Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ACEngSvr.exe [WD-HEUR]

Started by blink10 , Jul 23 2013 03:12 PM

This topic is locked

#1
blink10

Posted 23 July 2013 - 03:12 PM

Member

Member
225 posts

I have attached my logs compiled since my sentences are garbled here

Edited by Dakeyras, 24 July 2013 - 02:32 AM.
Removed unnecessary zip file.

#2
Dakeyras

Posted 24 July 2013 - 02:33 AM

Anti-Malware Mammoth

Expert
9,772 posts

Good day.

I removed the zip file you uploaded as that is best not to be seen in public for obvious reasons eh...

Now what exactly is the problem please, is your computer infected again or not ?

#3
blink10

Posted 24 July 2013 - 05:04 AM

Member

Topic Starter
Member
225 posts

Hey Dakeyras , thanks for answering so quickly. I do not know what reasons made you believe it was dangerous in the zip file but I hope you got a copy of it because it has a large pile of logs. The problem is with the laptop and I am using my PC to send you this message now.
Last night I could not write a couple of sentences from laptop without seeing some HTML elements clouding my screen.

The problems I have encountered with the Laptop are as follows:

On startup I see the desktop after a minute or two but the pc responds about 10-15 minutes later , even the welcome tone plays after that long time.
The Laptop is very slow which prompted me to use Rkill and other programs.
Rkill found and terminated the process mentioned in the title of this topic, however no other antimalware program has detected it nor had it been removed yet.

#4
Dakeyras

Posted 25 July 2013 - 02:00 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Hey Dakeyras , thanks for answering so quickly.

You're welcome and my apologies for the delay on my behalf also...

I do not know what reasons made you believe it was dangerous in the zip file but I hope you got a copy of it because it has a large pile of logs.

I never stated it was dangerous merely not prudent to use the software you did for uploading, however I am aware of the reason why but please refrain from using such a methodology again. Plus it does make is somewhat difficult for myself to read the logs correctly regardless I obviously have the software in question to open the original zip file you uploaded.

Anyway shortly we will be working outside of the windows environment so to speak so I can try and ascertain what the problem is.

Rkill found and terminated the process mentioned in the title of this topic, however no other antimalware program has detected it nor had it been removed yet.

The file in question appears to be Asus Motherboard associated and could very well be what is known as a false positive detection. If the need we can upload it for a check at my file submission channel later on.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

Then insert the Flash/USB drive into your problem machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter[/list] Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.

#5
blink10

Posted 25 July 2013 - 04:43 PM

Member

Topic Starter
Member
225 posts

I am using my pc to upload the log. I consider it safe now to use a USBsince you suggested it.

I never stated it was dangerous merely not prudent to use the software you did for uploading

I did not consider that uploading such a file would infringe on the owner's copyright but I was mistaken.

please refrain from using such a methodology again

I surely would not

There is a couple of files that seem suspicious to me and there are some hits on google about them but I still cannot be 100% sure about:

acmon exe
alu.exe 32
atieclxx.exe
atoksd2.exe

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013
Ran by SYSTEM on 26-07-2013 00:10:21
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [USB Security] - C:\Program Files (x86)\USB Disk Security\USBGuard.exe [658632 2012-07-31] (Zbshareware Lab)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-12-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-03-20] (PC Tools)
HKU\asus\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-16] (SUPERAntiSpyware.com)
HKU\asus\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3541008 2012-12-17] (Tonec Inc.)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2010-05-31] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-03] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-03-20] (PC Tools)

