exe
[2013/04/21 17:39:06 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\47B5.exe
[2013/04/21 17:39:04 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\3EED.exe
[2013/04/21 17:39:02 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\36A3.exe
[2013/04/21 17:39:00 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\2E68.exe
[2013/04/21 16:21:18 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\DCA.exe
[2013/04/21 16:21:16 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\551.exe
[2013/04/21 16:21:14 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\FD35.exe
[2013/04/21 16:21:10 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\EF8D.exe
[2013/04/21 13:46:52 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\A9E3.exe
[2013/04/21 13:46:50 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A1B7.exe
[2013/04/21 13:46:48 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\99AB.exe
[2013/04/21 13:46:46 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\919F.exe
[2013/04/21 11:39:45 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\4A01.exe
[2013/04/21 11:39:43 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\411B.exe
[2013/04/21 11:39:38 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\2CFE.exe
[2013/04/21 11:22:25 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\68B4.exe
[2013/04/21 11:22:22 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\603A.exe
[2013/04/21 11:22:20 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\57E0.exe
[2013/04/21 11:22:18 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\4F09.exe
[2013/04/21 01:31:14 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\755C.exe
[2013/04/21 01:31:12 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\6B5C.exe
[2013/04/21 01:31:08 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\5F4A.exe
[2013/04/21 01:31:06 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\554B.exe
[2013/04/21 01:31:03 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\4ADE.exe
[2013/04/21 00:04:08 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\AB91.exe
[2013/04/21 00:04:04 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\9D00.exe
[2013/04/21 00:04:00 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\8F39.exe
[2013/04/20 23:58:04 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\1D04.exe
[2013/04/20 23:57:37 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\B710.exe
[2013/04/20 23:56:59 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\1FA1.exe
[2013/04/20 23:54:37 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\F4C9.exe
[2013/04/20 00:47:34 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\138C.exe
[2013/04/20 00:47:29 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\FFAE.exe
[2013/04/20 00:47:24 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\EB91.exe
[2013/04/20 00:47:19 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\D7C2.exe
[2013/04/19 21:28:06 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/04/19 21:19:56 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\FC5D.exe
[2013/04/19 21:19:54 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\F29C.exe
[2013/04/19 21:19:51 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\E977.exe
[2013/04/19 21:19:49 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\DFF4.exe
[2013/04/19 21:19:46 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\D5F5.exe
[2013/04/19 21:19:44 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\CCDF.exe
[2013/04/19 19:14:45 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\60A2.exe
[2013/04/19 19:14:38 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\45FF.exe
[2013/04/19 19:14:36 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\3DA5.exe
[2013/04/19 14:18:01 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\B52D.exe
[2013/04/19 14:17:59 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\AD4F.exe
[2013/04/19 14:17:57 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A572.exe
[2013/04/19 14:17:55 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\9DA4.exe
[2013/04/19 14:17:52 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\93D3.exe
[2013/04/19 11:46:38 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\1B66.exe
[2013/04/19 11:46:34 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\B9B.exe
[2013/04/19 11:46:32 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\3BE.exe
[2013/04/19 11:46:30 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\FBF0.exe
[2013/04/19 11:04:39 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\ABCC.exe
[2013/04/19 11:04:34 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\9B28.exe
[2013/04/19 11:04:29 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\86DD.exe
[2013/04/19 11:04:26 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\78D8.exe
[2013/04/18 22:47:11 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\679E.exe
[2013/04/18 22:46:07 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\6EED.exe
[2013/04/18 22:45:55 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\3FEF.exe
[2013/04/18 22:45:51 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\2ECF.exe
[2013/04/18 22:45:47 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\207C.exe
[2013/04/18 18:52:25 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\78A4.exe
[2013/04/18 18:52:23 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\70E6.exe
[2013/04/18 18:52:19 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\613A.exe
[2013/04/18 18:52:17 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\599B.exe
[2013/04/18 18:52:15 | 000,010,873 | ---- | C] () -- C:\Users\user\AppData\Roaming\518F.exe
[2013/04/18 18:52:13 | 000,010,873 | ---- | C] () -- C:\Users\user\AppData\Roaming\49C1.exe
[2013/04/18 18:52:11 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\41F4.exe
[2013/04/18 18:52:09 | 000,010,871 | ---- | C] () -- C:\Users\user\AppData\Roaming\3A45.exe
[2013/04/18 18:52:01 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\190B.exe
[2013/04/18 16:34:20 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\C98.exe
[2013/04/18 16:32:57 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\C75D.exe
[2013/04/18 16:30:45 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\C6A1.exe
[2013/04/18 16:25:28 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\EEA9.exe
[2013/04/18 14:09:11 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\2B28.exe
[2013/04/18 14:09:09 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\231C.exe
[2013/04/18 14:09:07 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\1AD2.exe
[2013/04/18 14:09:05 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\12A6.exe
[2013/04/18 14:09:03 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\A2D.exe
[2013/04/17 17:00:48 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\A6E8.exe
[2013/04/17 01:51:34 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\B51D.exe
[2013/04/16 23:46:55 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\98E2.exe
[2013/04/16 23:46:52 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\8ADD.exe
[2013/04/16 23:46:48 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\7A78.exe
[2013/04/16 23:46:44 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\6BB8.exe
[2013/04/16 23:46:40 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\5AD5.exe
[2013/04/16 23:46:35 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\47B2.exe
[2013/04/16 23:46:19 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\AFF.exe
[2013/04/16 23:46:15 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\FBD2.exe
[2013/04/16 23:46:12 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\ED60.exe
[2013/04/16 23:46:08 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\DEBF.exe
[2013/04/16 23:46:04 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\CF62.exe
[2013/04/16 23:45:59 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\BBD2.exe
[2013/04/16 19:53:55 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\46DC.exe
[2013/04/16 19:53:11 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\990F.exe
[2013/04/16 19:53:04 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\7F19.exe
[2013/04/16 19:19:09 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\6F6E.exe
[2013/04/16 18:48:16 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\2C07.exe
[2013/04/16 15:28:04 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\E14C.exe
[2013/04/16 15:28:01 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\D6C0.exe
[2013/04/16 15:27:57 | 000,010,868 | ---- | C] () -- C:\Users\user\AppData\Roaming\C5BF.exe
[2013/04/16 15:20:48 | 000,010,870 | ---- | C] () -- C:\Users\user\AppData\Roaming\386D.exe
[2013/04/16 13:48:32 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\D6D2.exe
[2013/04/16 13:48:24 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\B7DC.exe
[2013/04/16 13:48:20 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A7F3.exe
[2013/04/16 13:17:43 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\9F4A.exe
[2013/04/15 23:23:59 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\6FAC.exe
[2013/04/15 23:23:54 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\5C0C.exe
[2013/04/15 23:23:50 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\4F20.exe
[2013/04/15 22:30:56 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\DEDE.exe
[2013/04/15 21:43:33 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\7D4D.exe
[2013/04/15 21:41:17 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\6B61.exe
[2013/04/15 21:39:36 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\DDF0.exe
[2013/04/15 21:38:26 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\CCEF.exe
[2013/04/15 20:55:25 | 000,010,866 | ---- | C] () -- C:\Users\user\AppData\Roaming\B968.exe
[2013/04/15 20:55:23 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\B14C.exe
[2013/04/15 20:55:21 | 000,010,867 | ---- | C] () -- C:\Users\user\AppData\Roaming\A950.exe
[2013/04/15 20:55:19 | 000,010,869 | ---- | C] () -- C:\Users\user\AppData\Roaming\A163.exe
[2013/04/04 18:34:33 | 000,000,000 | ---- | C] () -- C:\END
[2013/04/02 19:37:41 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/02 19:37:40 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/02 13:42:21 | 000,007,603 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/01/19 19:12:50 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/19 19:12:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/01/13 10:12:43 | 000,005,329 | ---- | C] () -- C:\Users\user\AppData\Roaming\F421.exe
[2013/01/13 10:12:41 | 000,005,331 | ---- | C] () -- C:\Users\user\AppData\Roaming\EC82.exe
[2013/01/13 10:12:39 | 000,005,329 | ---- | C] () -- C:\Users\user\AppData\Roaming\E4C4.exe
[2013/01/13 10:12:37 | 000,005,324 | ---- | C] () -- C:\Users\user\AppData\Roaming\DD25.exe
[2013/01/01 22:07:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/11/21 21:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/10/21 23:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/13 16:13:10 | 000,045,270 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2012/08/12 19:01:11 | 000,001,830 | ---- | C] () -- C:\Users\user\AppData\Roaming\ImperatorProfile0.dat
[2012/08/12 19:01:11 | 000,001,822 | ---- | C] () -- C:\Users\user\AppData\Roaming\ImperatorProfile1.dat
[2012/07/23 10:09:30 | 000,146,146 | ---- | C] () -- C:\ProgramData\1343009285.bdinstall.bin
[2012/07/22 19:46:35 | 000,735,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/29 14:53:54 | 000,243,935 | ---- | C] () -- C:\ProgramData\1335663704.bdinstall.bin
[2012/04/29 08:12:38 | 000,000,503 | ---- | C] () -- C:\ProgramData\1335658352.bdinstall.bin
[2012/03/28 15:33:10 | 000,497,152 | ---- | C] () -- C:\Windows\Uninstall.exe
[2012/03/26 14:00:54 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/19 10:33:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/08/19 10:32:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/10 15:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/17 07:23:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\2K Sports
[2012/04/17 08:37:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\7 Sticky Notes
[2013/01/13 10:14:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2012/09/01 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2012/10/17 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Autodesk
[2013/04/16 14:01:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2012/12/14 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Bioshock2
[2013/04/16 14:01:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2013/02/22 12:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DmC - Devil May Cry
[2013/05/01 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DMCache
[2012/09/26 17:08:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\fltk.org
[2012/08/08 13:24:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena
[2013/05/01 13:32:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus
[2013/04/05 10:18:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IDM
[2013/03/02 01:53:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KuGou7
[2012/03/30 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2012/03/26 17:15:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX
[2012/07/08 08:49:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mkvtoolnix
[2013/01/27 10:41:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ooVoo Details
[2012/03/26 14:43:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2012/04/29 11:39:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan
[2012/03/29 10:53:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012/10/21 23:08:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2012/08/13 22:18:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft
[2013/01/12 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xim