==================== Drivers (Whitelisted) ====================

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-12] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-28] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-23] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-16] (Duplex Secure Ltd.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 tmlwf;
S3 tmwfp;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-26 00:09 - 2013-07-26 00:09 - 00000000 ____D C:\FRST
2013-07-24 10:59 - 2013-07-24 10:59 - 00000841 _____ C:\Users\asus\Desktop\MKKE - Shortcut.lnk
2013-07-23 17:19 - 2013-07-23 17:19 - 01008768 _____ (Bleeping Computer, LLC) C:\Users\asus\Desktop\rkill64.com
2013-07-23 16:46 - 2013-07-23 17:12 - 00000000 ____D C:\Program Files (x86)\AzTools
2013-07-23 16:46 - 2013-07-23 16:46 - 00001004 _____ C:\Users\Public\Desktop\Blueline.lnk
2013-07-23 14:27 - 2013-07-21 12:01 - 00001853 _____ C:\Users\asus\Desktop\extracted.key
2013-07-23 13:46 - 2013-07-23 13:46 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-23 13:31 - 2013-07-23 13:31 - 00001715 _____ C:\AdwCleaner[R2].txt
2013-07-23 12:45 - 2013-07-23 07:56 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\asus\Desktop\rkill.com
2013-07-23 10:47 - 2013-07-23 10:47 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 10:47 - 2013-07-23 10:47 - 00000000 ____D C:\Users\asus\AppData\Roaming\Malwarebytes
2013-07-23 10:47 - 2013-07-23 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 10:47 - 2013-07-23 10:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 10:47 - 2013-04-03 21:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-23 10:19 - 2013-02-11 01:51 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\asus\Desktop\TDSSKiller.exe
2013-07-23 10:19 - 2010-12-31 08:14 - 00002254 ____R C:\Users\asus\Desktop\eula.txt
2013-07-23 10:15 - 2013-07-23 10:15 - 02218636 _____ C:\Users\asus\Downloads\tdsskiller.zip
2013-07-23 08:50 - 2013-07-23 08:50 - 00001264 _____ C:\Users\asus\Desktop\JRT.txt
2013-07-23 08:48 - 2013-07-23 08:48 - 00000915 _____ C:\AdwCleaner[R1].txt
2013-07-23 02:00 - 2013-07-23 02:00 - 00000436 _____ C:\Windows\SysWOW64\AppLog.log
2013-07-23 01:37 - 2013-07-23 01:37 - 00024661 _____ C:\ComboFix.txt
2013-07-23 01:15 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 01:15 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 01:15 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 01:15 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 01:15 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 01:15 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 01:15 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 01:15 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 06:47 - 2013-07-22 06:47 - 00000000 ____D C:\Users\asus\AppData\Roaming\MKKE
2013-07-21 13:07 - 2013-07-21 13:07 - 00001323 _____ C:\Users\asus\Desktop\UpdateUtility-Gui - Shortcut.lnk
2013-07-21 13:04 - 2013-07-23 09:08 - 00000000 ____D C:\Users\asus\Desktop\updater2.0.1.2015.1_win_en
2013-07-21 12:26 - 2013-07-21 12:26 - 00002346 _____ C:\Users\asus\Desktop\Safe Money.lnk
2013-07-21 12:22 - 2013-07-21 12:22 - 00001148 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 12:20 - 2013-07-21 12:20 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 12:20 - 2012-05-28 22:55 - 00640344 _____ (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2013-07-21 12:20 - 2012-05-28 22:55 - 00085336 _____ (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2013-07-21 12:18 - 2013-07-21 12:18 - 00000000 ____D C:\Users\asus\Desktop\Kaspersky Internet Security 2013 bY Ayoub Gx
2013-07-21 11:57 - 2013-07-21 11:57 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 11:57 - 2013-07-21 11:57 - 00000000 ____D C:\JRT
2013-07-21 11:57 - 2013-07-20 16:24 - 00666633 _____ C:\Users\asus\Desktop\AdwCleaner.exe
2013-07-21 11:57 - 2013-07-05 15:02 - 04009167 _____ C:\Users\asus\Desktop\ServicesRepair.exe
2013-07-21 11:57 - 2013-07-02 18:08 - 00545954 _____ (Oleg N. Scherbakov) C:\Users\asus\Desktop\JRT.exe
2013-07-21 11:57 - 2013-05-05 11:38 - 07356312 _____ C:\Users\asus\Desktop\updater2.0.1.2015.1_win_en.zip
2013-07-21 11:57 - 2013-05-04 15:03 - 149483604 _____ C:\Users\asus\Desktop\Kaspersky Internet Security 2013 bY Ayoub Gx.rar
2013-07-21 11:41 - 2013-07-23 01:14 - 05091940 ____R (Swearware) C:\Users\asus\Desktop\ComboFix.exe
2013-07-21 11:40 - 2013-07-21 11:40 - 00000720 _____ C:\Users\asus\Desktop\ComboFix - Shortcut.lnk
2013-07-21 11:35 - 2013-07-25 02:24 - 00002510 _____ C:\Users\asus\Desktop\Rkill.txt
2013-07-16 03:41 - 2013-07-16 03:41 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-16 03:41 - 2013-07-16 03:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-16 03:41 - 2013-07-16 03:41 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-16 03:41 - 2013-07-16 03:41 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-16 03:41 - 2013-07-16 03:41 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-16 03:41 - 2013-07-16 03:41 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-16 03:41 - 2013-07-16 03:41 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-16 03:41 - 2013-07-16 03:41 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-16 03:41 - 2013-07-16 03:41 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-16 03:41 - 2013-07-16 03:41 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-16 03:41 - 2013-07-16 03:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-16 03:33 - 2013-07-16 03:45 - 00008069 _____ C:\Windows\IE10_main.log
2013-07-16 02:09 - 2013-07-16 02:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-16 01:51 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-16 01:51 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-16 01:32 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-16 01:32 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-16 01:12 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-15 13:31 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-15 13:31 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-26 00:09 - 2013-07-26 00:09 - 00000000 ____D C:\FRST
2013-07-25 14:07 - 2013-01-02 14:27 - 01720889 _____ C:\Windows\WindowsUpdate.log
2013-07-25 14:06 - 2011-08-10 18:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\DMCache
2013-07-25 14:06 - 2009-08-03 22:42 - 00445516 _____ C:\Windows\System32\perfh001.dat
2013-07-25 14:06 - 2009-08-03 22:42 - 00080288 _____ C:\Windows\System32\perfc001.dat
2013-07-25 14:06 - 2009-08-03 22:05 - 00544244 _____ C:\Windows\System32\perfh00C.dat
2013-07-25 14:06 - 2009-08-03 22:05 - 00095494 _____ C:\Windows\System32\perfc00C.dat
2013-07-25 14:06 - 2009-07-13 21:13 - 01880426 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-25 14:03 - 2011-01-12 23:27 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 14:00 - 2012-09-05 12:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 13:53 - 2013-01-02 14:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-25 13:49 - 2013-01-30 10:53 - 00000300 _____ C:\Windows\Tasks\RMAutoUpdate.job
2013-07-25 13:48 - 2013-01-02 21:28 - 00018765 _____ C:\Windows\setupact.log
2013-07-25 13:48 - 2011-01-12 23:58 - 00000000 ____D C:\Program Files\P4G
2013-07-25 13:48 - 2011-01-12 23:27 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 13:48 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 06:21 - 2009-07-13 20:45 - 00010240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 06:21 - 2009-07-13 20:45 - 00010240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 03:43 - 2012-11-18 06:38 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1804368602-1837804132-4114349979-1000UA.job
2013-07-25 02:24 - 2013-07-21 11:35 - 00002510 _____ C:\Users\asus\Desktop\Rkill.txt
2013-07-24 12:43 - 2012-11-18 06:38 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1804368602-1837804132-4114349979-1000Core.job
2013-07-24 10:59 - 2013-07-24 10:59 - 00000841 _____ C:\Users\asus\Desktop\MKKE - Shortcut.lnk
2013-07-23 17:19 - 2013-07-23 17:19 - 01008768 _____ (Bleeping Computer, LLC) C:\Users\asus\Desktop\rkill64.com
2013-07-23 17:12 - 2013-07-23 16:46 - 00000000 ____D C:\Program Files (x86)\AzTools
2013-07-23 16:46 - 2013-07-23 16:46 - 00001004 _____ C:\Users\Public\Desktop\Blueline.lnk
2013-07-23 15:44 - 2013-01-31 05:24 - 00000000 ____D C:\Users\asus\Desktop\pc
2013-07-23 15:44 - 2011-09-18 08:44 - 00000000 ____D C:\ProgramData\Skype
2013-07-23 13:46 - 2013-07-23 13:46 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-23 13:31 - 2013-07-23 13:31 - 00001715 _____ C:\AdwCleaner[R2].txt
2013-07-23 13:29 - 2013-01-02 14:28 - 00000000 ____D C:\Users\asus\AppData\Roaming\IDM
2013-07-23 12:21 - 2013-03-19 18:21 - 00003336 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1804368602-1837804132-4114349979-1000
2013-07-23 12:21 - 2013-02-15 09:33 - 00003200 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1804368602-1837804132-4114349979-1000
2013-07-23 12:20 - 2013-01-03 00:35 - 00020202 _____ C:\Windows\PFRO.log
2013-07-23 12:18 - 2012-09-02 11:44 - 00000000 ____D C:\Program Files (x86)\Real_SC
2013-07-23 10:47 - 2013-07-23 10:47 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 10:47 - 2013-07-23 10:47 - 00000000 ____D C:\Users\asus\AppData\Roaming\Malwarebytes
2013-07-23 10:47 - 2013-07-23 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 10:47 - 2013-07-23 10:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 10:15 - 2013-07-23 10:15 - 02218636 _____ C:\Users\asus\Downloads\tdsskiller.zip
2013-07-23 09:08 - 2013-07-21 13:04 - 00000000 ____D C:\Users\asus\Desktop\updater2.0.1.2015.1_win_en
2013-07-23 09:07 - 2013-01-28 13:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-23 08:50 - 2013-07-23 08:50 - 00001264 _____ C:\Users\asus\Desktop\JRT.txt
2013-07-23 08:48 - 2013-07-23 08:48 - 00000915 _____ C:\AdwCleaner[R1].txt
2013-07-23 07:56 - 2013-07-23 12:45 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\asus\Desktop\rkill.com
2013-07-23 04:55 - 2013-01-03 08:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\uTorrent
2013-07-23 02:00 - 2013-07-23 02:00 - 00000436 _____ C:\Windows\SysWOW64\AppLog.log
2013-07-23 02:00 - 2013-01-30 10:53 - 00000302 _____ C:\Windows\Tasks\RMSchedule.job
2013-07-23 01:37 - 2013-07-23 01:37 - 00024661 _____ C:\ComboFix.txt
2013-07-23 01:37 - 2013-01-02 13:51 - 00000000 ____D C:\Qoobox
2013-07-23 01:23 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-07-23 01:14 - 2013-07-21 11:41 - 05091940 ____R (Swearware) C:\Users\asus\Desktop\ComboFix.exe
2013-07-22 11:55 - 2011-09-18 08:44 - 00000000 ____D C:\Users\asus\AppData\Roaming\Skype
2013-07-22 06:47 - 2013-07-22 06:47 - 00000000 ____D C:\Users\asus\AppData\Roaming\MKKE
2013-07-22 06:47 - 2013-01-03 01:24 - 00000000 ____D C:\Users\asus\AppData\Local\SKIDROW
2013-07-21 13:07 - 2013-07-21 13:07 - 00001323 _____ C:\Users\asus\Desktop\UpdateUtility-Gui - Shortcut.lnk
2013-07-21 12:26 - 2013-07-21 12:26 - 00002346 _____ C:\Users\asus\Desktop\Safe Money.lnk
2013-07-21 12:22 - 2013-07-21 12:22 - 00001148 _____ C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-07-21 12:20 - 2013-07-21 12:20 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-21 12:18 - 2013-07-21 12:18 - 00000000 ____D C:\Users\asus\Desktop\Kaspersky Internet Security 2013 bY Ayoub Gx
2013-07-21 12:15 - 2012-06-16 08:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 12:01 - 2013-07-23 14:27 - 00001853 _____ C:\Users\asus\Desktop\extracted.key
2013-07-21 11:57 - 2013-07-21 11:57 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 11:57 - 2013-07-21 11:57 - 00000000 ____D C:\JRT
2013-07-21 11:40 - 2013-07-21 11:40 - 00000720 _____ C:\Users\asus\Desktop\ComboFix - Shortcut.lnk
2013-07-21 11:21 - 2013-05-25 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-07-21 11:06 - 2009-07-28 22:03 - 00000000 ____D C:\Windows\Panther
2013-07-21 11:06 - 2009-07-13 20:45 - 00451912 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-21 11:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 11:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-21 11:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-21 11:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-07-21 11:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-21 11:04 - 2013-03-12 19:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-21 11:04 - 2013-03-12 19:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-21 11:04 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 16:24 - 2013-07-21 11:57 - 00666633 _____ C:\Users\asus\Desktop\AdwCleaner.exe
2013-07-16 03:45 - 2013-07-16 03:33 - 00008069 _____ C:\Windows\IE10_main.log
2013-07-16 03:41 - 2013-07-16 03:41 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-16 03:41 - 2013-07-16 03:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-16 03:41 - 2013-07-16 03:41 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-16 03:41 - 2013-07-16 03:41 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-16 03:41 - 2013-07-16 03:41 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-16 03:41 - 2013-07-16 03:41 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-16 03:41 - 2013-07-16 03:41 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-16 03:41 - 2013-07-16 03:41 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-16 03:41 - 2013-07-16 03:41 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-16 03:41 - 2013-07-16 03:41 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-16 03:41 - 2013-07-16 03:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-16 03:41 - 2013-07-16 03:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-16 03:41 - 2013-07-16 03:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-16 02:09 - 2013-07-16 02:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-16 02:07 - 2013-03-06 02:14 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-16 01:58 - 2011-01-12 23:27 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 01:58 - 2011-01-12 23:27 - 00003600 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 13:30 - 2012-06-22 14:32 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-15 13:30 - 2011-08-10 18:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-15 13:02 - 2013-02-18 09:33 - 00000000 ____D C:\Users\asus\AppData\Local\Akamai
2013-07-05 15:02 - 2013-07-21 11:57 - 04009167 _____ C:\Users\asus\Desktop\ServicesRepair.exe
2013-07-02 18:08 - 2013-07-21 11:57 - 00545954 _____ (Oleg N. Scherbakov) C:\Users\asus\Desktop\JRT.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-15 13:24:24
Restore point made on: 2013-07-15 13:28:50
Restore point made on: 2013-07-16 03:26:31
Restore point made on: 2013-07-21 11:42:37
Restore point made on: 2013-07-21 12:20:12
Restore point made on: 2013-07-21 13:09:08
Restore point made on: 2013-07-23 01:15:36
Restore point made on: 2013-07-23 17:09:36

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3948.54 MB
Available physical RAM: 3356.11 MB
Total Pagefile: 3946.69 MB
Available Pagefile: 3346.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:154.83 GB) (Free:93.27 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:419.86 GB) (Free:378.42 GB) NTFS (Disk=0 Partition=3)
Drive f: (KINGSTON) (Removable) (Total:3.65 GB) (Free:1.04 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 783CD893)
Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)
Partition 2: (Active) - (Size=155 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=420 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)

LastRegBack: 2013-07-23 09:29

==================== End Of Log ============================

#6
Dakeyras

Posted 26 July 2013 - 04:27 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

I am using my pc to upload the log. I consider it safe now to use a USBsince you suggested it.

In this instance it is safe to do so as we are working outside of the windows environment. In the event we need to use your USB drive on the problem machine runniung in say Normal Mode we will then secure it beforehand to err on the side of caution.

I did not consider that uploading such a file would infringe on the owner's copyright but I was mistaken.

Not a problem and as I mentioned prior I am aware of the discussion you had with my esteemed colleague azarl.

I surely would not

Good.

There is a couple of files that seem suspicious to me and there are some hits on google about them but I still cannot be 100% sure about:

These also appear to be Asus related and if the need can be checked out etc.

Next:

Now some friendly advice, it appears you have thrown everything at this machine bar the proverbial kitchen sink. Never a good idea to use any specific tools unless you are trained to do so and or know what you are doing, the knock on effect of such can create a myriad of problems all told.

Have the current issues been present since the upgrade to Internet Explorer Version 10 or not ?

Next:

It appears the version of Kaspersky Internet Security you have installed is not quite legitimate at all:-

Kaspersky Internet Security 2013 bY Ayoub Gx

So if you wish for my continued assistance I am going to ask you to uninstall this per the forums terms of use. Since some problems with your machine try doing so via Safe Mode...

Let myself know when completed the above and if your machine is now able to boot into Normal Mode successfully or not. Plus provide the answer to my IE10 query and we will then go from there.

#7
blink10

Posted 26 July 2013 - 09:42 PM

Member

Topic Starter
Member
225 posts

Have the current issues been present since the upgrade to Internet Explorer Version 10 or not ?

We did update IE?? I am not a Win 7 guy yet , so I missed that one. However I downloaded IE 10 just in case and tried to install it and I was informed the current version is newer than 10. So that means IE is updated

It did not help at all with the startup speed issue and I have not noticed any other changes.
It appears the version of Kaspersky Internet Security you have installed is not quite legitimate at all

Removed and guess what! The startup issue is gone at the moment. I installed MSE instead and things are going smooth.