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:FB1B13D8

< End of report >

#2
JSntgRvr

Posted 01 May 2013 - 11:18 AM

Global Moderator

Global Moderator
11,579 posts

Hi and

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Posted Image

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

#3
hbnew92

Posted 03 May 2013 - 12:25 PM

Member

Topic Starter
Member
11 posts

This is the ADW Cleaner log

# AdwCleaner v2.300 - Logfile created 05/04/2013 at 02:07:22
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Downloads\Programs\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Windows\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v5.0.1 (en-US)

-\\ Google Chrome v26.0.1410.64

-\\ Chromium v window_placement: {
bottom: 718

*************************

AdwCleaner[S1].txt - [3218 octets] - [04/05/2013 02:07:22]

########## EOF - C:\AdwCleaner[S1].txt - [3278 octets] ##########

And this is the Malwarebytes log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: USER-PC [administrator]

4/5/2013 2:11:42 AM
mbam-log-2013-05-04 (02-11-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279285
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Screen Saver Pro 3.1 (Trojan.Ranver) -> Data: C:\Users\user\AppData\Roaming\ScreenSaverPro.scr -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ekbcbg (Trojan.Ranver) -> Data: C:\Users\user\AppData\Roaming\Microsoft\Ekbcbg.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\Users\user\AppData\Roaming\ScreenSaverPro.scr (Trojan.Ranver) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Ekbcbg.exe (Trojan.Ranver) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\34D8.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\400E.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5B34.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B994.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BE3.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C4E5.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C68D.exe (Trojan.Ranver) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\CDBC.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\temp.bin (Trojan.Ranver) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4067.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5639.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6512.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7049.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8097.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8263.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8397.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9612.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

#4
JSntgRvr

Posted 03 May 2013 - 01:45 PM

Global Moderator

Global Moderator
11,579 posts

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Install the Recovery Console if prompted.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Re-scan with OTL and post its report.

#5
hbnew92

Posted 04 May 2013 - 09:24 AM

Member

Topic Starter
Member
11 posts

This is the Combo Fix Report

ComboFix 13-05-04.01 - user 5/2013 Sat 13:57:08.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8096.5828 [GMT 8:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1335658352.bdinstall.bin
c:\programdata\1335663704.bdinstall.bin
c:\programdata\1343009285.bdinstall.bin
c:\programdata\csetup.tmp
c:\users\user\AppData\Roaming\12A6.exe
c:\users\user\AppData\Roaming\138C.exe
c:\users\user\AppData\Roaming\13C.exe
c:\users\user\AppData\Roaming\155B.exe
c:\users\user\AppData\Roaming\18EC.exe
c:\users\user\AppData\Roaming\190B.exe
c:\users\user\AppData\Roaming\1AD2.exe
c:\users\user\AppData\Roaming\1B66.exe
c:\users\user\AppData\Roaming\1D04.exe
c:\users\user\AppData\Roaming\1D4.exe
c:\users\user\AppData\Roaming\1D67.exe
c:\users\user\AppData\Roaming\1FA1.exe
c:\users\user\AppData\Roaming\207C.exe
c:\users\user\AppData\Roaming\20AA.exe
c:\users\user\AppData\Roaming\231C.exe
c:\users\user\AppData\Roaming\24FC.exe
c:\users\user\AppData\Roaming\259D.exe
c:\users\user\AppData\Roaming\281A.exe
c:\users\user\AppData\Roaming\2B28.exe
c:\users\user\AppData\Roaming\2C07.exe
c:\users\user\AppData\Roaming\2CFE.exe
c:\users\user\AppData\Roaming\2D7A.exe
c:\users\user\AppData\Roaming\2DDB.exe
c:\users\user\AppData\Roaming\2E68.exe
c:\users\user\AppData\Roaming\2ECF.exe
c:\users\user\AppData\Roaming\329E.exe
c:\users\user\AppData\Roaming\35F7.exe
c:\users\user\AppData\Roaming\36A3.exe
c:\users\user\AppData\Roaming\386D.exe
c:\users\user\AppData\Roaming\38D7.exe
c:\users\user\AppData\Roaming\3A45.exe
c:\users\user\AppData\Roaming\3BE.exe
c:\users\user\AppData\Roaming\3D64.exe
c:\users\user\AppData\Roaming\3DA5.exe
c:\users\user\AppData\Roaming\3DE4.exe
c:\users\user\AppData\Roaming\3EED.exe
c:\users\user\AppData\Roaming\3FEF.exe
c:\users\user\AppData\Roaming\411B.exe
c:\users\user\AppData\Roaming\41F4.exe
c:\users\user\AppData\Roaming\43F9.exe
c:\users\user\AppData\Roaming\44F0.exe
c:\users\user\AppData\Roaming\45FF.exe
c:\users\user\AppData\Roaming\463E.exe
c:\users\user\AppData\Roaming\46DC.exe
c:\users\user\AppData\Roaming\47B2.exe
c:\users\user\AppData\Roaming\47B5.exe
c:\users\user\AppData\Roaming\49C1.exe
c:\users\user\AppData\Roaming\4A01.exe
c:\users\user\AppData\Roaming\4ADE.exe
c:\users\user\AppData\Roaming\4B3B.exe
c:\users\user\AppData\Roaming\4F09.exe
c:\users\user\AppData\Roaming\4F20.exe
c:\users\user\AppData\Roaming\501B.exe
c:\users\user\AppData\Roaming\50F9.exe
c:\users\user\AppData\Roaming\518F.exe
c:\users\user\AppData\Roaming\551.exe
c:\users\user\AppData\Roaming\554B.exe
c:\users\user\AppData\Roaming\574.exe
c:\users\user\AppData\Roaming\57E0.exe
c:\users\user\AppData\Roaming\599B.exe
c:\users\user\AppData\Roaming\59BF.exe
c:\users\user\AppData\Roaming\5AD5.exe
c:\users\user\AppData\Roaming\5B0.exe
c:\users\user\AppData\Roaming\5C0C.exe
c:\users\user\AppData\Roaming\5CE7.exe
c:\users\user\AppData\Roaming\5F4A.exe
c:\users\user\AppData\Roaming\603A.exe
c:\users\user\AppData\Roaming\60A2.exe
c:\users\user\AppData\Roaming\613A.exe
c:\users\user\AppData\Roaming\645D.exe
c:\users\user\AppData\Roaming\64B4.exe
c:\users\user\AppData\Roaming\65C4.exe
c:\users\user\AppData\Roaming\662A.exe
c:\users\user\AppData\Roaming\679E.exe
c:\users\user\AppData\Roaming\68B4.exe
c:\users\user\AppData\Roaming\6B5C.exe
c:\users\user\AppData\Roaming\6B61.exe
c:\users\user\AppData\Roaming\6BB8.exe
c:\users\user\AppData\Roaming\6C92.exe
c:\users\user\AppData\Roaming\6EED.exe
c:\users\user\AppData\Roaming\6F43.exe
c:\users\user\AppData\Roaming\6F56.exe
c:\users\user\AppData\Roaming\6F6E.exe
c:\users\user\AppData\Roaming\6FAC.exe
c:\users\user\AppData\Roaming\70E6.exe
c:\users\user\AppData\Roaming\755C.exe
c:\users\user\AppData\Roaming\76A7.exe
c:\users\user\AppData\Roaming\76E2.exe
c:\users\user\AppData\Roaming\781D.exe
c:\users\user\AppData\Roaming\78A4.exe
c:\users\user\AppData\Roaming\78D8.exe
c:\users\user\AppData\Roaming\78E9.exe
c:\users\user\AppData\Roaming\7A78.exe
c:\users\user\AppData\Roaming\7AB5.exe
c:\users\user\AppData\Roaming\7B7C.exe
c:\users\user\AppData\Roaming\7D24.exe
c:\users\user\AppData\Roaming\7D4D.exe
c:\users\user\AppData\Roaming\7EB3.exe
c:\users\user\AppData\Roaming\7F19.exe
c:\users\user\AppData\Roaming\81B.exe
c:\users\user\AppData\Roaming\831F.exe
c:\users\user\AppData\Roaming\862F.exe
c:\users\user\AppData\Roaming\86AF.exe
c:\users\user\AppData\Roaming\86DD.exe
c:\users\user\AppData\Roaming\88F1.exe
c:\users\user\AppData\Roaming\8ADD.exe
c:\users\user\AppData\Roaming\8C5F.exe
c:\users\user\AppData\Roaming\8F39.exe
c:\users\user\AppData\Roaming\8FB5.exe
c:\users\user\AppData\Roaming\8FF9.exe
c:\users\user\AppData\Roaming\90EA.exe
c:\users\user\AppData\Roaming\919F.exe
c:\users\user\AppData\Roaming\92BA.exe
c:\users\user\AppData\Roaming\93D3.exe
c:\users\user\AppData\Roaming\97FA.exe
c:\users\user\AppData\Roaming\98E2.exe
c:\users\user\AppData\Roaming\990F.exe
c:\users\user\AppData\Roaming\99AB.exe
c:\users\user\AppData\Roaming\9B28.exe
c:\users\user\AppData\Roaming\9C2B.exe
c:\users\user\AppData\Roaming\9C55.exe
c:\users\user\AppData\Roaming\9D00.exe
c:\users\user\AppData\Roaming\9D69.exe
c:\users\user\AppData\Roaming\9DA4.exe
c:\users\user\AppData\Roaming\9F4A.exe
c:\users\user\AppData\Roaming\A130.exe
c:\users\user\AppData\Roaming\A163.exe
c:\users\user\AppData\Roaming\A1B7.exe
c:\users\user\AppData\Roaming\A273.exe
c:\users\user\AppData\Roaming\A2D.exe
c:\users\user\AppData\Roaming\A572.exe
c:\users\user\AppData\Roaming\A699.exe
c:\users\user\AppData\Roaming\A6D9.exe
c:\users\user\AppData\Roaming\A6E8.exe
c:\users\user\AppData\Roaming\A7F3.exe
c:\users\user\AppData\Roaming\A950.exe
c:\users\user\AppData\Roaming\A95C.exe
c:\users\user\AppData\Roaming\A9E3.exe
c:\users\user\AppData\Roaming\AA52.exe
c:\users\user\AppData\Roaming\AABC.exe
c:\users\user\AppData\Roaming\AB91.exe
c:\users\user\AppData\Roaming\ABCC.exe
c:\users\user\AppData\Roaming\AD4F.exe
c:\users\user\AppData\Roaming\AE27.exe
c:\users\user\AppData\Roaming\AFF.exe
c:\users\user\AppData\Roaming\B14C.exe
c:\users\user\AppData\Roaming\B193.exe
c:\users\user\AppData\Roaming\B367.exe
c:\users\user\AppData\Roaming\B4CD.exe
c:\users\user\AppData\Roaming\B51D.exe
c:\users\user\AppData\Roaming\B52D.exe
c:\users\user\AppData\Roaming\B710.exe
c:\users\user\AppData\Roaming\B737.exe
c:\users\user\AppData\Roaming\B7DC.exe
c:\users\user\AppData\Roaming\B84A.exe
c:\users\user\AppData\Roaming\B968.exe
c:\users\user\AppData\Roaming\B9B.exe
c:\users\user\AppData\Roaming\BAF9.exe
c:\users\user\AppData\Roaming\BBD2.exe
c:\users\user\AppData\Roaming\BC9C.exe
c:\users\user\AppData\Roaming\BCE6.exe
c:\users\user\AppData\Roaming\BD66.exe
c:\users\user\AppData\Roaming\C1DA.exe
c:\users\user\AppData\Roaming\C392.exe
c:\users\user\AppData\Roaming\C3B4.exe
c:\users\user\AppData\Roaming\C4A0.exe
c:\users\user\AppData\Roaming\C502.exe
c:\users\user\AppData\Roaming\C5BF.exe
c:\users\user\AppData\Roaming\C6A1.exe
c:\users\user\AppData\Roaming\C75D.exe
c:\users\user\AppData\Roaming\C76F.exe
c:\users\user\AppData\Roaming\C98.exe
c:\users\user\AppData\Roaming\C9F6.exe