Do you think there is anything wrong outside of the windows environment ?

Thanks for your help

#8
Dakeyras

Posted 28 July 2013 - 05:22 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

We did update IE?? I am not a Win 7 guy yet , so I missed that one. However I downloaded IE 10 just in case and tried to install it and I was informed the current version is newer than 10. So that means IE is updated

It may have been installed/updated via Windows Update most likely if you refer to a portion of the Farbar Recovery Scan Tool log header:-

Internet Explorer Version 10

If no problems merely leave as is, in the event any issuies merely inform myself and we can perform a roll-back to IE9.

Removed and guess what! The startup issue is gone at the moment. I installed MSE instead and things are going smooth.

Good, though please from this time forward refrain from any further self fixes as this will actually hinder myself with assisting you etc.

Next:

Did MSE detect/remove anything at all ?

Next:

Do you think there is anything wrong outside of the windows environment ?

Thanks for your help

Not as far as I can ascertain(nothing particularly major anyway) apart from the dubious software I advised you remove and you're welcome!

Peer to Peer Advice:

I see µTorrent is installed. If you have used this recently, you can be fairly confident this is a principal reason your computer became infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

My friendly advice would be to uninstall the aforementioned. To be honest I have lost count of the number of machines I have dealt with over the years that became infected due to the use of P2P software...

However if you opt not to...please refrain from using them for the duration of the malware removal process, thank you.

Re-scan with OTL:

Please move the executable for OTL to the desktop, it is(was) located here:-

C:\Users\asus\Downloads\Programs\OTL.exe

In the event no longer present, re-download and save to the desktop from here.

Alternate downloads are here and here.

Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Under the Custom Scan/Fixes box cut & paste this in:-

netsvcs
baseservices
%systemdrive%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CreateRestorePoint
dir "%systemdrive%\*" /S /A:L /C

Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Answer to my MSE query.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

#9
blink10

Posted 30 July 2013 - 07:15 AM

Member

Topic Starter
Member
225 posts

How is your computer performing now, any further symptoms and or problems encountered?

Nothing major , just a temporary lag here and there.

Did MSE detect/remove anything at all ?

No not really

I see µTorrent is installed.

It has been removed now.

OTL logfile created on: 7/29/2013 10:16:14 ? - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000401 | Country: Egypt | Language: ARA | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 61.02% Memory free
7.71 Gb Paging File | 5.61 Gb Available in Paging File | 72.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 154.83 Gb Total Space | 95.67 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
Drive D: | 419.86 Gb Total Space | 378.42 Gb Free Space | 90.13% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/29 10:14:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Desktop\OTL.exe
PRC - [2013/07/12 20:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/12 07:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 07:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 07:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 07:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/17 22:01:38 | 003,541,008 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/12/12 15:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2012/07/31 11:39:14 | 000,658,632 | ---- | M] (Zbshareware Lab) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
PRC - [2012/03/21 05:23:14 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/03/21 05:23:12 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/08/18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/03/12 06:13:56 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/12/15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/10/01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 20:38:26 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009/07/31 20:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 20:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2010/07/02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/02 09:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/03/12 06:13:54 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/07 00:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2013/07/16 12:09:59 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/12 07:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/12 12:58:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 07:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 07:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 11:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/25 00:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/21 05:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/05/31 17:22:42 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 07:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/16 16:17:55 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/12/02 10:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/02 09:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/22 02:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/01 03:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/06/27 00:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 10:00:19 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/09/13 12:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/07/14 08:17:27 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/02/26 10:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/25 05:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/01/15 07:23:19 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 07:23:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 07:23:09 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/14 10:03:49 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/18 10:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/08/07 00:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 08:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = www.youtube.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ncr
IE - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://maktoob.yahoo.com/?p=us"
FF - prefs.js..extensions.enabledAddons: support%40smart-hide-ip.com:1.0
FF - prefs.js..extensions.enabledAddons: support%40platinumhideip.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...1&dt=032613&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\asus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/05 23:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/16 12:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/16 12:09:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\asus\AppData\Roaming\IDM\idmmzcc5 [2013/01/03 00:29:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/16 12:09:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/16 12:09:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\asus\AppData\Roaming\IDM\idmmzcc5 [2013/01/03 00:29:57 | 000,000,000 | ---D | M]