c:\users\user\AppData\Roaming\CBF5.exe
c:\users\user\AppData\Roaming\CCDF.exe
c:\users\user\AppData\Roaming\CCEF.exe
c:\users\user\AppData\Roaming\CCFE.exe
c:\users\user\AppData\Roaming\CF5D.exe
c:\users\user\AppData\Roaming\CF62.exe
c:\users\user\AppData\Roaming\D115.exe
c:\users\user\AppData\Roaming\D1F1.exe
c:\users\user\AppData\Roaming\D51A.exe
c:\users\user\AppData\Roaming\D549.exe
c:\users\user\AppData\Roaming\D5F5.exe
c:\users\user\AppData\Roaming\D6C0.exe
c:\users\user\AppData\Roaming\D6D2.exe
c:\users\user\AppData\Roaming\D6F3.exe
c:\users\user\AppData\Roaming\D779.exe
c:\users\user\AppData\Roaming\D7C2.exe
c:\users\user\AppData\Roaming\D8D.exe
c:\users\user\AppData\Roaming\DCA.exe
c:\users\user\AppData\Roaming\DDF0.exe
c:\users\user\AppData\Roaming\DEBF.exe
c:\users\user\AppData\Roaming\DECB.exe
c:\users\user\AppData\Roaming\DEDE.exe
c:\users\user\AppData\Roaming\DEE0.exe
c:\users\user\AppData\Roaming\DF76.exe
c:\users\user\AppData\Roaming\DFF4.exe
c:\users\user\AppData\Roaming\E010.exe
c:\users\user\AppData\Roaming\E0FE.exe
c:\users\user\AppData\Roaming\E14C.exe
c:\users\user\AppData\Roaming\E523.exe
c:\users\user\AppData\Roaming\E63.exe
c:\users\user\AppData\Roaming\E69E.exe
c:\users\user\AppData\Roaming\E744.exe
c:\users\user\AppData\Roaming\E7A1.exe
c:\users\user\AppData\Roaming\E909.exe
c:\users\user\AppData\Roaming\E977.exe
c:\users\user\AppData\Roaming\EA96.exe
c:\users\user\AppData\Roaming\EB91.exe
c:\users\user\AppData\Roaming\ED60.exe
c:\users\user\AppData\Roaming\EE6C.exe
c:\users\user\AppData\Roaming\EEA9.exe
c:\users\user\AppData\Roaming\EF8D.exe
c:\users\user\AppData\Roaming\EFFB.exe
c:\users\user\AppData\Roaming\F29C.exe
c:\users\user\AppData\Roaming\F3C4.exe
c:\users\user\AppData\Roaming\F4C9.exe
c:\users\user\AppData\Roaming\FBD2.exe
c:\users\user\AppData\Roaming\FBF0.exe
c:\users\user\AppData\Roaming\FC5D.exe
c:\users\user\AppData\Roaming\FD35.exe
c:\users\user\AppData\Roaming\FFAE.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-04 to 2013-05-04 )))))))))))))))))))))))))))))))
.
.
2013-05-04 06:11 . 2013-05-04 06:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-04 06:11 . 2013-05-04 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-04 01:13 . 2013-05-04 01:13 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E33E5ECE-EBED-4332-8926-275105A16032}\offreg.dll
2013-05-03 18:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-05-03 15:47 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E33E5ECE-EBED-4332-8926-275105A16032}\mpengine.dll
2013-05-01 14:46 . 2013-05-01 14:46 -------- d-----w- c:\program files (x86)\LAV Filters
2013-04-26 03:26 . 2013-04-26 03:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-24 19:28 . 2013-04-24 19:28 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-04-24 19:18 . 2013-04-24 19:18 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-04-24 05:02 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-13 01:26 . 2013-04-13 01:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-13 01:26 . 2013-04-13 01:26 -------- d-----w- c:\program files (x86)\Java
2013-04-12 07:24 . 2013-04-12 07:24 -------- d-----w- c:\users\fbwuser
2013-04-11 03:27 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-11 02:56 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 02:56 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 02:56 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 02:56 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 02:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 02:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 02:56 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-11 02:56 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-04 17:11 . 2013-04-04 17:11 -------- d-----w- c:\program files\ESET
2013-04-04 10:01 . 2013-04-04 10:01 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 18:21 . 2012-03-26 11:53 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-05-01 18:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 01:26 . 2012-08-17 07:34 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-13 01:26 . 2012-03-26 06:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-11 03:29 . 2012-03-26 10:25 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 06:50 . 2013-01-13 02:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 11:37 . 2013-04-02 11:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 11:37 . 2013-04-02 11:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 11:37 . 2013-04-02 11:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 11:37 . 2013-04-02 11:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 11:37 . 2013-04-02 11:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 11:37 . 2013-04-02 11:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 11:37 . 2013-04-02 11:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 11:37 . 2013-04-02 11:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 11:37 . 2013-04-02 11:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 11:37 . 2013-04-02 11:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 11:37 . 2013-04-02 11:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 11:37 . 2013-04-02 11:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 11:37 . 2013-04-02 11:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 11:37 . 2013-04-02 11:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 11:37 . 2013-04-02 11:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 11:37 . 2013-04-02 11:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 11:37 . 2013-04-02 11:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 11:37 . 2013-04-02 11:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 11:37 . 2013-04-02 11:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 11:37 . 2013-04-02 11:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 11:37 . 2013-04-02 11:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 11:37 . 2013-04-02 11:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 11:37 . 2013-04-02 11:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 11:37 . 2013-04-02 11:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 11:37 . 2013-04-02 11:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 11:37 . 2013-04-02 11:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 11:37 . 2013-04-02 11:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 11:37 . 2013-04-02 11:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 11:37 . 2013-04-02 11:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 11:37 . 2013-04-02 11:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 11:37 . 2013-04-02 11:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 11:37 . 2013-04-02 11:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 11:37 . 2013-04-02 11:37 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 11:37 . 2013-04-02 11:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 11:37 . 2013-04-02 11:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 11:37 . 2013-04-02 11:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 11:37 . 2013-04-02 11:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 11:37 . 2013-04-02 11:37 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 11:37 . 2013-04-02 11:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 11:37 . 2013-04-02 11:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 11:37 . 2013-04-02 11:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 11:37 . 2013-04-02 11:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 11:37 . 2013-04-02 11:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 11:37 . 2013-04-02 11:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 11:37 . 2013-04-02 11:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 11:37 . 2013-04-02 11:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 11:37 . 2013-04-02 11:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 11:37 . 2013-04-02 11:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 11:37 . 2013-04-02 11:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-15 05:53 . 2012-03-26 12:50 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2012-03-26 12:50 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-03-26 12:50 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-03-26 12:50 250504 ----a-w- c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2012-03-26 12:50 205184 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2012-03-26 12:50 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 04:16 . 2012-03-26 12:54 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-03-26 12:54 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-03-26 12:54 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-03-26 12:54 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2012-03-26 12:54 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-03-26 12:54 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-03-26 12:54 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2012-03-26 12:54 1016096 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-03-14 14:07 . 2013-03-14 14:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-13 18:10 . 2012-04-10 01:09 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 18:10 . 2012-03-26 06:32 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 16:24 . 2012-03-26 12:54 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-02-20 03:07 . 2013-02-20 03:07 213416 ----a-w- c:\windows\system32\drivers\eamonm.sys
2013-02-12 05:45 . 2013-03-13 04:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 04:22 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 04:22 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 04:22 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 04:22 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 04:22 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-13 07:26 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-03 16:06 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-03 16:06 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-08 00:31 . 2012-03-28 17:07 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-02-05 04:36 . 2012-12-10 13:57 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-15 1597864]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736]
"GarenaPlus"="d:\games\GarenaLoL\GameData\GarenaMessenger.exe" [2013-04-25 9827632]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-01-29 3565432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"UIExec"="c:\program files (x86)\Celcom Broadband\UIExec.exe" [2010-07-23 138552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-3-26 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/26 17:24;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-10 14448]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\GarenaLoL\GameData\Room\safedrv.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-06-03 11776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-02 743320]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-26 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-26 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-20 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-24 46792]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2013-03-15 284448]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-07-07 88704]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-03-21 1341664]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-01-10 139768]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-04-26 570664]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-04-26 390440]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-13 624856]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\config\SIONExportService.exe [2011-05-10 338208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Celcom Broadband\AssistantServices.exe [2010-07-23 255800]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-25 16768]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:10]
.
2013-05-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 22:23]
.
2013-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 22:23]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 07:27]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 07:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-09 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-09 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-09 441888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
"AutoRunExterminator"="d:\software\AutoRunExterminator.exe" [2010-05-13 47104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hao123.com/?src=maxpc
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download all by WellGet - c:\program files (x86)\WellGet\nxall.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download by &WellGet - c:\program files (x86)\WellGet\nxcatch.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{35980F6E-A258-4E50-953D-813BB8556899} - c:\program files (x86)\WellGet\WellGet.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ckcpcgj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15187
FF - user.js: extentions.y2layers.installId - 95167274-0c0f-4780-949c-56cb7b08c1d7
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Vizer VS for Win7. 1.00 - c:\windows\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{0a9136b0-5042-4697-baa9-72088f9db8a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002c
"Therad"=dword:00000014
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b9,26,b7,ad,0c,95,eb,a5,78,d3,6d,73,77,ba,10,b8,27,04,39,97,79,
3f,53,12,b6,b3,d9,59,84,15,f0,5d,70,c8,aa,86,82,6f,fc,71,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):63,df,f8,72,99,43,40,15,87,c5,18,18,b2,f1,88,23,be,65,4a,8c,f3,
1b,72,a6,63,eb,0d,06,54,b3,90,48,32,34,6d,84,8a,8e,1e,e8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{f43fba4f-daa2-4ae1-85c4-6308066b0429}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006b
"Therad"=dword:00000015
"SpecVersion"=dword:0000006b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-04 14:14:54
ComboFix-quarantined-files.txt 2013-05-04 06:14
.
Pre-Run: 39,058,853,888 bytes free
Post-Run: 38,665,453,568 bytes free
.
- - End Of File - - B37840000BA6CC173AF017F485246162