[2011/08/11 04:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Extensions
[2013/07/21 22:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\ej3xjgua.default\extensions
[2013/05/10 22:58:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\ej3xjgua.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/01/30 16:26:20 | 000,004,551 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\ej3xjgua.default\extensions\[email protected]
[2013/01/30 16:16:56 | 000,004,527 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\ej3xjgua.default\extensions\[email protected]
[2013/03/26 17:54:26 | 000,002,402 | ---- | M] () -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\ej3xjgua.default\searchplugins\bingp.xml
[2013/07/24 03:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/23 19:07:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/16 12:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/23 19:07:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/16 12:09:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/05 23:19:51 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://arabia.msn.co...21DHP&dt=032613
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\asus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - Extension: Google Docs = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: IDM Integration = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.9.1_0\
CHR - Extension: Skype Click to Call = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Gmail = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/21 21:49:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: ??&??? ??? OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: ?&???? ??? Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: ??&??? ??? OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: ?&???? ??? Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1804368602-1837804132-4114349979-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F2F3C83-DD01-4D7C-94F0-AEC71E2D9926}: DhcpNameServer = 10.10.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C7378C8-930C-41BC-8C86-95810DBD4544}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC036E73-C295-4CEE-8693-C6BE7F7A1DF4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/29 10:14:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\asus\Desktop\OTL.exe
[2013/07/28 19:00:53 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Registry Mechanic
[2013/07/26 18:17:13 | 001,008,768 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill64-24624.com
[2013/07/26 17:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/07/26 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/07/26 15:50:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/26 10:09:59 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/24 03:19:59 | 001,008,768 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill64.com
[2013/07/24 02:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2013/07/23 23:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/23 22:45:21 | 001,844,864 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill.com
[2013/07/23 20:47:56 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Malwarebytes
[2013/07/23 20:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/23 20:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/23 20:47:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/23 20:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/23 20:19:02 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\asus\Desktop\TDSSKiller.exe
[2013/07/23 18:27:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/23 11:37:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/23 11:15:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/23 11:15:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/23 11:15:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/22 16:47:10 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\MKKE
[2013/07/22 16:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat Komplete Edition
[2013/07/21 23:04:25 | 000,000,000 | ---D | C] -- C:\Users\asus\Desktop\updater2.0.1.2015.1_win_en
[2013/07/21 22:18:26 | 000,000,000 | ---D | C] -- C:\Users\asus\Desktop\Kaspersky Internet Security 2013 bY Ayoub Gx
[2013/07/21 21:57:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/21 21:57:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/21 21:57:25 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\asus\Desktop\JRT.exe
[2013/07/21 21:41:01 | 005,091,940 | R--- | C] (Swearware) -- C:\Users\asus\Desktop\ComboFix.exe
[2013/07/16 13:41:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/16 13:41:34 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/16 13:41:34 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/16 13:41:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/07/16 13:41:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/07/16 13:41:34 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/07/16 13:41:34 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/07/16 13:41:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/16 13:41:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/07/16 13:41:34 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/07/16 13:41:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/16 13:41:34 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/07/16 13:41:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/16 13:41:34 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/16 13:41:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/16 13:41:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/07/16 13:41:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/07/16 13:41:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/16 13:41:34 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/07/16 13:41:34 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/07/16 13:41:34 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/16 13:41:34 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/16 13:41:34 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/07/16 13:41:34 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/07/16 13:41:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/07/16 13:41:34 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/07/16 13:41:34 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/16 13:41:34 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/07/16 13:41:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/07/16 13:41:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/07/16 13:41:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/07/16 13:41:34 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/07/16 13:41:34 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/07/16 13:41:34 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/16 13:41:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/16 13:41:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/07/16 13:41:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/07/16 13:41:34 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/07/16 13:41:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/07/16 13:41:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/07/16 13:41:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/16 13:41:34 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/07/16 13:41:34 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/16 13:41:34 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/07/16 13:41:34 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/16 13:41:34 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/07/16 13:41:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/07/16 13:41:34 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/16 13:41:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/07/16 13:41:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/07/16 13:41:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/16 13:41:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/07/16 13:41:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/16 13:41:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/07/16 13:41:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/07/16 13:41:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/16 13:41:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/07/16 13:41:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/16 13:41:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/07/16 13:41:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/07/16 13:41:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/07/16 13:41:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/16 13:41:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/16 13:41:34 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/07/16 13:41:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/07/16 13:41:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/07/16 13:41:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/07/16 13:41:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/07/16 12:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/16 11:51:49 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/16 11:51:49 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/16 11:32:34 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/16 11:32:33 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/15 23:31:31 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/29 10:14:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Desktop\OTL.exe
[2013/07/29 10:05:51 | 001,880,426 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/29 10:05:51 | 000,619,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/29 10:05:51 | 000,544,244 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/07/29 10:05:51 | 000,445,516 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013/07/29 10:05:51 | 000,107,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/29 10:05:51 | 000,095,494 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/07/29 10:05:51 | 000,080,288 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013/07/29 10:04:35 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 10:04:35 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 10:03:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/29 09:58:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/29 09:57:30 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/07/29 09:57:10 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/29 09:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/29 09:56:51 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/28 22:43:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1804368602-1837804132-4114349979-1000UA.job
[2013/07/28 22:43:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1804368602-1837804132-4114349979-1000Core.job
[2013/07/28 19:36:55 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013/07/26 18:17:13 | 001,008,768 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill64-24624.com
[2013/07/26 17:15:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/24 20:59:08 | 000,000,841 | ---- | M] () -- C:\Users\asus\Desktop\MKKE - Shortcut.lnk
[2013/07/24 03:19:59 | 001,008,768 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill64.com
[2013/07/24 02:46:42 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\Blueline.lnk
[2013/07/23 20:47:45 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/23 17:56:14 | 001,844,864 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill.com
[2013/07/23 11:14:39 | 005,091,940 | R--- | M] (Swearware) -- C:\Users\asus\Desktop\ComboFix.exe
[2013/07/21 23:07:57 | 000,001,323 | ---- | M] () -- C:\Users\asus\Desktop\UpdateUtility-Gui - Shortcut.lnk
[2013/07/21 22:01:09 | 000,001,853 | ---- | M] () -- C:\Users\asus\Desktop\extracted.key
[2013/07/21 21:49:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/21 21:40:53 | 000,000,720 | ---- | M] () -- C:\Users\asus\Desktop\ComboFix - Shortcut.lnk
[2013/07/21 21:21:58 | 000,002,050 | ---- | M] () -- C:\Users\asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/21 21:06:56 | 000,451,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/21 02:24:44 | 000,666,633 | ---- | M] () -- C:\Users\asus\Desktop\AdwCleaner.exe
[2013/07/16 13:41:34 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/16 13:41:34 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/16 13:41:34 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/16 13:41:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/07/16 13:41:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/07/16 13:41:34 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/07/16 13:41:34 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/07/16 13:41:34 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/16 13:41:34 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/07/16 13:41:34 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/07/16 13:41:34 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/16 13:41:34 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/07/16 13:41:34 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/16 13:41:34 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/16 13:41:34 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/16 13:41:34 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/07/16 13:41:34 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/07/16 13:41:34 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/16 13:41:34 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/07/16 13:41:34 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/07/16 13:41:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/16 13:41:34 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/16 13:41:34 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/07/16 13:41:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/07/16 13:41:34 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/07/16 13:41:34 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/07/16 13:41:34 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/16 13:41:34 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/07/16 13:41:34 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/07/16 13:41:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/07/16 13:41:34 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/07/16 13:41:34 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/07/16 13:41:34 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/07/16 13:41:34 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/16 13:41:34 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/16 13:41:34 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/07/16 13:41:34 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/07/16 13:41:34 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/07/16 13:41:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/07/16 13:41:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/07/16 13:41:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/16 13:41:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/07/16 13:41:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/16 13:41:34 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/07/16 13:41:34 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/16 13:41:34 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/07/16 13:41:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/07/16 13:41:34 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/16 13:41:34 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/07/16 13:41:34 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/07/16 13:41:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/16 13:41:34 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/07/16 13:41:34 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/16 13:41:34 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/07/16 13:41:34 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/07/16 13:41:34 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/16 13:41:34 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/07/16 13:41:34 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/16 13:41:34 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/07/16 13:41:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/07/16 13:41:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/07/16 13:41:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/16 13:41:34 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/16 13:41:34 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/07/16 13:41:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/16 13:41:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/16 13:41:34 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/07/16 13:41:34 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/07/16 13:41:34 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/07/16 13:41:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/07/16 12:07:44 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/06 01:02:07 | 004,009,167 | ---- | M] () -- C:\Users\asus\Desktop\ServicesRepair.exe
[2013/07/03 04:08:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\asus\Desktop\JRT.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/26 17:15:32 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/07/26 17:15:25 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/07/24 20:59:08 | 000,000,841 | ---- | C] () -- C:\Users\asus\Desktop\MKKE - Shortcut.lnk
[2013/07/24 02:46:42 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\Blueline.lnk
[2013/07/24 00:27:24 | 000,001,853 | ---- | C] () -- C:\Users\asus\Desktop\extracted.key
[2013/07/23 20:47:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/23 18:38:49 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013/07/23 11:15:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/23 11:15:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/23 11:15:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/23 11:15:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/23 11:15:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/21 23:07:57 | 000,001,323 | ---- | C] () -- C:\Users\asus\Desktop\UpdateUtility-Gui - Shortcut.lnk
[2013/07/21 21:57:26 | 004,009,167 | ---- | C] () -- C:\Users\asus\Desktop\ServicesRepair.exe
[2013/07/21 21:57:25 | 000,666,633 | ---- | C] () -- C:\Users\asus\Desktop\AdwCleaner.exe
[2013/07/21 21:40:53 | 000,000,720 | ---- | C] () -- C:\Users\asus\Desktop\ComboFix - Shortcut.lnk
[2013/07/16 13:41:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/16 13:41:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/16 01:47:18 | 000,000,600 | ---- | C] () -- C:\Users\asus\PUTTY.RND
[2013/01/03 00:36:11 | 000,000,193 | ---- | C] () -- C:\Users\asus\SecurityKISSTunnel.config
[2012/12/02 09:38:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/02 09:38:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/17 17:51:18 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/09/05 21:47:31 | 000,011,134 | ---- | C] () -- C:\Windows\SysWow64\msvcr20.dll
[2012/09/05 21:40:15 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/09/05 21:40:14 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/05 21:40:14 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/05 21:40:13 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/09/05 21:40:12 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2012/09/02 21:45:11 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\kakle.dll
[2012/07/26 20:58:38 | 000,027,520 | ---- | C] () -- C:\Users\asus\AppData\Local\dt.dat
[2012/06/22 18:31:59 | 000,000,017 | ---- | C] () -- C:\Users\asus\AppData\Local\resmon.resmoncfg
[2012/05/02 12:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/06 21:30:20 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/02 22:51:10 | 000,000,000 | ---- | C] () -- C:\Users\asus\AppData\Local\{5DDD2255-504A-4E4B-8E99-F4BE1206845A}
[2011/08/11 05:01:46 | 001,867,624 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/11 04:54:26 | 000,000,612 | ---- | C] () -- C:\Windows\wafi2000.ini
[2011/08/11 04:53:47 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/08/11 04:38:20 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 15:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 15:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 15:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 15:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 14:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 15:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 15:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 15:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 15:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 15:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 15:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 14:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 15:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 15:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 14:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 15:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 15:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 15:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 15:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 15:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 15:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 15:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 15:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 14:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 15:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 15:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %systemdrive%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/01/13 09:20:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/01/13 09:10:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/01/13 09:20:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/01/13 09:10:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/01/13 09:20:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/01/13 09:10:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/01/13 09:20:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/01/13 09:10:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 13:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/04/22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/09/02 22:14:07 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/09/02 22:14:07 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2009/08/04 08:40:56 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E9D0900772B52AB3F1B0EA2BB08C4E6C -- C:\Windows\SysNative\ar-SA\services.exe.mui
[2009/08/04 08:40:56 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E9D0900772B52AB3F1B0EA2BB08C4E6C -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_3152953e7aa3aa88\services.exe.mui