This is the new OTL log

OTL logfile created on: 4/5/2013 2:16:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Software
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

7.91 Gb Total Physical Memory | 5.10 Gb Available Physical Memory | 64.46% Memory free
15.81 Gb Paging File | 12.84 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.69 Gb Total Space | 36.11 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 79.02 Gb Free Space | 26.97% Space Free | Partition Type: NTFS
Drive G: | 13.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 21:54:21 | 000,087,344 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\GarenaTalkOverlay.exe
PRC - [2013/05/01 20:09:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Software\OTL.exe
PRC - [2013/04/27 04:58:02 | 001,280,808 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2013/04/27 04:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013/04/27 04:57:04 | 000,390,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/04/27 04:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013/04/25 20:27:51 | 009,827,632 | ---- | M] () -- D:\Games\GarenaLoL\GameData\GarenaMessenger.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/03/18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/03/15 13:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/02/04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/01/29 20:00:26 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013/01/21 17:48:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 10:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/06/28 23:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/04/13 21:40:15 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/03/26 17:29:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/07/07 16:32:30 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011/07/06 15:20:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011/06/29 16:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011/05/25 22:53:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/05/20 11:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/05/10 15:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) -- C:\ASUS.SYS\config\SIONExportService.exe
PRC - [2011/03/13 10:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010/11/23 18:31:56 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2010/11/15 10:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/07 14:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/08/17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/23 11:24:24 | 000,138,552 | ---- | M] () -- C:\Program Files (x86)\Celcom Broadband\UIExec.exe
PRC - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () -- C:\Program Files (x86)\Celcom Broadband\AssistantServices.exe
PRC - [2010/07/09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/01 21:54:21 | 001,891,120 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\Overlay.dll
MOD - [2013/05/01 21:54:21 | 000,087,344 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\GarenaTalkOverlay.exe
MOD - [2013/04/26 17:31:03 | 000,827,184 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\ggplugin.dll
MOD - [2013/04/26 17:31:02 | 000,027,952 | ---- | M] () -- D:\Games\GarenaLoL\GameData\VersionModule.dll
MOD - [2013/04/25 20:27:51 | 009,827,632 | ---- | M] () -- D:\Games\GarenaLoL\GameData\GarenaMessenger.exe
MOD - [2013/04/25 19:31:02 | 001,543,984 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\FileSender.dll
MOD - [2013/04/25 19:31:00 | 000,957,232 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\XLL.dll
MOD - [2013/04/25 19:30:56 | 000,236,336 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\PluginNews.dll
MOD - [2013/04/25 19:30:54 | 000,436,528 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\GarenaTalkPlugin.dll
MOD - [2013/04/25 19:30:53 | 000,286,000 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\DailyTaskPlugin.dll
MOD - [2013/04/25 19:30:53 | 000,133,936 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\ClanBoxPlugin.dll
MOD - [2013/04/25 19:30:43 | 000,191,280 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ggspawn.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- D:\Games\GarenaLoL\GameData\libmpg123.dll
MOD - [2013/04/10 17:22:48 | 000,794,928 | ---- | M] () -- D:\Games\GarenaLoL\GameData\gagmhook.dll
MOD - [2013/04/09 16:57:07 | 000,390,096 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013/04/09 16:57:06 | 013,130,704 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 16:57:05 | 004,050,896 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 16:56:15 | 000,598,480 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 16:56:14 | 000,124,368 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 16:56:13 | 001,606,096 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- D:\Games\GarenaLoL\GameData\CxImage.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- D:\Games\GarenaLoL\GameData\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- D:\Games\GarenaLoL\GameData\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- D:\Games\GarenaLoL\GameData\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- D:\Games\GarenaLoL\GameData\DibModule.dll
MOD - [2013/02/04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- D:\Games\GarenaLoL\GameData\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- D:\Games\GarenaLoL\GameData\CommonLib.dll
MOD - [2013/01/16 18:30:17 | 000,098,608 | ---- | M] () -- D:\Games\GarenaLoL\GameData\Plugins\PlatformPlugin.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\TaskManagerLib.dll
MOD - [2013/01/09 20:53:24 | 000,605,049 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2013/01/09 13:11:40 | 000,599,040 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/12/27 11:34:07 | 000,181,760 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\ggspawn.dll
MOD - [2012/11/30 10:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 10:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012/09/13 14:19:19 | 000,048,640 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\XmlUIModule.dll
MOD - [2012/07/27 14:59:42 | 000,010,240 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 14:59:28 | 000,061,952 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\UdtLib.dll
MOD - [2012/07/26 11:51:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ServerMemAlloc.dll
MOD - [2012/04/04 14:33:24 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012/03/16 12:51:02 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\delay_load\RSALib.dll
MOD - [2012/03/01 08:02:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- D:\Games\GarenaLoL\GameData\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- D:\Games\GarenaLoL\GameData\lib\MP3Module.dll
MOD - [2012/02/22 16:52:16 | 000,122,136 | ---- | M] () -- D:\Games\GarenaLoL\GameData\ggcode.dll
MOD - [2012/02/13 09:53:50 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011/10/18 09:54:24 | 000,097,792 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\CommonLib.dll
MOD - [2011/10/18 09:54:24 | 000,056,832 | ---- | M] () -- D:\Games\GarenaLoL\GameData\bbtalk\PluginKernel.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010/07/23 11:24:24 | 000,138,552 | ---- | M] () -- C:\Program Files (x86)\Celcom Broadband\UIExec.exe
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
MOD - [2009/04/15 15:04:38 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/01/25 14:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/27 04:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/04/27 04:57:04 | 000,390,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/04/27 04:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013/04/25 03:29:56 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/03/15 13:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/14 02:10:48 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013/01/21 17:48:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/04 10:51:05 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/17 23:49:25 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/02 21:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/13 21:40:15 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/08/31 00:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/07/07 16:32:30 | 000,088,704 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/05/10 15:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\ASUS.SYS\config\SIONExportService.exe -- (Splashtop MDES)
SRV - [2011/04/20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/03/13 10:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/01/14 15:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/07/23 11:24:20 | 000,255,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Celcom Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/26 11:26:57 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/25 03:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/03/15 13:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013/03/15 13:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/02/08 08:31:57 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/01/10 15:08:16 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/11/22 08:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/13 21:58:22 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/08/13 21:58:22 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/08/10 16:27:23 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/08/10 16:27:23 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/04/07 02:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/06/02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/05 20:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/25 17:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/17 16:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/09/17 16:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/09/17 16:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/09/17 16:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/08/24 17:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/06/03 11:14:18 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/05/19 14:12:46 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/05/19 14:12:46 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/05/19 14:12:46 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/05/25 19:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?src=maxpc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 82 47 2E D0 12 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{00EAE8D7-C9E7-42AB-A239-F7CDAB47E92E}: "URL" = http://websearch.ask...DD-48011ADD1BD5
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dis&o=15187"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.6.8
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.35
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: D:\Games\GarenaLoL\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013/04/05 01:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/27 15:59:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/02 15:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/02 15:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/05 01:11:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2013/02/14 10:54:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2013/02/14 10:54:20 | 000,000,000 | ---D | M]

[2012/03/27 11:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/03/23 01:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7ckcpcgj.default\extensions
[2013/01/13 10:15:46 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7ckcpcgj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/07/13 01:32:52 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7ckcpcgj.default\extensions\[email protected]
[2012/07/24 23:47:49 | 000,075,325 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7ckcpcgj.default\extensions\[email protected]
[2012/04/28 09:33:12 | 000,002,572 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\7ckcpcgj.default\searchplugins\askcom.xml
[2013/05/04 02:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/08 15:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/28 23:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.3_0\IDMGCExt.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Slinky Elegant = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_1\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: instant translate = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\1.7.6_0\
CHR - Extension: IDM Integration = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.9.1_0\
CHR - Extension: Smooth Scrollerator = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmicgfcegednlkdhgbhgickcgndjeeig\1.1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.9_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/05/04 14:11:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FiltrateIE Class) - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\Windows\SysWOW64\SafeIE.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AutoRunExterminator] D:\Software\AutoRunExterminator.exe (Inside Core)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Celcom Broadband\UIExec.exe ()
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GarenaPlus] D:\Games\GarenaLoL\GameData\GarenaMessenger.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download all by WellGet - C:\Program Files (x86)\WellGet\Nxall.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download by &WellGet - C:\Program Files (x86)\WellGet\NxCatch.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files (x86)\WellGet\Nxall.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download by &WellGet - C:\Program Files (x86)\WellGet\NxCatch.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files (x86)\WellGet\WellGet.exe ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7496B7-07D2-4C75-ADC0-EDA6E6B8567B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E1371F-DDF8-4C0B-8778-3411E69BF455}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/29 21:11:41 | 000,000,041 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/04 14:14:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/04 10:37:57 | 005,065,726 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/05/03 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\StarCraft II
[2013/05/01 22:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAV Filters
[2013/05/01 22:38:17 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\LAV
[2013/04/26 11:26:57 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/04/25 03:28:08 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013/04/25 03:18:34 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/04/24 00:26:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/24 00:26:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/24 00:26:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/24 00:26:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/24 00:25:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/13 09:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/05 01:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/04/05 01:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/04/05 01:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/04 18:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/04 14:11:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/04 14:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/04 13:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
[2013/05/04 13:49:25 | 005,065,726 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/05/04 13:41:33 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
[2013/05/04 13:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/04 09:20:30 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 09:20:30 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 09:12:28 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/05/04 09:12:08 | 2072,027,135 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/04 02:21:03 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/05/04 02:06:44 | 000,628,743 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/05/03 23:58:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
[2013/05/03 22:52:10 | 000,000,567 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/05/03 06:28:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
[2013/05/01 13:33:47 | 000,730,652 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/01 13:33:47 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/01 13:33:47 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/29 22:41:59 | 000,526,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/28 14:15:45 | 000,002,198 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/04/26 11:26:57 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013/04/25 03:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/04/19 21:28:06 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/04/04 20:56:58 | 000,001,294 | ---- | M] () -- C:\Windows\SysNative\SKY-202 - SkyHigh Jukujo Premium 8 (30 Women) - Ageha Kinoshita, Aiko Hirose, Arisa Ebihara, Ayami, Chika Ishihara, Emi Orihara, Emiri Senoo, Emiri Seo, Kanna Harumi, Rica, Riko Oshima, Saki Kozakura.lnk
[2013/04/04 20:50:02 | 000,001,274 | ---- | M] () -- C:\Windows\SysNative\While the Husband and Children Are Playing By the Water… a Mama Who is Having An Esthetic Treatment in a Place By the Sea Subjected to Indecent Fingering Stifles Her Voice and Quickly Becomes Inflamed .lnk
[2013/04/04 20:48:36 | 000,001,268 | ---- | M] () -- C:\Windows\SysNative\Watch Online [Cd 01] RHJ-239 - Red Hot Jam Vol.239 - Ageha Kinoshita, Chiharu Miyashita, Hikari Sakamoto, Jun, Kaoru Hirayama, Kotomi Asakura, Miina Yoshihara, Nao Yuzumiya, Nene Masaki, Sayuri Ito, Ya.lnk
[2013/04/04 18:35:40 | 000,001,812 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/04 02:06:37 | 000,628,743 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/05/03 22:52:10 | 000,000,567 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/05/03 22:52:10 | 000,000,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.lnk
[2013/04/24 00:26:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/24 00:26:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/24 00:26:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/24 00:26:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/24 00:26:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/19 21:28:06 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/02 13:42:21 | 000,007,603 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/01/19 19:12:50 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/19 19:12:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/01/13 10:12:43 | 000,005,329 | ---- | C] () -- C:\Users\user\AppData\Roaming\F421.exe
[2013/01/13 10:12:41 | 000,005,331 | ---- | C] () -- C:\Users\user\AppData\Roaming\EC82.exe
[2013/01/13 10:12:39 | 000,005,329 | ---- | C] () -- C:\Users\user\AppData\Roaming\E4C4.exe
[2013/01/13 10:12:37 | 000,005,324 | ---- | C] () -- C:\Users\user\AppData\Roaming\DD25.exe
[2013/01/01 22:07:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/11/21 21:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/10/21 23:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/13 16:13:10 | 000,045,270 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2012/08/12 19:01:11 | 000,001,830 | ---- | C] () -- C:\Users\user\AppData\Roaming\ImperatorProfile0.dat
[2012/08/12 19:01:11 | 000,001,822 | ---- | C] () -- C:\Users\user\AppData\Roaming\ImperatorProfile1.dat
[2012/07/22 19:46:35 | 000,735,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/26 14:00:54 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/19 10:33:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/08/19 10:32:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/10 15:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/17 07:23:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\2K Sports
[2012/04/17 08:37:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\7 Sticky Notes
[2013/01/13 10:14:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2012/09/01 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2012/10/17 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Autodesk
[2013/05/04 02:04:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2012/12/14 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Bioshock2
[2013/05/03 22:42:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2013/02/22 12:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DmC - Devil May Cry
[2013/05/04 14:11:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DMCache
[2012/09/26 17:08:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\fltk.org
[2012/08/08 13:24:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena
[2013/05/04 09:19:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus
[2013/04/05 10:18:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IDM
[2013/03/02 01:53:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KuGou7
[2012/03/30 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2012/03/26 17:15:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX
[2012/07/08 08:49:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mkvtoolnix
[2013/01/27 10:41:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ooVoo Details
[2012/03/26 14:43:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2012/04/29 11:39:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan
[2012/03/29 10:53:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012/10/21 23:08:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2012/08/13 22:18:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft
[2013/01/12 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xim

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:FB1B13D8

< End of report >

#6
JSntgRvr

Posted 04 May 2013 - 09:47 AM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file. [attachment=64489:CFScript.txt]

Save it next to Combofix.

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.

There are entries for two antivirus applications in your system; ESET Node32, and TrenMicro. Are both these applications active?