< MD5 for: SERVICES.EXE-511D36F4.PF >
[2013/07/21 21:07:35 | 000,087,078 | ---- | M] () MD5=56013CDCC32920B5B82AD6ECAC774464 -- C:\Windows\Prefetch\SERVICES.EXE-511D36F4.pf

< MD5 for: SERVICES.LNK >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/09/02 22:13:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/09/02 22:14:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/09/02 22:13:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/09/02 22:14:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/08/04 08:40:55 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\SysNative\ar-SA\services.msc
[2009/08/04 08:41:06 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\SysWOW64\ar-SA\services.msc
[2009/08/04 08:40:55 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_6b94652a510d447b\services.msc
[2009/08/04 08:41:06 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_0f75c9a698afd345\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 07:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/01/13 09:20:59 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 07:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/01/13 09:20:59 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 5858-A04B
Directory of C:\
07/14/2009 07:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 07:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 07:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 07:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 07:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 07:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 07:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 07:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 07:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 07:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 07:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 07:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 07:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 07:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 07:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\asus
05/23/2011 11:02 PM <JUNCTION> Application Data [C:\Users\asus\AppData\Roaming]
05/23/2011 11:02 PM <JUNCTION> Cookies [C:\Users\asus\AppData\Roaming\Microsoft\Windows\Cookies]
05/23/2011 11:02 PM <JUNCTION> Local Settings [C:\Users\asus\AppData\Local]
05/23/2011 11:02 PM <JUNCTION> My Documents [C:\Users\asus\Documents]
05/23/2011 11:02 PM <JUNCTION> NetHood [C:\Users\asus\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/23/2011 11:02 PM <JUNCTION> PrintHood [C:\Users\asus\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/23/2011 11:02 PM <JUNCTION> Recent [C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent]
05/23/2011 11:02 PM <JUNCTION> SendTo [C:\Users\asus\AppData\Roaming\Microsoft\Windows\SendTo]
05/23/2011 11:02 PM <JUNCTION> Templates [C:\Users\asus\AppData\Roaming\Microsoft\Windows\Templates]
05/23/2011 11:02 PM <JUNCTION> ç??ê? ? §? [C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Users\asus\AppData\Local
05/23/2011 11:02 PM <JUNCTION> Application Data [C:\Users\asus\AppData\Local]
05/23/2011 11:02 PM <JUNCTION> History [C:\Users\asus\AppData\Local\Microsoft\Windows\History]
05/23/2011 11:02 PM <JUNCTION> Temporary Internet Files [C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu
05/23/2011 11:02 PM <JUNCTION> ?é ©?ê¤ [C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 File(s) 0 bytes
Directory of C:\Users\asus\Documents
05/23/2011 11:02 PM <JUNCTION> My Music [C:\Users\asus\Music]
05/23/2011 11:02 PM <JUNCTION> My Pictures [C:\Users\asus\Pictures]
05/23/2011 11:02 PM <JUNCTION> My Videos [C:\Users\asus\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 07:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 07:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 07:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 07:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 07:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 07:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 07:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 07:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 07:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 07:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 07:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 07:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 07:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 07:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 07:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 07:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 07:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 07:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 103,391,174,656 bytes free

< >

========== Files - Unicode (All) ==========
[2011/01/13 09:34:15 | 000,000,020 | ---- | M] ()(C:\Windows\ôù?) -- C:\Windows\ôùß
[2011/01/13 09:34:14 | 000,000,020 | ---- | C] ()(C:\Windows\ôù?) -- C:\Windows\ôùß