#7
hbnew92

Posted 05 May 2013 - 05:59 AM

Member

Topic Starter
Member
11 posts

this is the combofix log

ComboFix 13-05-04.01 - user 5/2013 Sun 16:30:01.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8096.5843 [GMT 8:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\DD25.exe
c:\users\user\AppData\Roaming\E4C4.exe
c:\users\user\AppData\Roaming\EC82.exe
c:\users\user\AppData\Roaming\F421.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-05 to 2013-05-05 )))))))))))))))))))))))))))))))
.
.
2013-05-05 09:25 . 2013-05-05 09:25 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E33E5ECE-EBED-4332-8926-275105A16032}\offreg.dll
2013-05-05 09:22 . 2013-05-05 09:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-05 09:22 . 2013-05-05 09:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-03 18:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-05-03 15:47 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E33E5ECE-EBED-4332-8926-275105A16032}\mpengine.dll
2013-05-01 14:46 . 2013-05-01 14:46 -------- d-----w- c:\program files (x86)\LAV Filters
2013-04-26 03:26 . 2013-04-26 03:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-24 19:28 . 2013-04-24 19:28 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-04-24 19:18 . 2013-04-24 19:18 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-04-24 05:02 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-13 01:26 . 2013-04-13 01:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-13 01:26 . 2013-04-13 01:26 -------- d-----w- c:\program files (x86)\Java
2013-04-12 07:24 . 2013-04-12 07:24 -------- d-----w- c:\users\fbwuser
2013-04-11 03:27 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-11 02:56 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 02:56 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 02:56 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 02:56 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 02:56 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 02:56 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 02:56 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-11 02:56 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 11:09 . 2012-03-26 11:53 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-05-01 18:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 01:26 . 2012-08-17 07:34 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-13 01:26 . 2012-03-26 06:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-11 03:29 . 2012-03-26 10:25 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 06:50 . 2013-01-13 02:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 11:37 . 2013-04-02 11:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 11:37 . 2013-04-02 11:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 11:37 . 2013-04-02 11:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 11:37 . 2013-04-02 11:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 11:37 . 2013-04-02 11:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 11:37 . 2013-04-02 11:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 11:37 . 2013-04-02 11:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 11:37 . 2013-04-02 11:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 11:37 . 2013-04-02 11:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 11:37 . 2013-04-02 11:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 11:37 . 2013-04-02 11:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 11:37 . 2013-04-02 11:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 11:37 . 2013-04-02 11:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 11:37 . 2013-04-02 11:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 11:37 . 2013-04-02 11:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 11:37 . 2013-04-02 11:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 11:37 . 2013-04-02 11:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 11:37 . 2013-04-02 11:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 11:37 . 2013-04-02 11:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 11:37 . 2013-04-02 11:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 11:37 . 2013-04-02 11:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 11:37 . 2013-04-02 11:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 11:37 . 2013-04-02 11:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 11:37 . 2013-04-02 11:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 11:37 . 2013-04-02 11:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 11:37 . 2013-04-02 11:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 11:37 . 2013-04-02 11:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 11:37 . 2013-04-02 11:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 11:37 . 2013-04-02 11:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 11:37 . 2013-04-02 11:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 11:37 . 2013-04-02 11:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 11:37 . 2013-04-02 11:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 11:37 . 2013-04-02 11:37 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 11:37 . 2013-04-02 11:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 11:37 . 2013-04-02 11:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 11:37 . 2013-04-02 11:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 11:37 . 2013-04-02 11:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 11:37 . 2013-04-02 11:37 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 11:37 . 2013-04-02 11:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 11:37 . 2013-04-02 11:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 11:37 . 2013-04-02 11:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 11:37 . 2013-04-02 11:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 11:37 . 2013-04-02 11:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 11:37 . 2013-04-02 11:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 11:37 . 2013-04-02 11:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 11:37 . 2013-04-02 11:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 11:37 . 2013-04-02 11:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 11:37 . 2013-04-02 11:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 11:37 . 2013-04-02 11:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-15 05:53 . 2012-03-26 12:50 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2012-03-26 12:50 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-03-26 12:50 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-03-26 12:50 250504 ----a-w- c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2012-03-26 12:50 205184 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2012-03-26 12:50 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 04:16 . 2012-03-26 12:54 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-03-26 12:54 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-03-26 12:54 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-03-26 12:54 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2012-03-26 12:54 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-03-26 12:54 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-03-26 12:54 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2012-03-26 12:54 1016096 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-03-14 14:07 . 2013-03-14 14:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-13 18:10 . 2012-04-10 01:09 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 18:10 . 2012-03-26 06:32 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 16:24 . 2012-03-26 12:54 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-02-20 03:07 . 2013-02-20 03:07 213416 ----a-w- c:\windows\system32\drivers\eamonm.sys
2013-02-12 05:45 . 2013-03-13 04:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 04:22 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 04:22 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 04:22 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 04:22 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 04:22 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-13 07:26 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-03 16:06 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-03 16:06 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-08 00:31 . 2012-03-28 17:07 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-02-05 04:36 . 2012-12-10 13:57 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-15 1597864]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736]
"GarenaPlus"="d:\games\GarenaLoL\GameData\GarenaMessenger.exe" [2013-04-25 9827632]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-01-29 3565432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"UIExec"="c:\program files (x86)\Celcom Broadband\UIExec.exe" [2010-07-23 138552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-3-26 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/26 17:24;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-10 14448]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\GarenaLoL\GameData\Room\safedrv.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-06-03 11776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-02 743320]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-26 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-26 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-20 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-24 46792]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2013-03-15 284448]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-07-07 88704]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-03-21 1341664]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-01-10 139768]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-04-26 570664]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-04-26 390440]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-13 624856]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\config\SIONExportService.exe [2011-05-10 338208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Celcom Broadband\AssistantServices.exe [2010-07-23 255800]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-25 16768]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:10]
.
2013-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 22:23]
.
2013-05-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 22:23]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 07:27]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4270355918-3397995266-1241077080-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 07:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-09 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-09 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-09 441888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
"AutoRunExterminator"="d:\software\AutoRunExterminator.exe" [2010-05-13 47104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hao123.com/?src=maxpc
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download all by WellGet - c:\program files (x86)\WellGet\nxall.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download by &WellGet - c:\program files (x86)\WellGet\nxcatch.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{35980F6E-A258-4E50-953D-813BB8556899} - c:\program files (x86)\WellGet\WellGet.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ckcpcgj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15187
FF - user.js: extentions.y2layers.installId - 95167274-0c0f-4780-949c-56cb7b08c1d7
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Vizer VS for Win7. 1.00 - c:\windows\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{0a9136b0-5042-4697-baa9-72088f9db8a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002c
"Therad"=dword:00000014
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b9,26,b7,ad,0c,95,eb,a5,78,d3,6d,73,77,ba,10,b8,27,04,39,97,79,
3f,53,12,b6,b3,d9,59,84,15,f0,5d,70,c8,aa,86,82,6f,fc,71,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):63,df,f8,72,99,43,40,15,87,c5,18,18,b2,f1,88,23,be,65,4a,8c,f3,
1b,72,a6,63,eb,0d,06,54,b3,90,48,32,34,6d,84,8a,8e,1e,e8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4270355918-3397995266-1241077080-1000_Classes\Wow6432Node\CLSID\{f43fba4f-daa2-4ae1-85c4-6308066b0429}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006b
"Therad"=dword:00000015
"SpecVersion"=dword:0000006b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
c:\program files (x86)\Steam\steamerrorreporter.exe
.
**************************************************************************
.
Completion time: 2013-05-05 19:12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-05 11:12
ComboFix2.txt 2013-05-04 06:14
.
Pre-Run: 33,567,657,984 bytes free
Post-Run: 33,219,985,408 bytes free
.
- - End Of File - - 984DD02285501C1793F61C7738190B15
Upload was successful

This is the Malwarebytes Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: USER-PC [administrator]

5/5/2013 7:13:08 PM
mbam-log-2013-05-05 (19-13-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288894
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8
JSntgRvr

Posted 05 May 2013 - 12:28 PM

Global Moderator

Global Moderator
11,579 posts

What have you done with the antivirus programs?

#9
hbnew92

Posted 06 May 2013 - 07:37 AM

Member

Topic Starter
Member
11 posts

am not really sure,what do you mean? anything wrong?

#10
JSntgRvr

Posted 06 May 2013 - 07:59 AM

Global Moderator

Global Moderator
11,579 posts

See post Number 6. There are indications that there are two antivirus programs active. You must remove one, although in your position I would remove both and install AVAST. If you do, run a Full Scan and sent the detections to the vault.

#11
hbnew92

Posted 06 May 2013 - 08:05 AM

Member

Topic Starter
Member
11 posts

weird... I disabled nod32,but trend micro is not even activated in the first place. but will download avast

#12
hbnew92

Posted 06 May 2013 - 10:16 AM

Member

Topic Starter
Member
11 posts

done a full scan and removed 6 items to the vault

#13
JSntgRvr

Posted 06 May 2013 - 01:48 PM

Global Moderator

Global Moderator
11,579 posts

Remember, as a rule of thumb, only one antivirus programs is to be active.

How is the computer doing?

#14
hbnew92

Posted 06 May 2013 - 11:54 PM

Member

Topic Starter
Member
11 posts

will keep that in mind,

so far doing good... the popups stopped.and computer's clean thanks a lot!,anything can be done with my external drive and USB drive files that are turned to shortcuts?