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

#10
blink10

Posted 30 July 2013 - 07:15 AM

Member

Topic Starter
Member
225 posts

OTL Extras logfile created on: 7/29/2013 10:16:14 ? - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000401 | Country: Egypt | Language: ARA | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 61.02% Memory free
7.71 Gb Paging File | 5.61 Gb Available in Paging File | 72.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 154.83 Gb Total Space | 95.67 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
Drive D: | 419.86 Gb Total Space | 378.42 Gb Free Space | 90.13% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1804368602-1837804132-4114349979-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029D8ABB-D649-4E0A-B68A-436798952851}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07077A81-E923-461C-84BD-A6C37BB27503}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{148AE5E3-C2C5-4AB7-8927-9E9D664F02A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{15604769-1B74-4F1F-A444-39BC1106FD41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18AFE69B-450C-47E7-8D37-4F5C837D97A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{25E92B76-D461-4FE9-BC08-103B0CE33D03}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2F45BB8B-4502-4C46-9D3D-1D3924706E05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39CA069C-ADB5-490C-B43F-31832498D2C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{623CBA56-9E4A-47F6-91E7-D4A45D25DFA8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{634ABED1-C16C-4F2C-88FE-D26EA4F34846}" = lport=137 | protocol=17 | dir=in | app=system |
"{69FD1E1F-143C-43F5-87AC-FD747516E36D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7EE5854F-29E6-48CE-B447-6EC067749B6B}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{81EAD7FD-9B5E-429B-8440-E694768898AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86CA2B0F-6A20-4CEC-BF93-0DD4DB91768C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{87926ACF-6B43-447A-85E5-C731C754EDF7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9061136F-A9C9-4CAE-92CD-558C7B62629D}" = lport=138 | protocol=17 | dir=in | app=system |
"{95E43FB6-088F-4F8A-B421-84D341F1208E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5B1B87B-B38F-46EE-BA2B-41328D6705B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE4E4BCC-F6BE-4FF1-A456-53DA34A5235E}" = rport=139 | protocol=6 | dir=out | app=system |
"{C52C0841-5A90-4D7A-9C88-AE07390AB574}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D21B4C3B-E5F3-456F-B780-D58BC9009CDC}" = lport=445 | protocol=6 | dir=in | app=system |
"{DB93BF88-3D82-4DA4-AC01-C4F042C0D5F7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{ED82BCFA-60AC-4E10-A840-250C0886C3FE}" = rport=138 | protocol=17 | dir=out | app=system |
"{F15D9DD2-ADD5-4352-B1F0-E265C021831F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A66678-FC28-43AB-B270-D5CC5FB4E60A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03DDF3D8-4796-45B9-A577-52BAB0984CC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{122531F5-2835-466F-8689-61E0138B84E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19F293F9-BC2E-4C15-84A6-8A595A3D4FB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22BB2A5C-47EB-48F8-9FAF-930B6AA63009}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{240517F9-5AE9-43C7-852E-2717F215BB77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2BD98C15-C054-4A41-BFE6-D5B35439455F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3185A259-E777-4690-8E44-28E8EE369E8E}" = protocol=58 | dir=out | [email protected],-28546 |
"{32ED72E5-F391-434A-83D4-2617DB4461B2}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3D3D9977-6E84-4354-B701-D836BCF77718}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3FD65A99-D76F-4140-B21F-9328FCE22F92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4428A032-04E0-4A89-B1AC-D76457589419}" = protocol=1 | dir=out | [email protected],-28544 |
"{5004F5D9-7C5A-4FA7-B4AC-A1E99E712D04}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5FD78AE8-0B0D-4297-AD50-238F923B507A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{610902CE-1C00-4EAE-957C-E3F887D83B9C}" = protocol=1 | dir=in | [email protected],-28543 |
"{64FEEA53-DC6C-4D0B-AE7B-1EE7E9E38513}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{651F002D-CBE6-4831-A0DB-347E989F3FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6652D30F-4094-41F4-BDC3-E0D321836761}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{69568ADF-B666-4A2F-877E-927BBB2790CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D6D0BA5-0AAE-4629-9077-8D4366747BCE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{79B296E3-F8B2-443D-9CA6-281415EF5FF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E9F6A9B-8B75-4A8C-AA6C-D44A2A6E8609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7EC87C3B-5356-4A58-BD03-98F5F6E467B2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9A0A8B0B-3D01-4D7C-9CF1-086454374995}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9ABA4E2B-2D09-457C-90BB-635A1D098301}" = dir=in | app=c:\users\asus\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9F5A7805-0758-453A-B76C-55F43D13DC02}" = protocol=6 | dir=out | app=system |
"{A6247633-CA59-4264-A6E5-6D0740094E5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABB4F2C3-4697-40DE-BC55-64BBB9B1C6BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B829F6B0-6F73-4A2F-9065-9C53D6070828}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C62B3ED5-5FFF-44A9-A627-C822B8C27B72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C77A6B7D-85C5-47E2-9B1D-39260073B047}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C989161F-B6A2-4EB7-AD6C-42AA35B275E3}" = protocol=58 | dir=in | [email protected],-28545 |
"{CCA1EC42-6408-4262-B8BE-3C04AD3D449C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E23DD1EA-FE21-4F37-8936-5B26AB2B0AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E2964925-2046-436F-85F1-BD42C4EE5184}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E40E200A-EBD4-48F0-AAAE-D3120ACCD094}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF5F3E8A-3AEC-4930-B3DD-72CC350CC5E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{13AEB91E-2D95-402D-9B1A-57D7850C8E22}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{3FFF8E34-63C9-4490-A1E5-B24D3ED48BEB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{4287ECDC-4C34-4BA5-BBDA-DC32A82395E7}D:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"TCP Query User{84F43F74-61EA-4B71-B0CE-BB785C45EDC0}C:\users\asus\desktop\ball\u1210.exe" = protocol=6 | dir=in | app=c:\users\asus\desktop\ball\u1210.exe |
"TCP Query User{9ABED5DE-FB33-4F75-9955-AEDFA4A89AE3}C:\users\asus\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A53F08E9-3686-47FD-BDC2-62D4E1E0B5FE}D:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe |
"TCP Query User{A671A850-7E41-46A8-9C4D-C246C0972E44}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B676C651-067A-42C0-AB48-8A6DAF68338B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{C47761C6-B609-4F3F-A870-653F8BE94C67}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{EE2B031B-6B3E-4135-8669-E7CDB3A9239C}D:\kombat\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=6 | dir=in | app=d:\kombat\mortal kombat komplete edition\disccontentpc\mkke.exe |
"UDP Query User{04F31D02-49C6-4F56-A8C8-E3F955DA827C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{3218714D-E706-4D58-85E4-D3D5115EED3F}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{6A7071D2-1F4B-40EF-A2B5-DC22F3CDE8D7}D:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\r.g. mechanics\assassin's creed iii\ac3sp.exe |
"UDP Query User{6B50164E-3C5B-423E-92BA-F3C4C28FEE62}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7AD2FF59-DE31-4A53-B001-7788AE0F8530}D:\kombat\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=17 | dir=in | app=d:\kombat\mortal kombat komplete edition\disccontentpc\mkke.exe |
"UDP Query User{84B26E13-35B4-4310-9E81-1D6FBEB7C80C}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B26D6DBD-4AB0-4AD4-BE6C-6BA17EA0A6CD}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{B6EA343B-3BB4-4E4F-9250-674917463AC6}D:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"UDP Query User{BBC38D50-9C34-402D-A8C2-8778156A5672}C:\users\asus\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C15174DF-C3C8-4EE8-A98B-87D9C679909E}C:\users\asus\desktop\ball\u1210.exe" = protocol=17 | dir=in | app=c:\users\asus\desktop\ball\u1210.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2E414A76-E6A7-3504-4235-29EAB3FE1F7A}" = ATI AVIVO64 Codecs
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{3DB84568-DD0E-401F-BC21-CE24720A0C5B}" = Microsoft Security Client
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFDADCB2-8C17-E480-A8D5-724CEA1F0676}" = AMD Drag and Drop Transcoding
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
"85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = ??? ????? Apple
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{55215295-A76A-4BFD-BB8E-26EA0F3CD8AA}" = The Punisher
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = Catalyst Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"{FECB3E96-76A8-45A9-B73C-D7304DE02190}_is1" = 12.0.0.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Blueline_is1" = Blueline 1.1.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader 5.1
"Golden Al-Wafi Translator (By DR.Ahmed Saker)_is1" = Golden Al-Wafi Translator 1.12
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"Internet Download Manager" = Internet Download Manager
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.52
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mortal Kombat Komplete Edition_is1" = Mortal Kombat Komplete Edition
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Registry Recycler_is1" = Registry Recycler
"USB Disk Security_is1" = USB Disk Security
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zello" = Zello 1.22.0.0
"???? ????????" = ???? ???????? 5.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1804368602-1837804132-4114349979-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2013 08:08:12 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\asus\downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/23/2013 08:08:15 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\asus\downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/23/2013 08:08:16 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\asus\downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/23/2013 08:08:18 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\asus\downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/23/2013 08:08:19 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\asus\downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/23/2013 08:46:32 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\asus\Downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/23/2013 08:54:17 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\asus\Downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/25/2013 10:18:41 ? | Computer Name = asus-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/26/2013 05:47:58 ? | Computer Name = asus-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MKKE.exe, version: 0.0.0.0, time stamp:
0x51d32431 Faulting module name: MKKE.exe, version: 0.0.0.0, time stamp: 0x51d32431
Exception
code: 0xc0000005 Fault offset: 0x00477d22 Faulting process id: 0x125c Faulting application
start time: 0x01ce8a4967441dfe Faulting application path: D:\kombat\Mortal Kombat
Komplete Edition\DiscContentPC\MKKE.exe Faulting module path: D:\kombat\Mortal Kombat
Komplete Edition\DiscContentPC\MKKE.exe Report Id: 08ffb857-f63d-11e2-8906-74f06dc3267c

Error - 7/27/2013 03:35:21 ? | Computer Name = asus-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 22.0.0.4917, time
stamp: 0x51c06b1b Faulting module name: xul.dll, version: 22.0.0.4917, time stamp:
0x51c06a5b Exception code: 0xc0000005 Fault offset: 0x00173668 Faulting process id:
0x9e4 Faulting application start time: 0x01ce8affeef26ffb Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: ac4c257e-f6f3-11e2-8aca-74f06dc3267c

[ System Events ]
Error - 7/27/2013 02:48:50 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7000
Description = The BuddyVM service failed to start due to the following error: %%3

Error - 7/27/2013 02:49:01 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt

Error - 7/28/2013 12:27:42 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7000
Description = The BuddyVM service failed to start due to the following error: %%3

Error - 7/28/2013 12:27:53 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt

Error - 7/28/2013 02:15:17 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7000
Description = The BuddyVM service failed to start due to the following error: %%3

Error - 7/28/2013 02:15:28 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt

Error - 7/28/2013 02:26:32 ? | Computer Name = asus-PC | Source = DCOM | ID = 10010
Description =

Error - 7/29/2013 03:57:18 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7000
Description = The BuddyVM service failed to start due to the following error: %%3

Error - 7/29/2013 03:57:29 ? | Computer Name = asus-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt

Error - 7/29/2013 04:02:41 ? | Computer Name = asus-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >

#11
Dakeyras

Posted 31 July 2013 - 03:03 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Nothing major , just a temporary lag here and there.

Acknowledged, this may be a factor also:-

The driver detected a controller error on \Device\Harddisk1\DR1.

However we can address this in due course.

No not really

Either something was or not, you will have to be more specific than that. To double check as follows...

Click on Start(Windows 7 Orb) >> Control Panel >> Administrative Tools >> Event Viewer >> Windows Logs >> System

Locate:-

Source= Microsoft Antimalware Event ID=1001 (scan finished)

It has been removed now.

Good, a prudent move on your behalf.

Next:

I have no idea what this installed software may be:-

???? ???????? 5.6

So please check for myself and report back in your next reply. Also why exactly do you have SecurityKISS Tunnel installed ?

Now please go to Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Internet Download Manager <-- Has undesirable characteristics.
PC Tools Registry Mechanic <-- Such registry tweaking software does more harm than good and has the capability of rendering a machine little more than a expensive doorstop!
Registry Recycler <-- As above.
SUPERAntiSpyware <-- This will hinder the malware removal process. You may reinstall when I give the all clear if you so wish but my advice would be to keep as a on-demand scanner only.

To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

Please download this tool from Microsoft and save to the desktop.
Right-click on MGADiag.exe and select Run as Administrator.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

CKScanner:

Please download CKScanner from here to the desktop.

Make sure that CKScanner.exe is on the the Desktop before running the application!

Right-click on CKScanner.exe and select Run as Administrator, then click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Double-click on the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

#12
blink10

Posted 31 July 2013 - 12:32 PM

Member

Topic Starter
Member
225 posts

Either something was or not, you will have to be more specific than that.

There was no event ID with that number

I have no idea what this installed software may be:-

???? ???????? 5.6

Neither do I , but I removed it anyway.
its name was written in another language but It says it is an audio files converter. As far as I know no one has used that. I am sayig no one because I am not the only user operating on that laptop and in fact I have not used it since the 8th of March.

Internet Download Manager

Gone

PC Tools Registry Mechanic

Error 5 : cant uninstall.

There seems to be something wrong with the uninstall file.

Registry Recycler

It was not even there. I might have removed it back in March.

SUPERAntiSpyware

Gone , though I was using it as on demand scanner only.

How about Malwarebytes? I got it working on a full protection trial mode

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
Windows Product ID: 00359-OEM-8992687-00007
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {1CBFC400-9198-474C-93D6-AA33EE3DACE4}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1CBFC400-9198-474C-93D6-AA33EE3DACE4}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-1804368602-1837804132-4114349979</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.</Manufacturer><Model>K52JU</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K52JU.204</Version><SMBIOSVersion major="2" minor="6"/><Date>20101201000000.000000+000</Date></BIOS><HWID>45883A07018400FC</HWID><UserLCID>0401</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Egypt Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65672</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
Installation ID: 091775711966828032837573221252183903977746001530727796
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 9YQTR
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 7/31/2013 04:42:40 ?

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:25:2013 16:19
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: OAAAAAIAAQABAAEAAQACAAAABQABAAEA6GGEqhwpoVj6QlrRjoDhIWI9FC/ANvjAmjV+5trkXF0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC _ASUS_ Notebook
FACP _ASUS_ Notebook
DBGP _ASUS_ Notebook
HPET _ASUS_ Notebook
MCFG _ASUS_ Notebook
ECDT _ASUS_ Notebook
SLIC _ASUS_ Notebook
SSDT PmRef CpuPm

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\ubisoft\ubisoft game launcher\uplay.exe
scanner sequence 3.JD.11.SOAPNW
----- EOF -----